CCCloudPlatform · juanxiu · Oct 14, 2025 · Oct 14, 2025 · Oct 14, 2025 · Oct 14, 2025
diff --git a/docs/TENANT_ISOLATION_POLICY_IMPLEMENTATION.md b/docs/TENANT_ISOLATION_POLICY_IMPLEMENTATION.md
diff --git a/pom.xml b/pom.xml
@@ -197,6 +197,14 @@
             <scope>test</scope>
         </dependency>
 
+        <!-- https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-starter-openfeign -->
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-openfeign</artifactId>
+            <version>4.1.3</version>
+        </dependency>
+
+        <!-- Awaitility for async testing -->
         <dependency>
             <groupId>org.awaitility</groupId>
             <artifactId>awaitility</artifactId>

diff --git a/src/main/java/com/agenticcp/core/AgenticCpCoreApplication.java b/src/main/java/com/agenticcp/core/AgenticCpCoreApplication.java
@@ -4,12 +4,10 @@
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
 import org.springframework.scheduling.annotation.EnableAsync;
-import org.springframework.scheduling.annotation.EnableScheduling;
 
 @SpringBootApplication
 @EnableJpaRepositories
 @EnableAsync
-@EnableScheduling
 public class AgenticCpCoreApplication {
 
     public static void main(String[] args) {

diff --git a/src/main/java/com/agenticcp/core/common/util/SecurityContextUtils.java b/src/main/java/com/agenticcp/core/common/util/SecurityContextUtils.java
@@ -0,0 +1,41 @@
+package com.agenticcp.core.common.util;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+/**
+ * SecurityContext 유틸리티
+ * 
+ * @author AgenticCP Team
+ * @version 1.0.0
+ */
+public class SecurityContextUtils {
+
+    /**
+     * 현재 인증된 사용자명 조회
+     * 
+     * @return 사용자명, 없으면 null
+     */
+    public static String getCurrentUsername() {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        if (authentication != null && authentication.isAuthenticated()) {
+            return authentication.getName();
+        }
+        return null;
+    }
+
+    /**
+     * 현재 인증된 사용자명 조회 (null 체크 포함)
+     * 
+     * @return 사용자명
+     * @throws IllegalStateException 인증 정보가 없는 경우
+     */
+    public static String getCurrentUsernameOrThrow() {
+        String username = getCurrentUsername();
+        if (username == null) {
+            throw new IllegalStateException("현재 인증된 사용자 정보가 없습니다");
+        }
+        return username;
+    }
+}
+
diff --git a/src/main/java/com/agenticcp/core/domain/cloud/entity/ResourceOwner.java b/src/main/java/com/agenticcp/core/domain/cloud/entity/ResourceOwner.java
@@ -0,0 +1,66 @@
+package com.agenticcp.core.domain.cloud.entity;
+
+import com.agenticcp.core.common.entity.BaseEntity;
+import com.agenticcp.core.domain.tenant.entity.Tenant;
+import com.agenticcp.core.domain.user.entity.User;
+import jakarta.persistence.*;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/**
+ * 리소스 소유자 엔티티
+ * 
+ * <p>리소스와 사용자 간의 소유권 관계를 관리하는 중간 테이블입니다.
+ * DEDICATED 격리 모드에서 리소스 접근 권한을 제어하는데 사용됩니다.</p>
+ * 
+ * @author AgenticCP Team
+ * @version 1.0.0
+ */
+@Entity
+@Table(name = "resource_owners",
+       uniqueConstraints = @UniqueConstraint(
+           name = "uk_resource_user_deleted",
+           columnNames = {"resource_id", "user_id", "is_deleted"}
+       ),
+       indexes = {
+           @Index(name = "idx_resource_owner_user_tenant", columnList = "user_id, tenant_id, is_deleted"),
+           @Index(name = "idx_resource_owner_resource_tenant", columnList = "resource_id, tenant_id, is_deleted")
+       })
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class ResourceOwner extends BaseEntity {
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "resource_id", nullable = false)
+    private CloudResource resource;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "user_id", nullable = false)
+    private User user;
+
+    @ManyToOne(fetch = FetchType.LAZY)
+    @JoinColumn(name = "tenant_id", nullable = false)
