[feature] 인증/인가 관련 예외 처리 #57

[feature] 인증/인가 관련 예외 처리
Sanbo-Sillok · Jun 16, 2024 · 6b27104 · 6b27104
2 parents 2943974 + abae131
commit 6b27104
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 4 deletions.
diff --git a/src/main/java/com/sanbosillok/sanbosillokserver/config/SecurityConfig.java b/src/main/java/com/sanbosillok/sanbosillokserver/config/SecurityConfig.java
@@ -1,9 +1,7 @@
 package com.sanbosillok.sanbosillokserver.config;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.sanbosillok.sanbosillokserver.config.jwt.JwtAuthenticationFilter;
-import com.sanbosillok.sanbosillokserver.config.jwt.JwtTokenProvider;
-import com.sanbosillok.sanbosillokserver.config.jwt.LoginFilter;
+import com.sanbosillok.sanbosillokserver.config.jwt.*;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -60,6 +58,16 @@ public AuthenticationManager authenticationManager(AuthenticationConfiguration c
         return configuration.getAuthenticationManager();
     }
 
+    @Bean
+    public JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint() {
+        return new JwtAuthenticationEntryPoint();
+    }
+
+    @Bean
+    public JwtAccessDeniedHandler jwtAccessDeniedHandler() {
+        return new JwtAccessDeniedHandler();
+    }
+
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
@@ -82,7 +90,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
                 //경로별 인가 작업
                 .authorizeHttpRequests((auth) -> auth
-                        .requestMatchers("/signup", "/login", "/checkUserName/{username}", "/image/{fileName}").permitAll()
+                        .requestMatchers("/signup", "/login", "/checkUserName/{username}", "/image/{fileName}", "/token/refresh").permitAll()
                         .requestMatchers(HttpMethod.GET, "/post",  "/post/random", "/post/{title}").hasAnyRole("GUEST", "ACTIVE", "ADMIN")
                         .requestMatchers("/post", "/post/upload", "/post/{title}").hasAnyRole("ACTIVE", "ADMIN")
                         .requestMatchers("/admin", "/admin/{id}").hasRole("ADMIN"))
@@ -91,6 +99,13 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .addFilterAt(new LoginFilter(authenticationManager(authenticationConfiguration), jwtTokenProvider, objectMapper), UsernamePasswordAuthenticationFilter.class)
                 .addFilterBefore(new JwtAuthenticationFilter(jwtTokenProvider), LoginFilter.class)
 
+                // 예외 처리
+                .exceptionHandling(exceptionHandling ->
+                        exceptionHandling
+                                .authenticationEntryPoint(jwtAuthenticationEntryPoint())
+                                .accessDeniedHandler(jwtAccessDeniedHandler())
+                )
+
                 //세션 설정
                 .sessionManagement((session) -> session
                         .sessionCreationPolicy(SessionCreationPolicy.STATELESS));

diff --git a/src/main/java/com/sanbosillok/sanbosillokserver/config/jwt/JwtAccessDeniedHandler.java b/src/main/java/com/sanbosillok/sanbosillokserver/config/jwt/JwtAccessDeniedHandler.java
@@ -0,0 +1,20 @@
+package com.sanbosillok.sanbosillokserver.config.jwt;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+public class JwtAccessDeniedHandler implements AccessDeniedHandler {
+    @Override
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
+        response.sendError(HttpServletResponse.SC_FORBIDDEN);
+        response.setContentType("application/json");
+        response.getWriter().write("{\"error\": \"Unauthorized user.\"}");
+    }
+}
diff --git a/src/main/java/com/sanbosillok/sanbosillokserver/config/jwt/JwtAuthenticationEntryPoint.java b/src/main/java/com/sanbosillok/sanbosillokserver/config/jwt/JwtAuthenticationEntryPoint.java
@@ -0,0 +1,21 @@
+package com.sanbosillok.sanbosillokserver.config.jwt;
+
+import io.jsonwebtoken.ExpiredJwtException;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        response.setContentType("application/json");
+        response.getWriter().write("{\"error\": \"Please send a valid token.\"}");
+    }
+}