[TIL-20260127] @AuthenticationPrincipal , Swagger JWT ์ธ์ฆ ์„ค์ •

2026. 1. 27. 14:18ยทToday I Learned ๐Ÿง

๐Ÿ€ To Do List

 

 

 

๐Ÿ‘ฉ๐Ÿป‍๐Ÿ’ป Today I Learned ...

 

@AuthenticationPrincipal ์‚ฌ์šฉํ•ด์„œ ์œ ์ € ์ •๋ณด ๊ฐ€์ ธ์˜ค๊ธฐ

 

@AuthenticationPrincipal์€ Spring Security์˜ Authentication ๊ฐ์ฒด(๋กœ๊ทธ์ธํ•œ ์‚ฌ์šฉ์ž์˜ ์ด๋ฆ„, ๊ถŒํ•œ, ์—ญํ•  ๋“ฑ์ด ๋‹ด๊ฒจ์žˆ์Œ) ์—์„œ ํ˜„์žฌ ์ธ์ฆ๋œ ์‚ฌ์šฉ์ž์˜ ์ •๋ณด๋ฅผ ์ง์ ‘ ๊ฐ€์ ธ์˜ฌ ์ˆ˜ ์žˆ๊ฒŒ ํ•ด์ฃผ๋Š” ์–ด๋…ธํ…Œ์ด์…˜์ด๋‹ค.

 

 

JWT Filter์—์„œ Authentication ๊ฐ์ฒด๋ฅผ ์ƒ์„ฑํ•ด์„œ Security Context์— ์ €์žฅํ•˜๋ฉด

์•„๋ž˜์™€ ๊ฐ™์€ ๊ตฌ์กฐ๋กœ principal ์ €์žฅ๋œ๋‹ค.

 

SecurityContextHolder
    โ””โ”€ SecurityContext
        โ””โ”€ Authentication (UsernamePasswordAuthenticationToken)
            โ”œโ”€ principal: AuthUser(id=123, email="user@...", ...)

 

 

 

Controller ์‹คํ–‰ ์‹œ, Spring์ด ๋‚ด๋ถ€์ ์œผ๋กœ SecurityContextHolder์—์„œ principal ๊ฐ’์„ ๊ฐ€์ ธ์™€์„œ Principal ํด๋ž˜์Šค๋กœ ์บ์ŠคํŒ…ํ•ด์ค€๋‹ค.

user ๊ฐ์ฒด์—๋Š” user id, email ๋“ฑ์˜ ์ •๋ณด๊ฐ€ ๋‹ด๊ฒจ์žˆ๊ธฐ ๋•Œ๋ฌธ์— , controller์™€ service ๋‹จ์—์„œ ๋ณด์•ˆ์ƒ ์•ˆ์ „ํ•˜๊ฒŒ ์œ ์ € ์ •๋ณด๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋‹ค.

 

 

@AuthenticationPrincipal ์–ด๋…ธํ…Œ์ด์…˜ ์ด์šฉํ•ด์„œ Controller์—์„œ ์œ ์ € ์ •๋ณด๋ฅผ ์•ˆ์ „ํ•˜๊ฒŒ ๊ฐ€์ ธ์˜ค๋Š” ๋ฐฉํ–ฅ์œผ๋กœ ๋ฆฌํŒฉํ† ๋ง์„ ์ง„ํ–‰ํ–ˆ๋Š”๋ฐ

์ž์„ธํ•œ ๋‚ด์šฉ์€ ๊ฐœ๋ฐœ ์ผ์ง€์— ๋”ฐ๋กœ ์ž‘์„ฑํ•  ์˜ˆ์ •์ด๋‹ค. โœ๏ธ

 

 

์ฐธ๊ณ  :

 

Spring Security์˜ @AuthenticationPrincipal ์ดํ•ดํ•˜๊ธฐ

@AuthenticationPrincipal ์–ด๋…ธํ…Œ์ด์…˜์€ Spring Security์—์„œ ์ธ์ฆ๋œ ์‚ฌ์šฉ์ž ์ •๋ณด๋ฅผ ์†์‰ฝ๊ฒŒ ์ ‘๊ทผํ•  ์ˆ˜ ์žˆ๋„๋ก ๋„์™€์ฃผ๋Š” ๊ธฐ๋Šฅ์ž…๋‹ˆ๋‹ค. Spring Security๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์ธ์ฆ ๋ฐ ์ธ๊ฐ€๋ฅผ ์ฒ˜๋ฆฌํ•  ๋•Œ, ์ธ์ฆ๋œ ์‚ฌ์šฉ์ž์˜ ์ •

stdio-han.tistory.com

 

