solid-connection · nayonsoso · Jul 18, 2025 · Jul 13, 2025 · Jul 13, 2025 · Jul 13, 2025
@@ -4,28 +4,36 @@
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.userdetails.UserDetails;
 
-public abstract class JwtAuthentication extends AbstractAuthenticationToken {
+public class TokenAuthentication extends AbstractAuthenticationToken {
 
-    private final String credentials;
+    private final Object principal; // 인증 주체
 
-    private final Object principal;
+    private final String credentials; // 증명 수단
 
-    public JwtAuthentication(String token, Object principal) {
+    public TokenAuthentication(String token) {
+        super(Collections.emptyList());
+        this.principal = null;
+        this.credentials = token;
+        setAuthenticated(false);
+    }
+
+    public TokenAuthentication(String token, Object principal) {
         super(principal instanceof UserDetails ?
                       ((UserDetails) principal).getAuthorities() :
                       Collections.emptyList());
-        this.credentials = token;
         this.principal = principal;
+        this.credentials = token;
+        setAuthenticated(true);
     }
 
     @Override
-    public Object getCredentials() {
-        return this.credentials;
+    public Object getPrincipal() {
+        return this.principal;
     }
 
     @Override
-    public Object getPrincipal() {
-        return this.principal;
+    public Object getCredentials() {
+        return this.credentials;
     }
 
     public final String getToken() {

@@ -1,8 +1,6 @@
-package com.example.solidconnection.security.provider;
+package com.example.solidconnection.security.authentication;
 
 import com.example.solidconnection.auth.service.TokenProvider;
-import com.example.solidconnection.security.authentication.JwtAuthentication;
-import com.example.solidconnection.security.authentication.SiteUserAuthentication;
 import com.example.solidconnection.security.userdetails.SiteUserDetails;
 import com.example.solidconnection.security.userdetails.SiteUserDetailsService;
 import lombok.RequiredArgsConstructor;
@@ -13,23 +11,23 @@
 
 @Component
 @RequiredArgsConstructor
-public class SiteUserAuthenticationProvider implements AuthenticationProvider {
+public class TokenAuthenticationProvider implements AuthenticationProvider {
 
     private final SiteUserDetailsService siteUserDetailsService;
     private final TokenProvider tokenProvider;
 
     @Override
     public Authentication authenticate(Authentication auth) throws AuthenticationException {
-        JwtAuthentication jwtAuth = (JwtAuthentication) auth;
-        String token = jwtAuth.getToken();
+        TokenAuthentication tokenAuth = (TokenAuthentication) auth;
+        String token = tokenAuth.getToken();
 
         String username = tokenProvider.parseSubject(token);
         SiteUserDetails userDetails = (SiteUserDetails) siteUserDetailsService.loadUserByUsername(username);
-        return new SiteUserAuthentication(token, userDetails);
+        return new TokenAuthentication(token, userDetails);
     }
 
     @Override
     public boolean supports(Class<?> authentication) {
-        return SiteUserAuthentication.class.isAssignableFrom(authentication);
+        return TokenAuthentication.class.isAssignableFrom(authentication);
     }
 }
@@ -1,6 +1,6 @@
 package com.example.solidconnection.security.config;
 
-import com.example.solidconnection.security.provider.SiteUserAuthenticationProvider;
+import com.example.solidconnection.security.authentication.TokenAuthenticationProvider;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -11,12 +11,12 @@
 @Configuration
 public class AuthenticationManagerConfig {
 
-    private final SiteUserAuthenticationProvider siteUserAuthenticationProvider;
+    private final TokenAuthenticationProvider tokenAuthenticationProvider;
 
     @Bean
     public AuthenticationManager authenticationManager() {
         return new ProviderManager(
-                siteUserAuthenticationProvider
+                tokenAuthenticationProvider
         );
     }
 }
@@ -5,7 +5,7 @@
 import com.example.solidconnection.common.exception.CustomAccessDeniedHandler;
 import com.example.solidconnection.common.exception.CustomAuthenticationEntryPoint;
 import com.example.solidconnection.security.filter.ExceptionHandlerFilter;
-import com.example.solidconnection.security.filter.JwtAuthenticationFilter;
+import com.example.solidconnection.security.filter.TokenAuthenticationFilter;
 import com.example.solidconnection.security.filter.SignOutCheckFilter;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
@@ -30,7 +30,7 @@ public class SecurityConfiguration {
     private final CorsProperties corsProperties;
     private final ExceptionHandlerFilter exceptionHandlerFilter;
     private final SignOutCheckFilter signOutCheckFilter;
-    private final JwtAuthenticationFilter jwtAuthenticationFilter;
+    private final TokenAuthenticationFilter tokenAuthenticationFilter;
     private final CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
     private final CustomAccessDeniedHandler customAccessDeniedHandler;
 
