From 13a0a3ab20e3b1033bd4cdc7065f48e5ec3c9f11 Mon Sep 17 00:00:00 2001 From: kimdohyung Date: Thu, 16 Nov 2023 21:00:56 +0900 Subject: [PATCH] =?UTF-8?q?refactor:=20401=EC=97=90=EB=9F=AC=20=EB=B0=98?= =?UTF-8?q?=ED=99=98=EC=9D=84=20=EC=9C=84=ED=95=9C=20EntryPoint=20?= =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95=20(#13)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/backend/config/SecurityConfig.java | 12 +++++-- .../java/com/backend/error/ErrorCode.java | 4 +-- .../filter/ApiAuthenticationEntryPoint.java | 34 +++++++++++++++++-- 3 files changed, 44 insertions(+), 6 deletions(-) diff --git a/src/main/java/com/backend/config/SecurityConfig.java b/src/main/java/com/backend/config/SecurityConfig.java index 1ea7460..12a0c45 100644 --- a/src/main/java/com/backend/config/SecurityConfig.java +++ b/src/main/java/com/backend/config/SecurityConfig.java @@ -5,6 +5,7 @@ import com.backend.jwt.filter.JwtAuthenticationFilter; import com.backend.jwt.service.JwtProvider; import com.backend.jwt.service.ApiUserDetailsService; +import com.backend.util.LoginUserArgumentResolver; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -18,10 +19,13 @@ import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher; +import org.springframework.web.method.support.HandlerMethodArgumentResolver; import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.handler.HandlerMappingIntrospector; +import java.util.List; + import static org.springframework.security.config.Customizer.withDefaults; @Configuration @@ -59,8 +63,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti .requestMatchers(mvcMatcherBuilder.pattern("/mail/**")).permitAll() .anyRequest().authenticated()) .exceptionHandling() - .authenticationEntryPoint(entryPoint) - .accessDeniedHandler(deniedHandler); + .authenticationEntryPoint(entryPoint); http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); return http.getOrBuild(); @@ -84,4 +87,9 @@ public void addCorsMappings(CorsRegistry registry) { .allowedHeaders("*") .exposedHeaders("*"); } + + @Override + public void addArgumentResolvers(List resolvers) { + resolvers.add(new LoginUserArgumentResolver()); + } } \ No newline at end of file diff --git a/src/main/java/com/backend/error/ErrorCode.java b/src/main/java/com/backend/error/ErrorCode.java index 3da9571..c2253d6 100644 --- a/src/main/java/com/backend/error/ErrorCode.java +++ b/src/main/java/com/backend/error/ErrorCode.java @@ -14,8 +14,8 @@ public enum ErrorCode { ALREADY_LOGOUT_MEMBER(BAD_REQUEST, "이미 로그아웃한 회원입니다."), ALREADY_EXIST_EMAIL(BAD_REQUEST, "이미 존재하는 이메일입니다."), INVALID_TOKEN(UNAUTHORIZED, "잘못된 토큰입니다."), - INVALID_GROUP_TYPE(UNAUTHORIZED, "잘못된 그룹 종류입니다."), - INVALID_PASSWORD(UNAUTHORIZED, "잘못된 비밀번호입니다."); + INVALID_GROUP_TYPE(BAD_REQUEST, "잘못된 그룹 종류입니다."), + INVALID_PASSWORD(BAD_REQUEST, "잘못된 비밀번호입니다."); private final int code; private final String message; diff --git a/src/main/java/com/backend/jwt/filter/ApiAuthenticationEntryPoint.java b/src/main/java/com/backend/jwt/filter/ApiAuthenticationEntryPoint.java index 7770258..6307980 100644 --- a/src/main/java/com/backend/jwt/filter/ApiAuthenticationEntryPoint.java +++ b/src/main/java/com/backend/jwt/filter/ApiAuthenticationEntryPoint.java @@ -1,18 +1,48 @@ package com.backend.jwt.filter; +import com.backend.error.dto.ErrorResponse; +import com.fasterxml.jackson.databind.ObjectMapper; import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.stereotype.Component; import java.io.IOException; +import java.nio.charset.StandardCharsets; +@Slf4j @Component +@RequiredArgsConstructor public class ApiAuthenticationEntryPoint implements AuthenticationEntryPoint { + + private final ObjectMapper objectMapper; + @Override - public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { - response.sendError(HttpServletResponse.SC_FORBIDDEN); + public void commence(HttpServletRequest request, HttpServletResponse response, + AuthenticationException authException) throws IOException, ServletException { + + log.info("엔트리 포인트"); + + String json = objectMapper.writeValueAsString(ErrorResponse.of(HttpStatus.UNAUTHORIZED.value(), + "인증되지 않은 사용자 입니다.")); + + setResponseProperties(response); + writeJsonToResponse(response, json); + } + + private void setResponseProperties(HttpServletResponse response) { + response.setContentType(MediaType.APPLICATION_JSON_VALUE); + response.setCharacterEncoding(StandardCharsets.UTF_8.name()); + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + } + + private void writeJsonToResponse(HttpServletResponse response, String json) throws IOException { + response.getWriter().write(json); } } \ No newline at end of file