diff --git a/src/main/java/com/DecodEat/domain/refreshToken/service/TokenService.java b/src/main/java/com/DecodEat/domain/refreshToken/service/TokenService.java index 0ec1c53..8ff1fe7 100644 --- a/src/main/java/com/DecodEat/domain/refreshToken/service/TokenService.java +++ b/src/main/java/com/DecodEat/domain/refreshToken/service/TokenService.java @@ -1,4 +1,4 @@ -package com.DecodEat.domain.RefreshToken.service; +package com.DecodEat.domain.refreshToken.service; import static com.DecodEat.global.apiPayload.code.status.ErrorStatus.*; @@ -10,6 +10,7 @@ import lombok.RequiredArgsConstructor; import org.springframework.stereotype.Service; + import java.time.Duration; @RequiredArgsConstructor @@ -17,7 +18,7 @@ public class TokenService { private final JwtTokenProvider jwtTokenProvider; - private final RefreshTokenService refreshTokenService; + private final com.DecodEat.domain.RefreshToken.service.RefreshTokenService refreshTokenService; private final UserService userService; public String createNewAccessToken(String refreshToken){ diff --git a/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java b/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java index bf578fc..7c4676b 100644 --- a/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java +++ b/src/main/java/com/DecodEat/global/config/WebOAuthSecurityConfig.java @@ -7,20 +7,18 @@ import com.DecodEat.global.config.oauth.OAuth2SuccessHandler; import com.DecodEat.global.config.oauth.OAuth2UserCustomService; import lombok.RequiredArgsConstructor; -import org.springframework.boot.autoconfigure.security.servlet.PathRequest; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpStatus; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; -import org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.HttpStatusEntryPoint; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.web.cors.CorsConfigurationSource; +import org.springframework.beans.factory.annotation.Value; @RequiredArgsConstructor @Configuration @@ -31,6 +29,8 @@ public class WebOAuthSecurityConfig { private final RefreshTokenRepository refreshTokenRepository; private final UserService userService; private final CorsConfigurationSource corsConfigurationSource; // CorsCongifuragtinoSource Bean 주입 위함 + @Value("${spring.security.oauth2.client.registration.kakao.client-id}") + private String kakaoClientId; // @Bean // public WebSecurityCustomizer configure() { @@ -77,6 +77,15 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti .defaultAuthenticationEntryPointFor( new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED), new AntPathRequestMatcher("/api/**"))); + // 7. 로그아웃 + http.logout(logout -> logout + .logoutUrl("/api/logout") + // 👇 카카오 로그아웃 URL로 리다이렉트 + .logoutSuccessUrl("https://kauth.kakao.com/oauth/logout?client_id=" + kakaoClientId + "&logout_redirect_uri=https://decodeat.store.app/") + .invalidateHttpSession(true) + .deleteCookies("JSESSIONID") + .clearAuthentication(true) + ); return http.build(); }