SISC-IT · Kosw6 · Nov 17, 2025 · Nov 14, 2025 · Nov 14, 2025 · Nov 14, 2025
@@ -30,8 +30,6 @@ public class CustomOAuth2UserService implements OAuth2UserService <OAuth2UserReq
     private final UserRepository userRepository;
     private final UserOauthAccountRepository oauthAccountRepository;
 
-
-
     @Override
     public OAuth2User loadUser(OAuth2UserRequest req) throws OAuth2AuthenticationException {
         // log.info("[CustomOAuth2UserService] loadUser START");
@@ -47,7 +45,6 @@ public OAuth2User loadUser(OAuth2UserRequest req) throws OAuth2AuthenticationExc
         String email;
         String name;
 
-
         // log.info("[OAuth2] Provider = {}", provider);
         if (log.isDebugEnabled()) {
             log.debug("[OAuth2] Attributes = {}", attrs);

@@ -66,7 +66,7 @@ public OidcUser loadUser(OidcUserRequest req) throws OAuth2AuthenticationExcepti
                             .build();
                     oauthAccountRepository.save(oauth);
 
-                  //  log.info("[CustomOidcUserService] 신규 User 및 UserOauthAccount 생성됨");
+                  // log.info("[CustomOidcUserService] 신규 User 및 UserOauthAccount 생성됨");
                     return savedUser;
                 });
 

@@ -3,13 +3,15 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.core.env.Environment;
 import org.sejongisc.backend.auth.dao.UserOauthAccountRepository;
 import org.sejongisc.backend.auth.entity.AuthProvider;
 import org.sejongisc.backend.auth.entity.UserOauthAccount;
 import org.sejongisc.backend.common.auth.jwt.JwtProvider;
 import org.sejongisc.backend.auth.service.RefreshTokenService;
 import org.sejongisc.backend.user.dao.UserRepository;
 import org.sejongisc.backend.user.entity.User;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.ResponseCookie;
 import org.springframework.security.core.Authentication;
@@ -26,6 +28,7 @@
 import java.io.IOException;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
 import java.util.Map;
 import java.util.UUID;
 
@@ -38,6 +41,10 @@ public class OAuth2SuccessHandler extends SimpleUrlAuthenticationSuccessHandler
     private final RefreshTokenService refreshTokenService;
     private final UserRepository userRepository;
     private final UserOauthAccountRepository userOauthAccountRepository;
+    private final Environment env;
+
+    @Value("${app.oauth2.redirect-success}")
+    private String redirectSuccessBase;
 
     @Override
     public void onAuthenticationSuccess(
@@ -94,36 +101,46 @@ public void onAuthenticationSuccess(
         // 5. RefreshToken 저장(DB or Redis)
         refreshTokenService.saveOrUpdateToken(user.getUserId(), refreshToken);
 
+        boolean isProd = Arrays.asList(env.getActiveProfiles()).contains("prod");
+
+        String sameSite = isProd ? "None" : "Lax";
+        boolean secure = isProd;
+        String domain = isProd ? "sisc-web.duckdns.org" : "localhost";
+
+
         // 6.  HttpOnly 쿠키로 refreshToken 저장
         ResponseCookie accessCookie = ResponseCookie.from("access", accessToken)
                 .httpOnly(true)
-                .secure(false)   // 로컬 개발
-                .sameSite("Lax")   // 로컬에서는 None 비추천
+                .secure(secure)    // 로컬=false, 배포=true
+                .sameSite(sameSite)  // 로컬= "Lax", 배포="None"
                 .path("/")
                 .maxAge(60L * 60)  // 1 hour
                 .build();
 
         ResponseCookie refreshCookie = ResponseCookie.from("refresh", refreshToken)
                 .httpOnly(true)
-                .secure(false)
-                .sameSite("Lax")
+                .secure(secure)
+                .sameSite(sameSite)
                 .path("/")
                 .maxAge(60L * 60 * 24 * 14) // 2 weeks
                 .build();
 
+
         response.addHeader(HttpHeaders.SET_COOKIE, accessCookie.toString());
         response.addHeader(HttpHeaders.SET_COOKIE, refreshCookie.toString());
 
 
         // 7. 프론트로 redirect
-        String redirectUrl = "http://localhost:5173/oauth/success";
+        // application-local.yml → http://localhost:5173/oauth/success
+        // application-prod.yml → https://sisc-web.duckdns.org/oauth/success
+        //String redirectUrl = redirectSuccessBase;
 //                + "?accessToken=" + accessToken
 //                + "&name=" + URLEncoder.encode(name, StandardCharsets.UTF_8)
 //                + "&userId=" + userId;
 
        // log.info("[OAuth2 Redirect] {}", redirectUrl);
 
-        getRedirectStrategy().sendRedirect(request, response, redirectUrl);
+        getRedirectStrategy().sendRedirect(request, response, redirectSuccessBase);
     }
 
 }
@@ -111,12 +111,13 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration config = new CorsConfiguration();
         config.setAllowedOrigins(List.of(
-                "http://localhost:5173" // 허용할 프론트 주소
+                "http://localhost:5173", // 허용할 프론트 주소
+                "https://sisc-web.duckdns.org"
         ));
-        config.setAllowedOriginPatterns(List.of("*"));
         config.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
         config.setAllowedHeaders(List.of("*"));
         config.setAllowCredentials(true);
+        config.addExposedHeader("Authorization");
         config.setMaxAge(3600L);    // 캐시 시간(초)
 
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();

@@ -6,6 +6,7 @@
 import io.jsonwebtoken.JwtException;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
+import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import jakarta.validation.constraints.NotNull;
@@ -40,15 +41,15 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
             "/api/auth/signup",
             "/api/auth/login",
             "/api/auth/login/**",
-            "/api/auth/oauth",
-            "/api/auth/oauth/**",
             "/api/auth/logout",
             "/api/auth/reissue",
             "/v3/api-docs/**",
             "/swagger-ui/**",
             "/swagger-ui/index.html",
             "/swagger-resources/**",
-            "/webjars/**"
+            "/webjars/**",
+            "/login/**",
+            "/oauth2/**"
     );
 
     @Override
@@ -73,6 +74,10 @@ protected void doFilterInternal(@NotNull HttpServletRequest request,
         try {
             String token = resolveToken(request);
 
+            if (token == null) {
+                token = resolveTokenFromCookie(request);
+            }
+
             if (token != null && jwtParser.validationToken(token) ) {
                 UsernamePasswordAuthenticationToken authentication = jwtParser.getAuthentication(token);
                 SecurityContextHolder.getContext().setAuthentication(authentication);
@@ -122,6 +127,19 @@ private String resolveToken(HttpServletRequest request) {
         return null;
     }
 
+    private String resolveTokenFromCookie(HttpServletRequest request) {
+        if (request.getCookies() == null) return null;
+
+        for (Cookie cookie : request.getCookies()) {
+            if ("access".equals(cookie.getName())) {
+                log.info("쿠키에서 access token 추출됨");
+                return cookie.getValue();
+            }
+        }
+
+        return null;
+    }
+
     private String toJson(ErrorResponse errorResponse) throws JsonProcessingException {
         ObjectMapper mapper = new ObjectMapper();
         mapper.registerModule(new JavaTimeModule());