bugfix: 토큰 재발급 시, accessToken 만료 검증 로직 제거 #8

src/main/java/com/nice/petudio/common/auth/handler/AuthCheckHandler.java

@@ -26,15 +26,15 @@ public class AuthCheckHandler {
 
 
     public Long validateAuthority(HttpServletRequest request, List<MemberRole> requiredRoles) {
-        String jwtAccessToken = getJwtAccessTokenFromHttpCookie(request);
+        String jwtAccessToken = getJwtAccessTokenFromHttpHeader(request);
         if (hasAuthority(jwtAccessToken, requiredRoles)) {
             return memberId;
         }
         throw new ForbiddenException(ErrorCode.FORBIDDEN_EXCEPTION,
                 String.format("memberId(%d)의 접근 권한이 없어, 요청이 수행되지 않았습니다.", memberId));
     }
 
-    private String getJwtAccessTokenFromHttpCookie(HttpServletRequest request) {
+    private String getJwtAccessTokenFromHttpHeader(HttpServletRequest request) {
         String bearerToken = request.getHeader("Authorization");
         if (StringUtils.hasText(bearerToken) && bearerToken.startsWith("Bearer ")) {
             return bearerToken.substring("Bearer ".length());
@@ -52,10 +52,10 @@ public boolean hasAuthority(String jwtAccessToken, List<MemberRole> requiredRole
                 return isRoleMatch(member, requiredRoles);
             }
             throw new ValidationException(ErrorCode.INVALID_JWT_TOKEN_EXCEPTION,
-                    String.format("JWT AccessToken 내에 MemberId가 존재하지 않습니다."));
+                    "JWT AccessToken 내에 MemberId가 존재하지 않습니다.");
         }
         throw new UnAuthorizedException(ErrorCode.UNAUTHORIZED_JWT_EXCEPTION,
-                ErrorCode.UNAUTHORIZED_JWT_EXCEPTION.getMessage());
+                String.format("입력받은 JWT 토큰이 유효하지 않습니다. (ACCESS_TOKEN: %s)", jwtAccessToken));
     }
 
     private static boolean isRoleMatch(Member member, List<MemberRole> requiredRoles) {

src/main/java/com/nice/petudio/common/auth/jwt/JwtUtils.java

@@ -13,7 +13,6 @@
 import io.jsonwebtoken.io.Decoders;
 import io.jsonwebtoken.io.DecodingException;
 import io.jsonwebtoken.security.Keys;
-import io.jsonwebtoken.security.SignatureException;
 import java.util.Date;
 import java.util.List;
 import java.util.Optional;
@@ -76,16 +75,12 @@ public Optional<Long> parseMemberId(String accessToken) {
 
     private Claims parseClaims(String accessToken) {
         try {
-            validateAccessToken(accessToken);
             return Jwts.parserBuilder().setSigningKey(secretKey).build()
                     .parseClaimsJws(accessToken).getBody();
         } catch (ExpiredJwtException exception) {
             return exception.getClaims();
-        }
-    }
-
-    private void validateAccessToken(String accessToken) {
-        if (!validateToken(accessToken)) {
+        } catch (io.jsonwebtoken.security.SecurityException | MalformedJwtException | DecodingException |
+                 UnsupportedJwtException | IllegalArgumentException e) {
             throw new UnAuthorizedException(ErrorCode.UNAUTHORIZED_JWT_EXCEPTION,
                     String.format("입력받은 JWT 토큰이 유효하지 않습니다. (ACCESS_TOKEN: %s)", accessToken));
         }