[auth] Added generating system token. For example, opr-rest-api needs a token to call hcm-rest-api in scheduler.

pom.xml

@@ -80,6 +80,11 @@
 			<artifactId>layered-architecture-template</artifactId>
 			<version>1.0.0-SNAPSHOT</version>
 		</dependency>
+		<dependency>
+		    <groupId>org.springframework.boot</groupId>
+		    <artifactId>spring-boot-configuration-processor</artifactId>
+		    <optional>true</optional>
+		</dependency>
 	</dependencies>
 
 	<build>

src/main/java/com/goi/erp/auth/AuthenticationController.java

@@ -34,4 +34,9 @@ public class AuthenticationController {
 		service.refreshToken(request, response);
 	}
 	
+	@PostMapping("/authenticate/system")
+	public AuthenticationResponse authenticateSystem(@RequestBody SystemAuthenticationRequestDto request) {
+	    return service.authenticateSystem(request);
+	}
+
 }

src/main/java/com/goi/erp/auth/AuthenticationService.java

@@ -4,6 +4,7 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import com.goi.erp.common.exception.InvalidPasswordException;
 import com.goi.erp.common.exception.UserNotFoundException;
 import com.goi.erp.config.JwtService;
+import com.goi.erp.config.SecuritySystemClientsProperties;
 import com.goi.erp.token.Token;
 import com.goi.erp.token.TokenRepository;
 import com.goi.erp.token.TokenType;
@@ -34,6 +35,7 @@ public class AuthenticationService {
     private final RolePermissionRepository rolePermissionRepository;
     
     private final JwtService jwtService;
+    private final SecuritySystemClientsProperties systemClientsProperties;
 //    private final AuthenticationManager authenticationManager;
 
 //	public AuthenticationResponse register(RegisterRequest request) {
@@ -157,4 +159,32 @@ public class AuthenticationService {
             }
         }
     }
+    
+    // 시스템 토큰 발급 (OPR/CRM 등 서버간 호출용)
+    public AuthenticationResponse authenticateSystem(SystemAuthenticationRequestDto request) {
+
+        if (request.getClientId() == null || request.getClientSecret() == null) {
+            throw new InvalidPasswordException("Missing client credentials");
+        }
+
+        var clientConfig = systemClientsProperties.getClients().get(request.getClientId());
+        if (clientConfig == null) {
+            throw new InvalidPasswordException("Invalid system client");
+        }
+
+        if (!clientConfig.getSecret().equals(request.getClientSecret())) {
+            throw new InvalidPasswordException("Invalid system secret");
+        }
+
+        List<String> permissions = clientConfig.getPermissions(); // 예: ["H:R:A"]
+
+        String jwtToken = jwtService.generateSystemToken(request.getClientId(), permissions);
+
+        // system token은 보통 DB(TokenRepository)에 저장/폐기(revoke) 안 함 (짧게 발급 + 캐싱)
+        return AuthenticationResponse.builder()
+                .accessToken(jwtToken)
+                .refreshToken(null)
+                .build();
+    }
+
 }

src/main/java/com/goi/erp/auth/SystemAuthenticationRequestDto.java

@@ -0,0 +1,9 @@
+package com.goi.erp.auth;
+
+import lombok.Data;
+
+@Data
+public class SystemAuthenticationRequestDto {
+    private String clientId;
+    private String clientSecret;
+}

src/main/java/com/goi/erp/config/JwtService.java

@@ -62,6 +62,14 @@ public class JwtService {
 		return buildToken(extraClaims, employee.getEmpUuid().toString(), jwtExpiration);
 	}
 	
+	public String generateSystemToken(String clientId, java.util.List<String> permissions) {
+		Map<String, Object> extraClaims = new HashMap<>();
+		extraClaims.put("permissions", permissions);
+		extraClaims.put("loginId", clientId);
+		return buildToken(extraClaims, clientId, jwtExpiration);
+	}
+
+
 	public String generateRefreshToken(Employee employee, List<String> roles, List<String> permissions) {
 		Map<String, Object> extraClaims = new HashMap<>();
 		extraClaims.put("roles", roles);

src/main/java/com/goi/erp/config/SecuritySystemClientsProperties.java

@@ -0,0 +1,24 @@
+package com.goi.erp.config;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.List;
+import java.util.Map;
+
+@Configuration
+@ConfigurationProperties(prefix = "application.security.system-clients")
+@Data
+public class SecuritySystemClientsProperties {
+    /**
+     * key: clientId (e.g. "opr-rest-api")
+     */
+    private Map<String, Client> clients;
+
+    @Data
+    public static class Client {
+        private String secret;
+        private List<String> permissions;
+    }
+}

src/main/resources/application.yml

@@ -21,6 +21,13 @@ application:
       expiration: 86400000 # a day
       refresh-token:
         expiration: 604800000 # 7 days
+    system-clients:
+      clients:
+        opr-rest-api:
+          secret: ${OPR_SYSTEM_CLIENT_SECRET}
+          permissions:
+            - "H:R:A"
+
 server:
   port: 8080
   servlet: