Merge pull request #362 from agree0002/refactor/#350

[refactor/#350] 스프링부트3 마이그레이션

Author: agree0002

build.gradle

@@ -1,8 +1,8 @@
 plugins {
-    id 'org.springframework.boot' version '2.7.18'
-    id 'io.spring.dependency-management' version '1.0.15.RELEASE'
+    id 'org.springframework.boot' version '3.3.5'
+    id 'io.spring.dependency-management' version '1.1.6'
     id 'java-library'
-    id 'com.diffplug.spotless' version '6.13.0'
+    id 'com.diffplug.spotless' version '6.25.0'
 }
 
 spotless {
@@ -20,7 +20,7 @@ spotless {
         //임포트 순서 정리
         importOrder(
                 "java",
-                "javax",
+                "jakarta",
                 "lombok",
                 "org.springframework",
                 "",
@@ -64,26 +64,33 @@ subprojects {
         }
     }
 
+    testing {
+        suites {
+            test {
+                useJUnitJupiter()
+            }
+        }
+    }
+
     dependencies {
         annotationProcessor(
                 'org.projectlombok:lombok',
                 'org.springframework.boot:spring-boot-configuration-processor',
                 'jakarta.persistence:jakarta.persistence-api',
                 'jakarta.annotation:jakarta.annotation-api',
-                "com.querydsl:querydsl-apt:${dependencyManagement.importedProperties['querydsl.version']}:jpa"
+                'com.querydsl:querydsl-apt:5.0.0:jakarta'
         )
 
         implementation (
                 'org.springframework.boot:spring-boot-starter-web',
                 'org.springframework.boot:spring-boot-starter-validation',
-                'org.springdoc:springdoc-openapi-ui:1.7.0',
+                'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0',
                 'com.google.code.findbugs:jsr305:3.0.2',
-                'io.awspring.cloud:spring-cloud-starter-aws:2.4.4',
 
                 // cloud config
-                'org.springframework.cloud:spring-cloud-starter-config:3.1.8',
+                'org.springframework.cloud:spring-cloud-starter-config:4.1.4',
                 'org.springframework.boot:spring-boot-starter-actuator',
-                'org.springframework.cloud:spring-cloud-starter-bootstrap:3.1.8',
+                'org.springframework.cloud:spring-cloud-starter-bootstrap:4.1.4',
 
                 // mail
                 'org.springframework.boot:spring-boot-starter-mail',
@@ -104,10 +111,6 @@ subprojects {
         )
     }
 
-    test {
-        useJUnitPlatform()
-    }
-
 }
 
 project(':module-jpa') {
@@ -117,8 +120,8 @@ project(':module-jpa') {
     dependencies {
         api (
                 'org.springframework.boot:spring-boot-starter-data-jpa',
-                'com.querydsl:querydsl-jpa', // query dsl
-                'com.jcraft:jsch:0.1.55',  // 로컬 개발용 db ssh tunneling, https://mavenlibs.com/maven/dependency/com.jcraft/jsch
+                'com.querydsl:querydsl-jpa:5.0.0:jakarta',
+                'com.jcraft:jsch:0.1.55',
 //                'org.mariadb.jdbc:mariadb-java-client',
                 'com.mysql:mysql-connector-j',
                 'com.h2database:h2'
@@ -133,18 +136,18 @@ project(':module-auth') {
     dependencies {
         api project(':module-jpa')
         // jwt
-        api 'io.jsonwebtoken:jjwt-api:0.11.2'
-        runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.2',
+        api 'io.jsonwebtoken:jjwt-api:0.11.5'
+        runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5',
                 // Uncomment the next line if you want to use RSASSA-PSS (PS256, PS384, PS512) algorithms:
                 //'org.bouncycastle:bcprov-jdk15on:1.60',
-                'io.jsonwebtoken:jjwt-jackson:0.11.2' // or 'io.jsonwebtoken:jjwt-gson:0.11.2' for gson
+                'io.jsonwebtoken:jjwt-jackson:0.11.5'
 