 

 

Swagger ์„ค์ •

 

build.gradle.kt

implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.13")

 

Spring Boot 3.x ํ™˜๊ฒฝ์—์„œ ์‚ฌ์šฉํ•˜๋Š” springdoc ์ตœ์‹  ๋ฒ„์ „์œผ๋กœ, /swagger-ui.html ๋˜๋Š” /swagger-ui/index.html ๋กœ ์ ‘๊ทผ ๊ฐ€๋Šฅํ•˜๋‹ค.

 


Swagger์— JWT ์ธ์ฆ ์„ค์ •

 

 

info()

Swagger UI ์ƒ๋‹จ์— ํ‘œ์‹œ๋˜๋Š” API ๋ฌธ์„œ ์ •๋ณด๋ฅผ ์„ค์ •ํ•œ๋‹ค.

.info(
    Info()
        .title("KOU App API")                    // ← API ์ œ๋ชฉ
        .version("v1.0.0")                       // ← ๋ฒ„์ „
        .description("...")                      // ← ์„ค๋ช…
)

 

components()

API ์ „์—ญ์—์„œ ์‚ฌ์šฉํ•  ๋ณด์•ˆ ์Šคํ‚ค๋งˆ, ๊ณตํ†ต ๋ชจ๋ธ ๋“ฑ์„ ์ •์˜ํ•œ๋‹ค.

.components(
		Components()
			.addSecuritySchemes( // ← ๋ณด์•ˆ ์Šคํ‚ค๋งˆ
				"bearerAuth", // ← ์Šคํ‚ค๋งˆ ์ด๋ฆ„ (Controller์—์„œ ์ฐธ์กฐ)
				SecurityScheme()
					.type(SecurityScheme.Type.HTTP)  // ← HTTP ์ธ์ฆ ์Šคํ‚ค๋งˆ// ← ์ธ์ฆ ํƒ€์ž…
					.scheme("bearer")
					.bearerFormat("JWT") // ← Bearer ํฌ๋งท
					.`in`(SecurityScheme.In.HEADER) // ← ์œ„์น˜ (ํ—ค๋”)
					.name("Authorization") // ← ํ—ค๋” ์ด๋ฆ„
					.description("JWT ํ† ํฐ์„ ์ž…๋ ฅํ•˜์„ธ์š” (Bearer ์ œ์™ธ)"),  // ← ์„ค๋ช…
	),
)

 

 

 

 

Swagger UI์—์„œ  Authorize ๐Ÿ”“ ๋ฒ„ํŠผ์„ ํด๋ฆญํ•˜์—ฌ AccessToken ๊ฐ’์„ ์ž…๋ ฅํ•˜๋ฉด ,

 Postman์—์„œ Authorization ํƒญ์— AccessToken ๊ฐ’์„ ์ž…๋ ฅํ•˜์—ฌ API ์š”์ฒญํ•˜๋Š” ๊ฒƒ๊ณผ ๋™์ผํ•˜๊ฒŒ ๋™์ž‘ํ•˜๋Š” ๊ฑธ ๋ณผ ์ˆ˜ ์žˆ๋‹ค.

 

 

์ฐธ๊ณ  : 

 

Spring Boot(Kotlin) — 4ํŽธ. Swagger(OpenAPI) ์„ค์ • ๊ฐ€์ด๋“œ

๐Ÿ“š Spring Boot(Kotlin) ์„œ๋ฒ„ ๊ธฐ๋ณธ ์…‹ํŒ… — ์‹œ๋ฆฌ์ฆˆ ์•ˆ๋‚ด์™œ ๋ฉ€ํ‹ฐ ๋ชจ๋“ˆ ๊ตฌ์กฐ์ธ๊ฐ€? (์•„ํ‚คํ…์ฒ˜ ์ฒ ํ•™ & ์ „์ฒด ์„ค๊ณ„ ํŽธ)API Response ํฌ๋งท ์„ค๊ณ„๊ธ€๋กœ๋ฒŒ ์˜ˆ์™ธ ์ฒ˜๋ฆฌ(GlobalExceptionHandler)Swagger(OpenAPI) ์„ค์ • ← ํ˜„์žฌ ๊ธ€Securi

jaemoi8.tistory.com

 

 

 

์ €์ž‘์žํ‘œ์‹œ ๋น„์˜๋ฆฌ ๋ณ€๊ฒฝ๊ธˆ์ง€ (์ƒˆ์ฐฝ์—ด๋ฆผ)

'Today I Learned ๐Ÿง' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

[TIL-20260129] Docker ์ปจํ…Œ์ด๋„ˆ ๋‹ค๋ฃจ๊ธฐ  (0) 2026.01.30
[TIL-20260128] Nginx Basic Auth, Github Actions๋กœ .htpasswd ์ƒ์„ฑ  (0) 2026.01.28
[TIL-20260124] Spring Batch Reader ๊ตฌํ˜„  (0) 2026.01.24
[TIL-20260122] ํ™˜๊ฒฝ์— ๋”ฐ๋ฅธ ๊ฐ’ ์„ค์ •ํ•˜๊ธฐ (Spring Environment, Kotlin buildList)  (0) 2026.01.22
[TIL-20260118] JPA ๋ณ€๊ฒฝ ๊ฐ์ง€ (Dirty Checking)  (3) 2026.01.18
'Today I Learned ๐Ÿง' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€
  • [TIL-20260129] Docker ์ปจํ…Œ์ด๋„ˆ ๋‹ค๋ฃจ๊ธฐ
  • [TIL-20260128] Nginx Basic Auth, Github Actions๋กœ .htpasswd ์ƒ์„ฑ
  • [TIL-20260124] Spring Batch Reader ๊ตฌํ˜„
  • [TIL-20260122] ํ™˜๊ฒฝ์— ๋”ฐ๋ฅธ ๊ฐ’ ์„ค์ •ํ•˜๊ธฐ (Spring Environment, Kotlin buildList)
ํ•ด๋‹ˆ ๐ŸŒฑ
ํ•ด๋‹ˆ ๐ŸŒฑ
๊ธฐ๋ก์ด ์ž์‚ฐ์ด๋‹ค ( •ฬ€แด—•ฬ )ูˆโœ๏ธ
  • ํ•ด๋‹ˆ ๐ŸŒฑ
    haeni.dev
    ํ•ด๋‹ˆ ๐ŸŒฑ
  • ๋งํฌ

    • github
    • velog
  • ์ „์ฒด
    ์˜ค๋Š˜
    ์–ด์ œ
    • ๋ถ„๋ฅ˜ ์ „์ฒด๋ณด๊ธฐ (25)
      • ์šฐ์‚ฌ๊ธฐ ๊ฐœ๋ฐœ์ผ์ง€ ๐Ÿฐ (4)
      • Today I Learned ๐Ÿง (19)
      • ๋ถ„๋…ธ์˜ ํƒ€์ดํ•‘ ๋กœ๊ทธ ๐Ÿ”ฅ (2)
  • ๋ธ”๋กœ๊ทธ ๋ฉ”๋‰ด

    • ํ™ˆ
    • ํƒœ๊ทธ
    • ๋ฐฉ๋ช…๋ก
  • ๊ณต์ง€์‚ฌํ•ญ

  • ์ธ๊ธฐ ๊ธ€

  • ํƒœ๊ทธ

    ๊ฐœ๋ฐœ
    AWS
    til
    IT
    ์ฝ”ํ…Œ
    springboot
    ๋ฐฑ์—”๋“œ
    ์ฝ”๋”ฉํ…Œ์ŠคํŠธ
    ๊ฐœ๋ฐœ์ž
    ci/cd
  • ์ตœ๊ทผ ๋Œ“๊ธ€

  • ์ตœ๊ทผ ๊ธ€

  • hELLOยท Designed By์ •์ƒ์šฐ.v4.10.5
ํ•ด๋‹ˆ ๐ŸŒฑ
[TIL-20260127] @AuthenticationPrincipal , Swagger JWT ์ธ์ฆ ์„ค์ •
์ƒ๋‹จ์œผ๋กœ

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”