update :: Secret 분리

Author: ta2ye0n

src/main/java/com/gcms/v3/global/security/jwt/JwtTokenProvider.java

@@ -9,7 +9,6 @@
 import jakarta.annotation.PostConstruct;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -20,24 +19,24 @@
 import java.time.LocalDateTime;
 import java.util.Date;
 
+import static com.gcms.v3.global.security.jwt.JwtProperties.*;
+
 @Component
 @RequiredArgsConstructor
 public class JwtTokenProvider {
 
-    @Value("${jwt.secret}")
-    private String secretKey;
-    private static final String AUTHORITIES = "auth";
-    private static final String GRANT_TYPE = "Bearer";
-    private static final String TOKEN_PREFIX = "Bearer ";
-    private static final long ACCESS_TOKEN_TIME = 1000 * 60 * 30L;
-    private static final long REFRESH_TOKEN_TIME = 1000L * 60 * 60 * 24 * 7;
-    private static Key key;
+    private static Key accessTokenkey;
+    private static Key refreshtokenkey;
     private final AuthDetailsService authDetailsService;
+    private final JwtProperties jwtProperties;
 
     @PostConstruct
     public void init() {
-        byte[] keyBytes = Decoders.BASE64.decode(secretKey);
-        key = Keys.hmacShaKeyFor(keyBytes);
+        byte[] keyBytes = Decoders.BASE64.decode(jwtProperties.getAccessTokenKey());
+        accessTokenkey = Keys.hmacShaKeyFor(keyBytes);
+
+        byte[] refreshKeyBytes = Decoders.BASE64.decode(jwtProperties.getRefreshTokenKey());
+        refreshtokenkey = Keys.hmacShaKeyFor(refreshKeyBytes);
     }
 
     public TokenInfoResponseDto generateToken(String email) {
@@ -60,7 +59,7 @@ private String generateAccessToken(String email) {
                 .setHeaderParam("typ", GRANT_TYPE)
                 .claim(AUTHORITIES, "JWT")
                 .setExpiration(accessTokenExpiresIn)
-                .signWith(key, SignatureAlgorithm.HS256)
+                .signWith(accessTokenkey, SignatureAlgorithm.HS256)
                 .compact();
     }
 
@@ -72,7 +71,7 @@ private String generateRefreshToken(String email) {
         return Jwts.builder()
                 .setSubject(email)
                 .setHeaderParam("typ", "JWT")
-                .signWith(key, SignatureAlgorithm.HS256)
+                .signWith(refreshtokenkey, SignatureAlgorithm.HS256)
                 .claim(AUTHORITIES, "JWT")
                 .setIssuedAt(new Date())
                 .setExpiration(refreshTokenExpiresIn)
@@ -92,7 +91,7 @@ public Authentication getAuthentication(String token) {
 
     private Claims parseClaims(String assessToken) {
         try {
-            return Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(assessToken).getBody();
+            return Jwts.parserBuilder().setSigningKey(accessTokenkey).build().parseClaimsJws(assessToken).getBody();
         } catch (ExpiredJwtException e) {
             return e.getClaims();
         }
@@ -108,7 +107,7 @@ public String resolveToken(HttpServletRequest request) {
 
     public boolean validateToken(String token) {
         try {
-            Jwts.parserBuilder().setSigningKey(key).build().parseClaimsJws(token);
+            Jwts.parserBuilder().setSigningKey(accessTokenkey).build().parseClaimsJws(token);
             return true;
         } catch (SecurityException | MalformedJwtException e) {
             throw new InvalidAuthTokenException();

src/main/resources/application.yml

@@ -34,4 +34,6 @@ spring:
       port: 6379
 
 jwt:
-  secret: ${JWT_SECRET}
+  secret:
+    access-token: ${ACCESS_TOKEN_KEY}
+    refresh-token: ${REFRESH_TOKEN_KEY}