@@ -69,8 +69,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                         .authenticationEntryPoint(customAuthenticationEntryPoint)
                         .accessDeniedHandler(customAccessDeniedHandler)
                 )
-                .addFilterBefore(jwtAuthenticationFilter, BasicAuthenticationFilter.class)
-                .addFilterBefore(signOutCheckFilter, JwtAuthenticationFilter.class)
+                .addFilterBefore(tokenAuthenticationFilter, BasicAuthenticationFilter.class)
+                .addFilterBefore(signOutCheckFilter, TokenAuthenticationFilter.class)
                 .addFilterBefore(exceptionHandlerFilter, SignOutCheckFilter.class)
                 .build();
     }

@@ -3,6 +3,7 @@
 import static com.example.solidconnection.common.exception.ErrorCode.USER_ALREADY_SIGN_OUT;
 
 import com.example.solidconnection.common.exception.CustomException;
+import com.example.solidconnection.security.infrastructure.AuthorizationHeaderParser;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;

@@ -1,7 +1,7 @@
 package com.example.solidconnection.security.filter;
 
-import com.example.solidconnection.security.authentication.JwtAuthentication;
-import com.example.solidconnection.security.authentication.SiteUserAuthentication;
+import com.example.solidconnection.security.authentication.TokenAuthentication;
+import com.example.solidconnection.security.infrastructure.AuthorizationHeaderParser;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
@@ -19,7 +19,7 @@
 
 @Component
 @RequiredArgsConstructor
-public class JwtAuthenticationFilter extends OncePerRequestFilter {
+public class TokenAuthenticationFilter extends OncePerRequestFilter {
 
     private final AuthenticationManager authenticationManager;
     private final AuthorizationHeaderParser authorizationHeaderParser;
@@ -34,14 +34,10 @@ public void doFilterInternal(@NonNull HttpServletRequest request,
             return;
         }
 
-        JwtAuthentication authToken = createAuthentication(token.get());
+        TokenAuthentication authToken = new TokenAuthentication(token.get());
         Authentication auth = authenticationManager.authenticate(authToken);
         SecurityContextHolder.getContext().setAuthentication(auth);
 
         filterChain.doFilter(request, response);
     }
-
-    private JwtAuthentication createAuthentication(String token) {
-        return new SiteUserAuthentication(token);
-    }
 }
@@ -1,4 +1,4 @@
-package com.example.solidconnection.security.filter;
+package com.example.solidconnection.security.infrastructure;
 
 import jakarta.servlet.http.HttpServletRequest;
 import java.util.Optional;

@@ -3,11 +3,12 @@
 import static com.example.solidconnection.common.exception.ErrorCode.AUTHENTICATION_FAILED;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.junit.jupiter.api.Assertions.assertAll;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 
 import com.example.solidconnection.common.exception.CustomException;
-import com.example.solidconnection.security.authentication.SiteUserAuthentication;
+import com.example.solidconnection.security.authentication.TokenAuthentication;
 import com.example.solidconnection.security.userdetails.SiteUserDetails;
 import com.example.solidconnection.siteuser.domain.SiteUser;
 import com.example.solidconnection.siteuser.fixture.SiteUserFixture;
@@ -87,8 +88,8 @@ class security_context_에_저장된_사용자가_없는_경우 {
         }
     }
 
-    private SiteUserAuthentication createAuthenticationWithUser(SiteUser siteUser) {
+    private TokenAuthentication createAuthenticationWithUser(SiteUser siteUser) {
         SiteUserDetails userDetails = new SiteUserDetails(siteUser);
-        return new SiteUserAuthentication("token", userDetails);
+        return new TokenAuthentication("token", userDetails);
     }
 }
@@ -1,4 +1,4 @@
-package com.example.solidconnection.security.provider;
+package com.example.solidconnection.security.authentication;
 
 import static com.example.solidconnection.common.exception.ErrorCode.AUTHENTICATION_FAILED;
 import static com.example.solidconnection.common.exception.ErrorCode.INVALID_TOKEN;
@@ -8,7 +8,6 @@
 
 import com.example.solidconnection.auth.token.config.JwtProperties;
 import com.example.solidconnection.common.exception.CustomException;
-import com.example.solidconnection.security.authentication.SiteUserAuthentication;
 import com.example.solidconnection.security.userdetails.SiteUserDetails;
 import com.example.solidconnection.siteuser.domain.SiteUser;
 import com.example.solidconnection.siteuser.fixture.SiteUserFixture;
@@ -26,10 +25,10 @@
 
