Merge pull request #120 from M7-TAVE/fix/101-kakao-issue

fix: 카카오 로그아웃 해결 #101

Author: GyeongJoon

src/main/java/com/example/travelbag/domain/member/controller/api/auth/status/AuthController.java

@@ -1,8 +1,12 @@
 package com.example.travelbag.domain.member.controller.api.auth.status;
 
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -103,21 +107,33 @@ public ResponseEntity<Map<String, Object>> getAuthStatus(Authentication authenti
 
 
     @PostMapping("/logout")
-    public ResponseEntity<Map<String, Object>> logout() {
-        // 로그 출력
-        System.out.println("Logout API called");
+    public ResponseEntity<Map<String, Object>> logout(HttpServletRequest request, HttpServletResponse response) {
+        System.out.println("=== Logout Process Started ===");
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+        System.out.println("Current Authentication: " +
+                (authentication != null ? authentication.getName() : "anonymous"));
+        System.out.println("Session ID: " + request.getSession(false) != null ?
+                request.getSession().getId() : "no session");
+
+        if (authentication != null) {
+            new SecurityContextLogoutHandler().logout(request, response, authentication);
+            SecurityContextHolder.clearContext();
+            System.out.println("Logout successful - session invalidated");
+        } else {
+            System.out.println("No authentication found to logout");
+        }
 
-        // 수동으로 인증 상태 초기화
         Map<String, Object> authInfo = Map.of(
                 "isAuthenticated", false,
                 "kakaoId", null,
                 "email", null,
                 "nickname", null
         );
 
-        // 성공 응답 반환
+        System.out.println("=== Logout Process Completed ===");
         return ResponseEntity.ok(Map.of(
-                "message", "Logout API called successfully",
+                "message", "Logged out successfully",
                 "authInfo", authInfo
         ));
     }

src/main/java/com/example/travelbag/global/config/SecurityConfig.java

@@ -17,6 +17,7 @@
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession;
+import org.springframework.http.HttpStatus;
 
 import java.io.IOException;
 import java.util.List;
@@ -32,13 +33,8 @@ public class SecurityConfig {
 
     @Bean
     public AuthenticationSuccessHandler oauth2AuthenticationSuccessHandler() {
-        return new AuthenticationSuccessHandler() {
-            @Override
-            public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
-                                                Authentication authentication) throws IOException, ServletException {
-                // Vite 프론트엔드로 리다이렉트
-                response.sendRedirect(front_url);
-            }
+        return (request, response, authentication) -> {
+            response.sendRedirect(front_url);
         };
     }
 
@@ -47,18 +43,7 @@ public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
         configuration.setAllowedOrigins(List.of(front_url));
         configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
-        configuration.setAllowedHeaders(List.of(
-                "Authorization",
-                "Cache-Control",
-                "Content-Type",
-                "Origin",
-                "Accept",
-                "Referer",
-                "User-Agent",
-                "Access-Control-Allow-Origin",
-                "*"
-        ));
-        configuration.setExposedHeaders(List.of("Authorization", "Content-Type"));
+        configuration.setAllowedHeaders(List.of("*"));  // 모든 헤더 허용으로 단순화
         configuration.setAllowCredentials(true);
         configuration.setMaxAge(3600L);
 
@@ -94,12 +79,24 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                         )
                         .successHandler(oauth2AuthenticationSuccessHandler())
                 )
+                .sessionManagement(session -> session
+                        .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+                        .maximumSessions(1)
+                        .expiredUrl(front_url + "/login")
+                )
                 .logout(logout -> logout
-                        .logoutSuccessUrl(front_url + "/login")
+                        .logoutUrl("/api/auth/logout")
+                        .logoutSuccessHandler((request, response, authentication) -> {
+                            response.setStatus(HttpStatus.OK.value());
+                            response.setContentType("application/json;charset=UTF-8");
+                            response.getWriter().write("{\"message\":\"Logout successful\",\"status\":\"success\"}");
+                        })
                         .invalidateHttpSession(true)
-                        .deleteCookies("JSESSIONID")
+                        .clearAuthentication(true)
+                        .deleteCookies("JSESSIONID", "SESSION") // Redis 세션 쿠키 이름 수정
+                        .permitAll()
                 );
 
         return http.build();
     }
-}
+}