-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
9주차 미션 / 서버 3조 정소은 #2
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,8 @@ | ||
package kuit3.backend.common.argument_resolver; | ||
|
||
import jakarta.servlet.http.HttpServletRequest; | ||
import kuit3.backend.common.interceptor.JwtAuthInterceptor; | ||
import kuit3.backend.service.AuthService; | ||
import lombok.extern.slf4j.Slf4j; | ||
import org.springframework.core.MethodParameter; | ||
import org.springframework.security.access.prepost.PreAuthorize; | ||
|
@@ -13,9 +15,18 @@ | |
@Slf4j | ||
@Component | ||
public class JwtAuthHandlerArgumentResolver implements HandlerMethodArgumentResolver { | ||
|
||
private final JwtAuthInterceptor jwtAuthInterceptor; | ||
private final AuthService authService; | ||
|
||
public JwtAuthHandlerArgumentResolver(JwtAuthInterceptor jwtAuthInterceptor, AuthService authService) { | ||
this.jwtAuthInterceptor = jwtAuthInterceptor; | ||
this.authService = authService; | ||
} | ||
|
||
@Override | ||
public boolean supportsParameter(MethodParameter parameter) { | ||
boolean hasAnnotation = parameter.hasParameterAnnotation(PreAuthorize.class); | ||
boolean hasAnnotation = parameter.hasParameterAnnotation(JWTAuthorize.class); | ||
boolean hasType = long.class.isAssignableFrom(parameter.getParameterType()); | ||
log.info("hasAnnotation={}, hasType={}, hasAnnotation && hasType={}", hasAnnotation, hasType, hasAnnotation&&hasType); | ||
return hasAnnotation && hasType; | ||
|
@@ -25,6 +36,15 @@ public boolean supportsParameter(MethodParameter parameter) { | |
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception { | ||
HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest(); | ||
log.info("userId={}", request.getAttribute("userId")); | ||
return request.getAttribute("userId"); | ||
String accessToken = jwtAuthInterceptor.resolveAccessToken(request); | ||
jwtAuthInterceptor.validateAccessToken(accessToken); | ||
String email = jwtAuthInterceptor.getEmail(accessToken); | ||
jwtAuthInterceptor.validatePayload(email); | ||
long userId = authService.getUserIdByEmail(email); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 토큰을 생성할 때부터 payload에 userId를 담아 생성한다면 |
||
|
||
// HttpServletRequest에 userId 속성 설정 | ||
//HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest(); | ||
request.setAttribute("userId", userId); | ||
return userId; | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
package kuit3.backend.common.exception; | ||
|
||
import kuit3.backend.common.response.status.ResponseStatus; | ||
import lombok.Getter; | ||
@Getter | ||
public class RestaurantException extends RuntimeException{ | ||
|
||
private final ResponseStatus exceptionStatus; | ||
|
||
public RestaurantException(ResponseStatus exceptionStatus) { | ||
super(exceptionStatus.getMessage()); | ||
this.exceptionStatus = exceptionStatus; | ||
} | ||
|
||
public RestaurantException(ResponseStatus exceptionStatus, String message) { | ||
super(message); | ||
this.exceptionStatus = exceptionStatus; | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
package kuit3.backend.common.exception_handler; | ||
|
||
import jakarta.annotation.Priority; | ||
import kuit3.backend.common.exception.RestaurantException; | ||
import kuit3.backend.common.exception.UserException; | ||
import kuit3.backend.common.response.BaseErrorResponse; | ||
import lombok.extern.slf4j.Slf4j; | ||
import org.springframework.http.HttpStatus; | ||
import org.springframework.web.bind.annotation.ExceptionHandler; | ||
import org.springframework.web.bind.annotation.ResponseStatus; | ||
import org.springframework.web.bind.annotation.RestControllerAdvice; | ||
|
||
import static kuit3.backend.common.response.status.BaseExceptionResponseStatus.INVALID_RESTAURANT_VALUE; | ||
|
||
@Slf4j | ||
@Priority(0) | ||
@RestControllerAdvice | ||
public class RestaurantExceptionContorollerAdvice { | ||
@ResponseStatus(HttpStatus.BAD_REQUEST) | ||
@ExceptionHandler(RestaurantException.class) | ||
public BaseErrorResponse handle_RestaurantException(RestaurantException e) { | ||
log.error("[handle_RestaurantException]", e); | ||
return new BaseErrorResponse(e.getExceptionStatus(), e.getMessage()); | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,4 +8,4 @@ public interface ResponseStatus { | |
|
||
String getMessage(); | ||
|
||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,9 @@ | ||
package kuit3.backend.config; | ||
|
||
|
||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.security.config.annotation.web.builders.HttpSecurity; | ||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; | ||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; | ||
import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer; | ||
import org.springframework.security.config.http.SessionCreationPolicy; | ||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; | ||
import org.springframework.security.crypto.password.PasswordEncoder; | ||
|
@@ -23,15 +20,11 @@ public PasswordEncoder passwordEncoder() { | |
|
||
@Bean | ||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { | ||
|
||
http | ||
.csrf(AbstractHttpConfigurer::disable) | ||
|
||
.formLogin(FormLoginConfigurer::disable) | ||
|
||
.sessionManagement((sessionManagement) -> | ||
sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS) | ||
); | ||
.csrf().disable() | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
.formLogin().disable() | ||
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); | ||
return http.build(); | ||
} | ||
} | ||
|
||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
토큰에 대한 검증은 이미
Interceptor
에서 끝났기 때문에ArgumentResolver
에는요청 헤더 -> 토큰 -> payload
추출 로직만 있어도 됩니다!