[FIX] #806 auth 필요없는 객체 삭제, db검증로직 추가

gg-pingpong-api/src/main/java/gg/pingpong/api/global/security/config/SecurityConfig.java

@@ -4,8 +4,6 @@
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.http.HttpMethod;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -18,29 +16,17 @@
 import gg.pingpong.api.global.security.handler.OAuthAuthenticationSuccessHandler;
 import gg.pingpong.api.global.security.jwt.utils.TokenAuthenticationFilter;
 import gg.pingpong.api.global.security.repository.OAuthAuthorizationRequestBasedOnCookieRepository;
-import gg.pingpong.api.global.security.service.CustomUserDetailsService;
 import lombok.RequiredArgsConstructor;
 
 @RequiredArgsConstructor
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-	private final CustomUserDetailsService userDetailsService;
 	private final OAuthAuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler;
 	private final CorsProperties corsProperties;
 	private final TokenAuthenticationFilter tokenAuthenticationFilter;
 	private final OAuthAuthorizationRequestBasedOnCookieRepository oAuth2AuthorizationRequestBasedOnCookieRepository;
 
-	@Override
-	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-		auth.userDetailsService(userDetailsService);
-	}
-
-	@Bean
-	@Override
-	public AuthenticationManager authenticationManagerBean() throws Exception {
-		return super.authenticationManagerBean();
-	}
 
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {

gg-pingpong-api/src/main/java/gg/pingpong/api/global/security/jwt/utils/TokenAuthenticationFilter.java

@@ -20,7 +20,9 @@
 
 import gg.auth.utils.AuthTokenProvider;
 import gg.auth.utils.HeaderUtil;
-import gg.pingpong.api.global.security.service.CustomUserDetailsService;
+import gg.data.user.User;
+import gg.pingpong.api.global.security.UserPrincipal;
+import gg.repo.user.UserRepository;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 
@@ -29,7 +31,7 @@
 @Component
 public class TokenAuthenticationFilter extends OncePerRequestFilter {
 	private final AuthTokenProvider tokenProvider;
-	private final CustomUserDetailsService customUserDetailsService;
+	private final UserRepository userRepository;
 
 	@Override
 	protected void doFilterInternal(
@@ -56,7 +58,9 @@ private OAuth2AuthenticationToken validate(HttpServletRequest request) {
 		Long userId = tokenProvider.getUserIdFromAccessToken(accessToken);
 		//access token 검증
 		if (userId != null) {
-			UserDetails userDetails = customUserDetailsService.loadUserById(userId);
+			User loginUser = userRepository.findById(userId)
+				.orElseThrow(() -> new RuntimeException("user not found in db"));
+			UserDetails userDetails = UserPrincipal.create(loginUser);
 			return new OAuth2AuthenticationToken((OAuth2User)userDetails, userDetails.getAuthorities(), "42");
 		}
 		throw new RuntimeException("token not validated");