[auth] Added generating system token. For example, opr-rest-api needs a token to call hcm-rest-api in scheduler.

2026-01-14 11:42:49 -05:00 · 2026-01-14 11:42:49 -05:00 · 78d836dfa3
parent f8b9f86bf3
commit 78d836dfa3
7 changed files with 89 additions and 1 deletions
--- a/pom.xml
+++ b/pom.xml
@ -80,6 +80,11 @@
 			<artifactId>layered-architecture-template</artifactId>
 			<version>1.0.0-SNAPSHOT</version>
 		</dependency>
+		<dependency>
+		    <groupId>org.springframework.boot</groupId>
+		    <artifactId>spring-boot-configuration-processor</artifactId>
+		    <optional>true</optional>
+		</dependency>
 	</dependencies>

 	<build>
--- a/src/main/java/com/goi/erp/auth/AuthenticationController.java
+++ b/src/main/java/com/goi/erp/auth/AuthenticationController.java
@ -33,5 +33,10 @@ public class AuthenticationController {
 	public void refreshToken(HttpServletRequest request, HttpServletResponse response) throws IOException {
 		service.refreshToken(request, response);
 	}
+	
+	@PostMapping("/authenticate/system")
+	public AuthenticationResponse authenticateSystem(@RequestBody SystemAuthenticationRequestDto request) {
+	    return service.authenticateSystem(request);
+	}

 }
--- a/src/main/java/com/goi/erp/auth/AuthenticationService.java
+++ b/src/main/java/com/goi/erp/auth/AuthenticationService.java
@ -4,6 +4,7 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import com.goi.erp.common.exception.InvalidPasswordException;
 import com.goi.erp.common.exception.UserNotFoundException;
 import com.goi.erp.config.JwtService;
+import com.goi.erp.config.SecuritySystemClientsProperties;
 import com.goi.erp.token.Token;
 import com.goi.erp.token.TokenRepository;
 import com.goi.erp.token.TokenType;
@ -34,6 +35,7 @@ public class AuthenticationService {
    private final RolePermissionRepository rolePermissionRepository;
    
    private final JwtService jwtService;
+    private final SecuritySystemClientsProperties systemClientsProperties;
 //    private final AuthenticationManager authenticationManager;

 //	public AuthenticationResponse register(RegisterRequest request) {
@ -157,4 +159,32 @@ public class AuthenticationService {
            }
        }
    }
+    
+    // 시스템 토큰 발급 (OPR/CRM 등 서버간 호출용)
+    public AuthenticationResponse authenticateSystem(SystemAuthenticationRequestDto request) {
+
+        if (request.getClientId() == null || request.getClientSecret() == null) {
+            throw new InvalidPasswordException("Missing client credentials");
+        }
+
+        var clientConfig = systemClientsProperties.getClients().get(request.getClientId());
+        if (clientConfig == null) {
+            throw new InvalidPasswordException("Invalid system client");
+        }
+
+        if (!clientConfig.getSecret().equals(request.getClientSecret())) {
+            throw new InvalidPasswordException("Invalid system secret");
+        }
+
+        List<String> permissions = clientConfig.getPermissions(); // 예: ["H:R:A"]
+
+        String jwtToken = jwtService.generateSystemToken(request.getClientId(), permissions);
+
+        // system token은 보통 DB(TokenRepository)에 저장/폐기(revoke) 안 함 (짧게 발급 + 캐싱)
+        return AuthenticationResponse.builder()
+                .accessToken(jwtToken)
+                .refreshToken(null)
+                .build();
+    }
+
 }
--- a/src/main/java/com/goi/erp/auth/SystemAuthenticationRequestDto.java
+++ b/src/main/java/com/goi/erp/auth/SystemAuthenticationRequestDto.java
@ -0,0 +1,9 @@
+package com.goi.erp.auth;
+
+import lombok.Data;
+
+@Data
+public class SystemAuthenticationRequestDto {
+    private String clientId;
+    private String clientSecret;
+}
--- a/src/main/java/com/goi/erp/config/JwtService.java
+++ b/src/main/java/com/goi/erp/config/JwtService.java
@ -61,6 +61,14 @@ public class JwtService {
 		
 		return buildToken(extraClaims, employee.getEmpUuid().toString(), jwtExpiration);
 	}
+	
+	public String generateSystemToken(String clientId, java.util.List<String> permissions) {
+		Map<String, Object> extraClaims = new HashMap<>();
+		extraClaims.put("permissions", permissions);
+		extraClaims.put("loginId", clientId);
+		return buildToken(extraClaims, clientId, jwtExpiration);
+	}
+

 	public String generateRefreshToken(Employee employee, List<String> roles, List<String> permissions) {
 		Map<String, Object> extraClaims = new HashMap<>();
--- a/src/main/java/com/goi/erp/config/SecuritySystemClientsProperties.java
+++ b/src/main/java/com/goi/erp/config/SecuritySystemClientsProperties.java
@ -0,0 +1,24 @@
+package com.goi.erp.config;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.List;
+import java.util.Map;
+
+@Configuration
+@ConfigurationProperties(prefix = "application.security.system-clients")
+@Data
+public class SecuritySystemClientsProperties {
+    /**
+     * key: clientId (e.g. "opr-rest-api")
+     */
+    private Map<String, Client> clients;
+
+    @Data
+    public static class Client {
+        private String secret;
+        private List<String> permissions;
+    }
+}
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -21,7 +21,14 @@ application:
      expiration: 86400000 # a day
      refresh-token:
        expiration: 604800000 # 7 days
+    system-clients:
+      clients:
+        opr-rest-api:
+          secret: ${OPR_SYSTEM_CLIENT_SECRET}
+          permissions:
+            - "H:R:A"
+
 server:
  port: 8080
  servlet:
-    context-path: /auth-service
+    context-path: /auth-service