         // security
         api 'org.springframework.boot:spring-boot-starter-security'
         api 'org.springframework.boot:spring-boot-starter-oauth2-client'
-        api 'javax.xml.bind:jaxb-api'
+        api 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2'
         testImplementation 'org.springframework.security:spring-security-test'
-        testImplementation 'org.mockito:mockito-inline:2.13.0'
+        testImplementation 'org.mockito:mockito-inline:5.2.0'
     }
 }
 
@@ -155,9 +158,10 @@ project(':module-fileStorage') {
     dependencies {
         api project(':module-jpa')
 
-        api 'javax.xml.bind:jaxb-api'
+        api 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2'
+        implementation 'com.amazonaws:aws-java-sdk-s3:1.12.188'
         testImplementation 'org.springframework.security:spring-security-test'
-        testImplementation 'org.mockito:mockito-inline:2.13.0'
+        testImplementation 'org.mockito:mockito-inline:5.2.0'
     }
 }
 
@@ -167,14 +171,15 @@ project(':resource-server') {
         api project(':module-auth')
         api project(':module-fileStorage')
         api 'org.springframework.boot:spring-boot-starter-security'
+        implementation 'com.amazonaws:aws-java-sdk-s3:1.12.188'
         testImplementation 'org.springframework.security:spring-security-test'
     }
 
     clean {
         delete file('src/main/generated')
     }
 
-    task cleanGeneratedDir(type: Delete) {
+    tasks.register('cleanGeneratedDir', Delete) {
         delete file('src/main/generated')
     }
 }

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.3.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

module-auth/src/main/java/com/inhabas/api/auth/config/AuthBeansConfig.java

@@ -4,6 +4,7 @@
 
 import lombok.RequiredArgsConstructor;
 
+import org.springframework.boot.ApplicationRunner;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -35,6 +36,11 @@ public class AuthBeansConfig {
   private final AuthProperties authProperties;
   private final RefreshTokenRepository refreshTokenRepository;
 
+  @Bean
+  public ApplicationRunner jwtSecretKeyStrengthChecker(JwtTokenUtil jwtTokenUtil) {
+    return args -> jwtTokenUtil.validateSecretKeyStrength();
+  }
+
   @Bean
   public HttpCookieOAuth2AuthorizationRequestRepository
       httpCookieOAuth2AuthorizationRequestRepository() {

module-auth/src/main/java/com/inhabas/api/auth/config/AuthSecurityConfig.java

@@ -2,13 +2,16 @@
 
 import lombok.RequiredArgsConstructor;
 
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.web.cors.CorsUtils;
 
 import com.inhabas.api.auth.domain.oauth2.CustomOAuth2UserService;
@@ -18,9 +21,10 @@
 
 @Order(0) // 인증 관련 security filter chain 은 우선순위가 가장 높아야 함.
 @EnableWebSecurity
+@Configuration
 @RequiredArgsConstructor
 @Profile({"dev1", "dev2", "local", "prod1", "prod2"}) // 테스트에는 포함시키지 않음.
-public class AuthSecurityConfig extends WebSecurityConfigurerAdapter {
+public class AuthSecurityConfig {
 
   private final CustomOAuth2UserService customOAuth2UserService;
   private final OAuth2AuthorizedClientService authorizedClientService;
@@ -29,62 +33,40 @@ public class AuthSecurityConfig extends WebSecurityConfigurerAdapter {
   private final HttpCookieOAuth2AuthorizationRequestRepository
       httpCookieOAuth2AuthorizationRequestRepository;
 
