-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #20 from DDD-Community/feature/ITDS-38-set-spring-…
…security Feature/itds-38 set spring security
- Loading branch information
Showing
14 changed files
with
525 additions
and
369 deletions.
There are no files selected for viewing
16 changes: 16 additions & 0 deletions
16
src/main/java/com/dissonance/itit/common/annotation/CurrentUser.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
package com.dissonance.itit.common.annotation; | ||
|
||
import java.lang.annotation.Documented; | ||
import java.lang.annotation.ElementType; | ||
import java.lang.annotation.Retention; | ||
import java.lang.annotation.RetentionPolicy; | ||
import java.lang.annotation.Target; | ||
|
||
import org.springframework.security.core.annotation.AuthenticationPrincipal; | ||
|
||
@Target(ElementType.PARAMETER) | ||
@Retention(RetentionPolicy.RUNTIME) | ||
@Documented | ||
@AuthenticationPrincipal(expression = "getUser()") | ||
public @interface CurrentUser { | ||
} |
86 changes: 33 additions & 53 deletions
86
src/main/java/com/dissonance/itit/common/jwt/filter/JwtAuthFilter.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,75 +1,55 @@ | ||
package com.dissonance.itit.common.jwt.filter; | ||
|
||
import com.dissonance.itit.common.exception.ErrorCode; | ||
import com.dissonance.itit.common.exception.CustomException; | ||
import java.io.IOException; | ||
|
||
import org.springframework.security.core.Authentication; | ||
import org.springframework.security.core.context.SecurityContextHolder; | ||
import org.springframework.stereotype.Component; | ||
import org.springframework.util.StringUtils; | ||
import org.springframework.web.filter.OncePerRequestFilter; | ||
|
||
import com.dissonance.itit.common.jwt.util.JwtUtil; | ||
import com.dissonance.itit.domain.entity.User; | ||
import com.dissonance.itit.repository.UserRepository; | ||
|
||
import jakarta.servlet.FilterChain; | ||
import jakarta.servlet.ServletException; | ||
import jakarta.servlet.http.HttpServletRequest; | ||
import jakarta.servlet.http.HttpServletResponse; | ||
import lombok.RequiredArgsConstructor; | ||
import lombok.extern.slf4j.Slf4j; | ||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; | ||
import org.springframework.security.core.Authentication; | ||
import org.springframework.security.core.authority.SimpleGrantedAuthority; | ||
import org.springframework.security.core.context.SecurityContextHolder; | ||
import org.springframework.stereotype.Component; | ||
import org.springframework.util.StringUtils; | ||
import org.springframework.web.filter.OncePerRequestFilter; | ||
|
||
import java.io.IOException; | ||
import java.util.List; | ||
|
||
@RequiredArgsConstructor | ||
@Slf4j | ||
@Component | ||
public class JwtAuthFilter extends OncePerRequestFilter { | ||
private final JwtUtil jwtUtil; | ||
|
||
private final JwtUtil jwtUtil; | ||
private final UserRepository userRepository; | ||
|
||
|
||
@Override | ||
protected void doFilterInternal(HttpServletRequest request, | ||
HttpServletResponse response, | ||
FilterChain filterChain) throws ServletException, IOException { | ||
String accessToken = resolveToken(request); | ||
|
||
// 토큰 검사 생략 | ||
if (request.getServletPath().equals("/api/v1/reissue") || !StringUtils.hasText(accessToken)) { | ||
filterChain.doFilter(request, response); | ||
return; | ||
} | ||
|
||
if (jwtUtil.verifyToken(accessToken)) { | ||
// AccessToken의 payload에 있는 email로 user를 조회한다. | ||
User findUser = userRepository.findByEmail(jwtUtil.getUid(accessToken)) | ||
.orElseThrow(() -> new CustomException(ErrorCode.NON_EXISTENT_EMAIL)); | ||
@Override | ||
protected void doFilterInternal(HttpServletRequest request, | ||
HttpServletResponse response, | ||
FilterChain filterChain) throws ServletException, IOException { | ||
String accessToken = resolveToken(request); | ||
|
||
// SecurityContext에 인증 객체를 등록한다. | ||
Authentication auth = getAuthentication(findUser); | ||
SecurityContextHolder.getContext().setAuthentication(auth); | ||
} | ||
// 토큰 검사 생략 | ||
if (request.getServletPath().equals("/api/v1/reissue") || !StringUtils.hasText(accessToken)) { | ||
filterChain.doFilter(request, response); | ||
return; | ||
} | ||
|
||
filterChain.doFilter(request, response); | ||
} | ||
if (jwtUtil.verifyToken(accessToken)) { | ||
Authentication auth = jwtUtil.getAuthentication(accessToken); | ||
SecurityContextHolder.getContext().setAuthentication(auth); | ||
} | ||
|
||
// request Header에서 토큰 추출 | ||
private String resolveToken(HttpServletRequest httpServletRequest) { | ||
String bearerToken = httpServletRequest.getHeader("Authorization"); | ||
filterChain.doFilter(request, response); | ||
} | ||
|
||
if (bearerToken != null && bearerToken.startsWith("Bearer ")) { | ||
return bearerToken.substring(7); | ||
} | ||
private String resolveToken(HttpServletRequest httpServletRequest) { | ||
String bearerToken = httpServletRequest.getHeader("Authorization"); | ||
|
||
return null; | ||
} | ||
if (bearerToken != null && bearerToken.startsWith("Bearer ")) { | ||
return bearerToken.substring(7); | ||
} | ||
|
||
// Authentication 생성 | ||
private Authentication getAuthentication(User user) { | ||
return new UsernamePasswordAuthenticationToken(user, "", | ||
List.of(new SimpleGrantedAuthority(user.getRole().toString()))); | ||
} | ||
return null; | ||
} | ||
} |
Oops, something went wrong.