+    private Tenant tenant;
+
+    @Enumerated(EnumType.STRING)
+    @Column(name = "access_type", nullable = false, length = 20)
+    @Builder.Default
+    private AccessType accessType = AccessType.OWNER;
+
+    /**
+     * 접근 타입 열거형
+     */
+    public enum AccessType {
+        /** 소유자 (리소스 생성자) */
+        OWNER,
+        /** 공유 접근 (SHARED 모드에서 자동 추가, 향후 확장용) */
+        SHARED,
+        /** 읽기 전용 (향후 확장용) */
+        READ_ONLY
+    }
+}
+
diff --git a/src/main/java/com/agenticcp/core/domain/cloud/repository/ResourceOwnerRepository.java b/src/main/java/com/agenticcp/core/domain/cloud/repository/ResourceOwnerRepository.java
@@ -0,0 +1,105 @@
+package com.agenticcp.core.domain.cloud.repository;
+
+import com.agenticcp.core.domain.cloud.entity.CloudResource;
+import com.agenticcp.core.domain.cloud.entity.ResourceOwner;
+import com.agenticcp.core.domain.tenant.entity.Tenant;
+import com.agenticcp.core.domain.user.entity.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+import java.util.Optional;
+
+/**
+ * 리소스 소유자 Repository
+ * 
+ * @author AgenticCP Team
+ * @version 1.0.0
+ */
+@Repository
+public interface ResourceOwnerRepository extends JpaRepository<ResourceOwner, Long> {
+
+    /**
+     * 사용자가 소유한 리소스 목록 조회 (JOIN 최적화)
+     * 
+     * @param user 사용자
+     * @param tenant 테넌트
+     * @return 소유한 리소스 목록
+     */
+    @Query("SELECT DISTINCT ro.resource FROM ResourceOwner ro " +
+           "LEFT JOIN FETCH ro.resource.provider " +
+           "LEFT JOIN FETCH ro.resource.region " +
+           "LEFT JOIN FETCH ro.resource.service " +
+           "LEFT JOIN FETCH ro.resource.tenant " +
+           "WHERE ro.user = :user AND ro.tenant = :tenant AND ro.isDeleted = false " +
+           "AND ro.resource.isDeleted = false")
+    List<CloudResource> findResourcesByOwner(@Param("user") User user, 
+                                            @Param("tenant") Tenant tenant);
+
+    /**
+     * 리소스 소유권 확인
+     * 
+     * @param resource 리소스
+     * @param user 사용자
+     * @return 소유권 존재 여부
+     */
+    boolean existsByResourceAndUserAndIsDeletedFalse(CloudResource resource, User user);
+
+    /**
+     * 리소스 소유권 조회
+     * 
+     * @param resource 리소스
+     * @param user 사용자
+     * @return 리소스 소유권 정보
+     */
+    Optional<ResourceOwner> findByResourceAndUserAndIsDeletedFalse(CloudResource resource, User user);
+
+    /**
+     * 리소스의 모든 소유자 조회
+     * 
+     * @param resource 리소스
+     * @return 소유자 목록
+     */
+    List<ResourceOwner> findByResourceAndIsDeletedFalse(CloudResource resource);
+
+    /**
+     * 사용자와 테넌트로 소유권 목록 조회
+     * 
+     * @param user 사용자
+     * @param tenant 테넌트
+     * @return 소유권 목록
+     */
+    List<ResourceOwner> findByUserAndTenantAndIsDeletedFalse(User user, Tenant tenant);
+
+    /**
+     * 사용자가 소유한 리소스 ID 목록 조회 (배치 최적화)
+     * 
+     * @param user 사용자
+     * @param tenant 테넌트
+     * @return 소유한 리소스 ID 목록
+     */
+    @Query("SELECT ro.resource.id FROM ResourceOwner ro " +
+           "WHERE ro.user = :user AND ro.tenant = :tenant AND ro.isDeleted = false")
+    List<Long> findResourceIdsByOwner(@Param("user") User user, 
+                                     @Param("tenant") Tenant tenant);
+
+    /**
+     * 여러 리소스에 대한 사용자 소유권 일괄 확인 (배치 최적화)
+     * 
+     * @param user 사용자
+     * @param resourceIds 리소스 ID 목록
+     * @param tenant 테넌트
+     * @return 소유한 리소스 ID 목록
+     */
+    @Query("SELECT ro.resource.id FROM ResourceOwner ro " +
+           "WHERE ro.user = :user " +
+           "AND ro.resource.id IN :resourceIds " +
+           "AND ro.tenant = :tenant " +
+           "AND ro.isDeleted = false")
+    List<Long> findOwnedResourceIds(@Param("user") User user,
+                                   @Param("resourceIds") List<Long> resourceIds,
+                                   @Param("tenant") Tenant tenant);
+}
+