From 4a83bfc8e87c3d03ac3f6969984941bad3f7aaa1 Mon Sep 17 00:00:00 2001 From: johngreen Date: Tue, 12 May 2026 08:06:21 +0900 Subject: [PATCH] =?UTF-8?q?feat(=EB=8C=80=EB=AC=B4=EC=9E=90):=20Substitute?= =?UTF-8?q?ContextFilter=20=E2=80=94=20JWT=20=ED=9B=84=EB=8B=A8=EA=B3=84?= =?UTF-8?q?=20effective=5Fuser=5Fids=20=EC=A3=BC=EC=9E=85?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - TenantConsistencyGuard 뒤, ForcePasswordChangeGuard 앞에 등록 - /api/** 요청에 effective_user_ids = [user_id, ...active_original_ids] attribute 세팅 - SUPER_ADMIN (company_code='*') 은 short-circuit - DB 조회 실패 시 본 요청 차단 안 함 (가용성 우선, warn 로그) --- .../java/com/erp/security/SecurityConfig.java | 9 +- .../erp/security/SubstituteContextFilter.java | 88 +++++++++++++++++++ 2 files changed, 95 insertions(+), 2 deletions(-) create mode 100644 backend-spring/src/main/java/com/erp/security/SubstituteContextFilter.java diff --git a/backend-spring/src/main/java/com/erp/security/SecurityConfig.java b/backend-spring/src/main/java/com/erp/security/SecurityConfig.java index 7a88baee..7f8859f5 100644 --- a/backend-spring/src/main/java/com/erp/security/SecurityConfig.java +++ b/backend-spring/src/main/java/com/erp/security/SecurityConfig.java @@ -2,6 +2,7 @@ package com.erp.security; import com.erp.ai.security.AiApiKeyAuthFilter; import com.erp.ai.service.AiAgentApiKeyService; +import com.erp.service.SubstituteService; import com.erp.tenant.CompanyResolver; import com.erp.tenant.SubdomainResolverFilter; import com.erp.tenant.TenantDbSettings; @@ -37,6 +38,7 @@ public class SecurityConfig { private final TenantRoutingDataSource tenantRoutingDataSource; private final TenantDbSettings tenantDbSettings; private final AiAgentApiKeyService aiAgentApiKeyService; + private final SubstituteService substituteService; /** * CORS 화이트리스트. 콤마 구분 문자열로 주입 (예: "http://localhost:3000,https://v1.invyone.com"). @@ -76,9 +78,12 @@ public class SecurityConfig { // JwtAuthenticationFilter 뒤 — JWT.company_code 와 서브도메인의 company_code 대조. .addFilterAfter(new TenantConsistencyGuardFilter(jwtTokenProvider), JwtAuthenticationFilter.class) - // TenantConsistencyGuardFilter 뒤 — 비번 강제 변경 대기자는 허용 경로만 통과. + // TenantConsistencyGuardFilter 뒤 — 대무자(代務者) 컨텍스트 effective_user_ids 주입. + .addFilterAfter(new SubstituteContextFilter(substituteService), + TenantConsistencyGuardFilter.class) + // SubstituteContextFilter 뒤 — 비번 강제 변경 대기자는 허용 경로만 통과. .addFilterAfter(new ForcePasswordChangeGuardFilter(jwtTokenProvider), - TenantConsistencyGuardFilter.class); + SubstituteContextFilter.class); return http.build(); } diff --git a/backend-spring/src/main/java/com/erp/security/SubstituteContextFilter.java b/backend-spring/src/main/java/com/erp/security/SubstituteContextFilter.java new file mode 100644 index 00000000..a9e947f2 --- /dev/null +++ b/backend-spring/src/main/java/com/erp/security/SubstituteContextFilter.java @@ -0,0 +1,88 @@ +package com.erp.security; + +import com.erp.service.SubstituteService; +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.web.filter.OncePerRequestFilter; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +/** + * 대무자(代務者) 컨텍스트 주입 필터. + * + * Spec: .omc/specs/deep-dive-user-substitute-management.md + * Plan: .omc/plans/autopilot-impl.md (T5) + * + * 동작: + * 1. /api/** 가 아니면 통과 + * 2. JWT user_id / company_code attribute 없으면 통과 (비로그인) + * 3. company_code == "*" (SUPER_ADMIN pre-switch) 이면 통과 — 대무 의미 없음 + * 4. substituteService.getActiveOriginalUserIds(userId, companyCode) 조회 + * 5. effective_user_ids = [userId, ...originalIds] → request attribute + * 6. actual_processor_id = userId → request attribute (의미 명시 alias) + * + * 예외 처리: + * DB 조회 실패 시 effective_user_ids 를 [userId] 만 담아 통과시킨다 — 대무 컨텍스트 + * 실패가 본 요청을 깨면 안 되기 때문 (가용성 우선). warn 로그 남김. + * + * 성능: + * - request 당 SELECT 1회 (인덱스 (COMPANY_CODE, PROXY_USER_ID, IS_ACTIVE) 매치, 보통 <1ms) + * - request-scope 자연 캐시 — 한 요청 내에서 attribute 만 참조하면 추가 조회 없음 + * + * 필터 순서: + * SubdomainResolver → AiApiKey → Jwt → TenantConsistencyGuard → **여기** → ForcePasswordChangeGuard + */ +@Slf4j +@RequiredArgsConstructor +public class SubstituteContextFilter extends OncePerRequestFilter { + + public static final String ATTR_EFFECTIVE_USER_IDS = "effective_user_ids"; + public static final String ATTR_ACTUAL_PROCESSOR_ID = "actual_processor_id"; + + private final SubstituteService substituteService; + + @Override + protected void doFilterInternal(HttpServletRequest request, + HttpServletResponse response, + FilterChain chain) throws ServletException, IOException { + String path = request.getRequestURI(); + if (path == null || !path.startsWith("/api/")) { + chain.doFilter(request, response); + return; + } + + String userId = (String) request.getAttribute("user_id"); + String companyCode = (String) request.getAttribute("company_code"); + + // 비로그인 또는 SUPER_ADMIN pre-switch → 대무 컨텍스트 의미 없음, 통과 + if (userId == null || companyCode == null || "*".equals(companyCode)) { + chain.doFilter(request, response); + return; + } + + List effectiveIds = new ArrayList<>(); + effectiveIds.add(userId); + + try { + List originalIds = substituteService.getActiveOriginalUserIds(userId, companyCode); + if (originalIds != null && !originalIds.isEmpty()) { + effectiveIds.addAll(originalIds); + } + } catch (Exception e) { + // 대무 컨텍스트 조회 실패는 본 요청을 막지 않음 — 본인 권한만으로 동작 + log.warn("[SubstituteContext] failed to resolve proxy context for user={}: {}", + userId, e.getMessage()); + } + + request.setAttribute(ATTR_EFFECTIVE_USER_IDS, effectiveIds); + request.setAttribute(ATTR_ACTUAL_PROCESSOR_ID, userId); + + chain.doFilter(request, response); + } +}