CampusTable · Chuseok22 · Jan 12, 2026 · Jan 5, 2026 · Jan 6, 2026 · Jan 6, 2026
diff --git a/.github/workflows/spring-boot-cicd.yml b/.github/workflows/spring-boot-cicd.yml
@@ -3,7 +3,7 @@ name: spring-boot-cicd
 on:
   push:
     branches:
-#      - main
+      - main
 
 env:
   PROJECT_NAME: campus-table

diff --git a/CT-auth/build.gradle.kts b/CT-auth/build.gradle.kts
@@ -13,8 +13,19 @@ tasks.jar {
 
 dependencies {
   implementation(project(":CT-common"))
+  implementation(project(":CT-member"))
+  implementation(project(":CT-redis"))
 
+  // Spring Security
   api(libs.spring.boot.starter.security)
-  api(libs.spring.security.test)
+  implementation(libs.spring.security.test)
+
+  // JWT
+  implementation(libs.jjwt.api)
+  runtimeOnly(libs.jjwt.impl)
+  runtimeOnly(libs.jjwt.jackson)
+
+  // Sejong Portal Login
+  implementation(libs.sejong.portal.login)
 }
 
diff --git a/CT-auth/src/main/kotlin/com/chuseok22/ctauth/core/token/TokenProvider.kt b/CT-auth/src/main/kotlin/com/chuseok22/ctauth/core/token/TokenProvider.kt
@@ -0,0 +1,31 @@
+package com.chuseok22.ctauth.core.token
+
+import java.util.*
+
+interface TokenProvider {
+
+  /**
+   * accessToken 생성
+   */
+  fun createAccessToken(memberId: String): String
+
+  /**
+   * refreshToken 생성
+   */
+  fun createRefreshToken(memberId: String): String
+
+  /**
+   * 토큰 유효 검사
+   */
+  fun isValidToken(token: String): Boolean
+
+  /**
+   * 토큰에서 memberId 파싱
+   */
+  fun getMemberId(token: String): String
+
+  /**
+   * 토큰 만료시간 반환 (ms)
+   */
+  fun getExpiredAt(token: String): Date
+}
diff --git a/CT-auth/src/main/kotlin/com/chuseok22/ctauth/core/token/TokenStore.kt b/CT-auth/src/main/kotlin/com/chuseok22/ctauth/core/token/TokenStore.kt
@@ -0,0 +1,14 @@
+package com.chuseok22.ctauth.core.token
+
+interface TokenStore {
+
+  /**
+   * 리프레시 토큰을 주어진 Key로 저장하고 TTL(ms) 설정
+   */
+  fun save(key: String, refreshToken: String, ttlMillis: Long)
+
+  /**
+   * Key에 해당하는 리프레시 토큰 삭제
+   */
+  fun remove(key: String)
+}
diff --git a/CT-auth/src/main/kotlin/com/chuseok22/ctauth/core/user/UserPrincipal.kt b/CT-auth/src/main/kotlin/com/chuseok22/ctauth/core/user/UserPrincipal.kt
@@ -0,0 +1,19 @@
+package com.chuseok22.ctauth.core.user
+
+interface UserPrincipal {
+
+  /**
+   * 회원 고유 ID
+   */
+  fun getMemberId(): String
+
+  /**
+   * 로그인 ID
+   */
+  fun getUsername(): String
+
+  /**
+   * 사용자 권한
+   */
+  fun getRoles(): List<String>
+}
diff --git a/CT-auth/src/main/kotlin/com/chuseok22/ctauth/infrastructure/config/JwtConfig.kt b/CT-auth/src/main/kotlin/com/chuseok22/ctauth/infrastructure/config/JwtConfig.kt
@@ -0,0 +1,45 @@
+package com.chuseok22.ctauth.infrastructure.config
+
+import com.chuseok22.ctauth.infrastructure.jwt.JwtProvider
+import com.chuseok22.ctauth.infrastructure.jwt.JwtStore
+import com.chuseok22.ctauth.infrastructure.properties.JwtProperties
+import io.jsonwebtoken.io.Decoders
+import io.jsonwebtoken.security.Keys
+import org.springframework.boot.context.properties.EnableConfigurationProperties
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.data.redis.core.RedisTemplate
+import javax.crypto.SecretKey
+
+@Configuration
+@EnableConfigurationProperties(JwtProperties::class)
+class JwtConfig(
+  private val properties: JwtProperties
+) {
+
+  /**
+   * JWT 서명에 사용할 secretKey 생성
+   * base64로 인코딩 된 secretKey를 디코딩해서 SecretKey 객체 생성
+   */
+  @Bean
+  fun jwtSecretKey(): SecretKey {
+    val keyBytes: ByteArray = Decoders.BASE64.decode(properties.secretKey)
+    return Keys.hmacShaKeyFor(keyBytes)
+  }
+
+  /**
+   * TokenProvider 구현체 Bean 등록
+   */
+  @Bean
+  fun jwtProvider(jwtSecretKey: SecretKey): JwtProvider {
+    return JwtProvider(jwtSecretKey, properties)
+  }
+
+  /**
+   * TokenStore 구현체 Bean 등록
+   */
+  @Bean
+  fun jwtStore(redisTemplate: RedisTemplate<String, String>): JwtStore {
+    return JwtStore(redisTemplate)
+  }
+}
diff --git a/CT-auth/src/main/kotlin/com/chuseok22/ctauth/infrastructure/config/SecurityConfig.kt b/CT-auth/src/main/kotlin/com/chuseok22/ctauth/infrastructure/config/SecurityConfig.kt
@@ -0,0 +1,58 @@
+package com.chuseok22.ctauth.infrastructure.config
+
+import com.chuseok22.ctauth.core.token.TokenProvider
+import com.chuseok22.ctauth.infrastructure.constant.SecurityUrls
+import com.chuseok22.ctauth.infrastructure.filter.TokenAuthenticationFilter
+import com.chuseok22.ctmember.application.MemberService
+import com.fasterxml.jackson.databind.ObjectMapper
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.http.SessionCreationPolicy
+import org.springframework.security.web.SecurityFilterChain
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
+
+@Configuration
+@EnableWebSecurity
+class SecurityConfig(
+  private val tokenProvider: TokenProvider,
+  private val memberService: MemberService,
+  private val objectMapper: ObjectMapper
+) {
+  /**
+   * SecurityFilterChain 설정
+   */
+  @Bean
+  fun filterChain(http: HttpSecurity, tokenAuthenticationFilter: TokenAuthenticationFilter): SecurityFilterChain {
+    return http
+      .cors {}
+      .csrf { it.disable() }
+      .httpBasic { it.disable() }
+      .formLogin { it.disable() }
+
+      .authorizeHttpRequests { authorize ->
+        authorize
+          // AUTH_WHITELIST 에 등록된 URL은 인증 허용
+          .requestMatchers(*SecurityUrls.AUTH_WHITELIST.toTypedArray()).permitAll()
+          .anyRequest().authenticated()
+      }
+
+      // 세션 설정 (STATELESS)
+      .sessionManagement { session ->
+        session
+          .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+      }
+
+      .addFilterBefore(
+        tokenAuthenticationFilter,
+        UsernamePasswordAuthenticationFilter::class.java
+      )
+      .build()
+  }
+
+  @Bean
+  fun tokenAuthenticationFilter(): TokenAuthenticationFilter {
+    return TokenAuthenticationFilter(tokenProvider, memberService, objectMapper)
+  }
+}
diff --git a/CT-auth/src/main/kotlin/com/chuseok22/ctauth/infrastructure/constant/AuthConstants.kt b/CT-auth/src/main/kotlin/com/chuseok22/ctauth/infrastructure/constant/AuthConstants.kt
@@ -0,0 +1,23 @@
+package com.chuseok22.ctauth.infrastructure.constant
+
+object AuthConstants {
+
+  // Auth
+  const val TOKEN_PREFIX: String = "Bearer "
+  const val HEADER_AUTHORIZATION: String = "Authorization"
+
+  // CookieUtil
+  const val ROOT_DOMAIN: String = "campustable.shop"
+  const val ACCESS_TOKEN_KEY: String = "accessToken"
+  const val REFRESH_TOKEN_KEY: String = "refreshToken"
+
+  // JwtUtil
+  const val ACCESS_TOKEN_CATEGORY: String = "accessToken"
+  const val REFRESH_TOKEN_CATEGORY: String = "refreshToken"
+  const val REDIS_REFRESH_TOKEN_KEY_PREFIX: String = "RT:"
+
+  // API
+  const val API_REQUEST_PREFIX: String = "/api/"
+  const val ADMIN_REQUEST_PREFIX: String = "/admin/"
+  const val TEST_REQUEST_PREFIX: String = "/test/"
+}
diff --git a/CT-auth/src/main/kotlin/com/chuseok22/ctauth/infrastructure/constant/SecurityUrls.kt b/CT-auth/src/main/kotlin/com/chuseok22/ctauth/infrastructure/constant/SecurityUrls.kt
@@ -0,0 +1,18 @@
+package com.chuseok22.ctauth.infrastructure.constant
+
+object SecurityUrls {
+
+  /**
+   * 인증을 생략할 URL 패턴 목록
+   */
+  @JvmStatic
+  val AUTH_WHITELIST = listOf(
+    // AUTH
+    "/api/auth/login",
+    "/api/auth/reissue",
+
+    // Swagger
+    "/docs/swagger-ui/**",
+    "/v3/api-docs/**",
+  )
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,7 +3,7 @@ name: spring-boot-cicd @@
     on:
       push:
         branches:
-    #      - main
+          - main
     env:
       PROJECT_NAME: campus-table
@@ Expand Down @@