diff --git a/src/main/java/com/backend/config/SecurityConfig.java b/src/main/java/com/backend/config/SecurityConfig.java index 1ea7460..12a0c45 100644 --- a/src/main/java/com/backend/config/SecurityConfig.java +++ b/src/main/java/com/backend/config/SecurityConfig.java @@ -5,6 +5,7 @@ import com.backend.jwt.filter.JwtAuthenticationFilter; import com.backend.jwt.service.JwtProvider; import com.backend.jwt.service.ApiUserDetailsService; +import com.backend.util.LoginUserArgumentResolver; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -18,10 +19,13 @@ import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher; +import org.springframework.web.method.support.HandlerMethodArgumentResolver; import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.handler.HandlerMappingIntrospector; +import java.util.List; + import static org.springframework.security.config.Customizer.withDefaults; @Configuration @@ -59,8 +63,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti .requestMatchers(mvcMatcherBuilder.pattern("/mail/**")).permitAll() .anyRequest().authenticated()) .exceptionHandling() - .authenticationEntryPoint(entryPoint) - .accessDeniedHandler(deniedHandler); + .authenticationEntryPoint(entryPoint); http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); return http.getOrBuild(); @@ -84,4 +87,9 @@ public void addCorsMappings(CorsRegistry registry) { .allowedHeaders("*") .exposedHeaders("*"); } + + @Override + public void addArgumentResolvers(List resolvers) { + resolvers.add(new LoginUserArgumentResolver()); + } } \ No newline at end of file diff --git a/src/main/java/com/backend/error/ErrorCode.java b/src/main/java/com/backend/error/ErrorCode.java index 3da9571..c2253d6 100644 --- a/src/main/java/com/backend/error/ErrorCode.java +++ b/src/main/java/com/backend/error/ErrorCode.java @@ -14,8 +14,8 @@ public enum ErrorCode { ALREADY_LOGOUT_MEMBER(BAD_REQUEST, "이미 로그아웃한 회원입니다."), ALREADY_EXIST_EMAIL(BAD_REQUEST, "이미 존재하는 이메일입니다."), INVALID_TOKEN(UNAUTHORIZED, "잘못된 토큰입니다."), - INVALID_GROUP_TYPE(UNAUTHORIZED, "잘못된 그룹 종류입니다."), - INVALID_PASSWORD(UNAUTHORIZED, "잘못된 비밀번호입니다."); + INVALID_GROUP_TYPE(BAD_REQUEST, "잘못된 그룹 종류입니다."), + INVALID_PASSWORD(BAD_REQUEST, "잘못된 비밀번호입니다."); private final int code; private final String message; diff --git a/src/main/java/com/backend/jwt/filter/ApiAuthenticationEntryPoint.java b/src/main/java/com/backend/jwt/filter/ApiAuthenticationEntryPoint.java index 7770258..6307980 100644 --- a/src/main/java/com/backend/jwt/filter/ApiAuthenticationEntryPoint.java +++ b/src/main/java/com/backend/jwt/filter/ApiAuthenticationEntryPoint.java @@ -1,18 +1,48 @@ package com.backend.jwt.filter; +import com.backend.error.dto.ErrorResponse; +import com.fasterxml.jackson.databind.ObjectMapper; import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.stereotype.Component; import java.io.IOException; +import java.nio.charset.StandardCharsets; +@Slf4j @Component +@RequiredArgsConstructor public class ApiAuthenticationEntryPoint implements AuthenticationEntryPoint { + + private final ObjectMapper objectMapper; + @Override - public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { - response.sendError(HttpServletResponse.SC_FORBIDDEN); + public void commence(HttpServletRequest request, HttpServletResponse response, + AuthenticationException authException) throws IOException, ServletException { + + log.info("엔트리 포인트"); + + String json = objectMapper.writeValueAsString(ErrorResponse.of(HttpStatus.UNAUTHORIZED.value(), + "인증되지 않은 사용자 입니다.")); + + setResponseProperties(response); + writeJsonToResponse(response, json); + } + + private void setResponseProperties(HttpServletResponse response) { + response.setContentType(MediaType.APPLICATION_JSON_VALUE); + response.setCharacterEncoding(StandardCharsets.UTF_8.name()); + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + } + + private void writeJsonToResponse(HttpServletResponse response, String json) throws IOException { + response.getWriter().write(json); } } \ No newline at end of file