 @TestContainerSpringBootTest
 @DisplayName("사용자 인증정보 provider 테스트")
-class SiteUserAuthenticationProviderTest {
+class TokenAuthenticationProviderTest {
 
     @Autowired
-    private SiteUserAuthenticationProvider siteUserAuthenticationProvider;
+    private TokenAuthenticationProvider tokenAuthenticationProvider;
 
     @Autowired
     private JwtProperties jwtProperties;
@@ -47,24 +46,24 @@ void setUp() {
     @Test
     void 처리할_수_있는_타입인지를_반환한다() {
         // given
-        Class<?> supportedType = SiteUserAuthentication.class;
+        Class<?> supportedType = TokenAuthentication.class;
         Class<?> notSupportedType = PasswordAuthentication.class;
 
         // when & then
         assertAll(
-                () -> assertThat(siteUserAuthenticationProvider.supports(supportedType)).isTrue(),
-                () -> assertThat(siteUserAuthenticationProvider.supports(notSupportedType)).isFalse()
+                () -> assertThat(tokenAuthenticationProvider.supports(supportedType)).isTrue(),
+                () -> assertThat(tokenAuthenticationProvider.supports(notSupportedType)).isFalse()
         );
     }
 
     @Test
     void 유효한_토큰이면_정상적으로_인증_정보를_반환한다() {
         // given
         String token = createValidToken(user.getId());
-        SiteUserAuthentication auth = new SiteUserAuthentication(token);
+        TokenAuthentication auth = new TokenAuthentication(token);
 
         // when
-        Authentication result = siteUserAuthenticationProvider.authenticate(auth);
+        Authentication result = tokenAuthenticationProvider.authenticate(auth);
 
         // then
         assertThat(result).isNotNull();
@@ -80,21 +79,22 @@ class 예외가_발생한다 {
         @Test
         void 유효하지_않은_토큰이면_예외가_발생한다() {
             // given
-            SiteUserAuthentication expiredAuth = new SiteUserAuthentication(createExpiredToken());
+            TokenAuthentication expiredAuth = new TokenAuthentication(createExpiredToken());
 
             // when & then
-            assertThatCode(() -> siteUserAuthenticationProvider.authenticate(expiredAuth))
+            assertThatCode(() -> tokenAuthenticationProvider.authenticate(expiredAuth))
                     .isInstanceOf(CustomException.class)
                     .hasMessageContaining(INVALID_TOKEN.getMessage());
         }
 
         @Test
         void 사용자_정보의_형식이_다르면_예외가_발생한다() {
             // given
-            SiteUserAuthentication wrongSubjectTypeAuth = new SiteUserAuthentication(createWrongSubjectTypeToken());
+            TokenAuthentication wrongSubjectTypeAuth = new TokenAuthentication(
+                    createWrongSubjectTypeToken());
 
             // when & then
-            assertThatCode(() -> siteUserAuthenticationProvider.authenticate(wrongSubjectTypeAuth))
+            assertThatCode(() -> tokenAuthenticationProvider.authenticate(wrongSubjectTypeAuth))
                     .isInstanceOf(CustomException.class)
                     .hasMessageContaining(INVALID_TOKEN.getMessage());
         }
@@ -104,10 +104,10 @@ class 예외가_발생한다 {
             // given
             long notExistingUserId = user.getId() + 100;
             String token = createValidToken(notExistingUserId);
-            SiteUserAuthentication auth = new SiteUserAuthentication(token);
+            TokenAuthentication auth = new TokenAuthentication(token);
 
             // when & then
-            assertThatCode(() -> siteUserAuthenticationProvider.authenticate(auth))
+            assertThatCode(() -> tokenAuthenticationProvider.authenticate(auth))
                     .isInstanceOf(CustomException.class)
                     .hasMessageContaining(AUTHENTICATION_FAILED.getMessage());
         }