-  /**
-   * 소셜 로그인 api <br>
-   * <br>
-   * 진행과정은 아래와 같다.<br>
-   *
-   * <ol>
-   *   <li>사용자가 소셜로그인 시작. (프론트에서 redirect_url 보내줘야함.)
-   *   <li>OAuth2 인증 진행 -> 기존 회원인지 검사
-   *       <ol style="list-style-type:lower-alpha">
-   *         <li>성공 -> OAuth2AuthenticationSuccessHandler
-   *             <ol>
-   *               <li>프론트에서 보내준 redirect_url 검증 (-> 실패하면 failure handler 에서 처리)
-   *               <li>jwt 토큰 발급 및 로그인 처리
-   *               <li>리다이렉트
-   *             </ol>
-   *         <li>실패 -> OAuth2AuthenticationFailureHandler
-   *       </ol>
-   * </ol>
-   *
-   * 회원가입이나, jwt 토큰 발급을 위한 url 로 함부로 접근할 수 없게 하기 위해 jwt 토근이 발급되기 이전까지는 OAuth2 인증 결과를 세션을 통해서 유지함.
-   * 따라서 critical 한 url 에 대해서 OAuth2 인증이 완료된 세션에 한해서만 허용.
-   */
-  @Override
-  protected void configure(HttpSecurity http) throws Exception {
+  @Bean
+  @Order(0)
+  public SecurityFilterChain authSecurityFilterChain(HttpSecurity http) throws Exception {
 
-    http.requestMatchers()
-        .antMatchers("/login/**")
-        .and()
+    http
+        // /login/** 경로에만 이 보안 체인 적용
+        .securityMatcher("/login/**")
         // 세션 생성 금지
-        .sessionManagement()
-        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-        .and()
-        .cors()
-        .and()
-        .authorizeRequests()
-        .requestMatchers(CorsUtils::isPreFlightRequest)
-        .permitAll()
-        .anyRequest()
-        .permitAll()
-        .and()
-        .csrf()
-        .disable()
-
+        .sessionManagement(
+            session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+        .cors(cors -> {})
+        .csrf(AbstractHttpConfigurer::disable)
+        .authorizeHttpRequests(
+            authorize ->
+                authorize
+                    .requestMatchers(request -> CorsUtils.isPreFlightRequest(request))
+                    .permitAll()
+                    .anyRequest()
+                    .permitAll())
         // Oauth 로그인 설정
-        .oauth2Login()
-        .authorizedClientService(authorizedClientService)
-        .authorizationEndpoint()
-        .baseUri("/login/oauth2/authorization")
-        .authorizationRequestRepository(httpCookieOAuth2AuthorizationRequestRepository)
-        .and()
+        .oauth2Login(
+            oauth2 ->
+                oauth2
+                    .authorizedClientService(authorizedClientService)
+                    .authorizationEndpoint(
+                        authorization ->
+                            authorization
+                                .baseUri("/login/oauth2/authorization")
+                                .authorizationRequestRepository(
+                                    httpCookieOAuth2AuthorizationRequestRepository))
+                    .userInfoEndpoint(userInfo -> userInfo.userService(customOAuth2UserService))
+                    .failureHandler(oauth2AuthenticationFailureHandler)
+                    .successHandler(oauth2AuthenticationSuccessHandler));
 
-        // 사용자 정보를 가져오는 엔드포인트에 대한 설정
-        .userInfoEndpoint()
-        .userService(customOAuth2UserService)
-        .and()
-        .failureHandler(oauth2AuthenticationFailureHandler)
-        .successHandler(oauth2AuthenticationSuccessHandler);
+    return http.build();
   }
 }

module-auth/src/main/java/com/inhabas/api/auth/config/TemplateConfig.java

@@ -4,8 +4,8 @@
 import org.springframework.context.annotation.Configuration;
 
 import org.thymeleaf.TemplateEngine;
-import org.thymeleaf.spring5.SpringTemplateEngine;
-import org.thymeleaf.spring5.templateresolver.SpringResourceTemplateResolver;
+import org.thymeleaf.spring6.SpringTemplateEngine;
+import org.thymeleaf.spring6.templateresolver.SpringResourceTemplateResolver;
 import org.thymeleaf.templatemode.TemplateMode;
 
 @Configuration