|
6 | 6 | import jakarta.servlet.http.HttpServletRequest; |
7 | 7 | import jakarta.servlet.http.HttpServletResponse; |
8 | 8 | import lombok.RequiredArgsConstructor; |
9 | | -import org.springframework.http.HttpMethod; |
| 9 | +import org.springframework.lang.NonNull; |
10 | 10 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; |
11 | 11 | import org.springframework.security.core.context.SecurityContextHolder; |
12 | 12 | import org.springframework.security.core.userdetails.UserDetails; |
13 | 13 | import org.springframework.security.core.userdetails.UserDetailsService; |
14 | 14 | import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; |
15 | 15 | import org.springframework.stereotype.Component; |
16 | | -import org.springframework.util.AntPathMatcher; |
17 | 16 | import org.springframework.web.filter.OncePerRequestFilter; |
18 | 17 |
|
19 | 18 | import java.io.IOException; |
20 | | -import java.util.List; |
21 | 19 |
|
22 | 20 | @Component |
23 | 21 | @RequiredArgsConstructor |
24 | 22 | public class JwtAuthenticationFilter extends OncePerRequestFilter { |
25 | | - // 토큰 없이도 가능하게 |
26 | | - private static final List<String> WHITE_LIST = List.of( |
27 | | - "/swagger-ui.html", |
28 | | - "/auth/**", |
29 | | - "/swagger-ui/**", |
30 | | - "/v3/api-docs/**", |
31 | | - "/api/members/auth/kko", |
32 | | - "/auth/refresh" |
33 | | - ); |
34 | 23 |
|
35 | 24 | private final JwtProvider jwtProvider; |
36 | 25 | private final UserDetailsService userDetailsService; |
37 | | - private final AntPathMatcher antPathMatcher = new AntPathMatcher(); |
38 | 26 |
|
39 | 27 | @Override |
40 | | - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { |
| 28 | + protected void doFilterInternal( |
| 29 | + @NonNull HttpServletRequest request, |
| 30 | + @NonNull HttpServletResponse response, |
| 31 | + @NonNull FilterChain filterChain |
| 32 | + ) throws ServletException, IOException { |
| 33 | + |
| 34 | + final String authHeader = request.getHeader("Authorization"); |
| 35 | + |
| 36 | + if (authHeader == null) { |
| 37 | + filterChain.doFilter(request, response); |
| 38 | + return; |
| 39 | + } |
| 40 | + |
| 41 | + Long memberId = null; |
41 | 42 | try { |
42 | | - Long memberId = jwtProvider.getMemberIdAndValidateToken(request.getHeader("Authorization")); |
| 43 | + memberId = jwtProvider.getMemberIdAndValidateToken(authHeader); |
| 44 | + } catch (Exception e) { |
| 45 | + SecurityContextHolder.clearContext(); |
| 46 | + } |
43 | 47 |
|
44 | | - UserDetails userDetails = userDetailsService.loadUserByUsername(memberId.toString()); |
45 | | - UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken( |
| 48 | + if (memberId != null && SecurityContextHolder.getContext().getAuthentication() == null) { |
| 49 | + UserDetails userDetails = this.userDetailsService.loadUserByUsername(memberId.toString()); |
| 50 | + |
| 51 | + UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken( |
46 | 52 | userDetails, |
47 | 53 | null, |
48 | 54 | userDetails.getAuthorities() |
49 | 55 | ); |
50 | | - authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); |
51 | | - SecurityContextHolder.getContext().setAuthentication(authentication); |
52 | | - } catch (Exception e) { |
53 | | - response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); |
54 | | - response.getWriter().write("{\"error\": \"" + e.getMessage() + "\"}"); |
55 | | - return; |
56 | | - } |
57 | | - |
58 | | - filterChain.doFilter(request, response); |
59 | | - } |
| 56 | + authToken.setDetails( |
| 57 | + new WebAuthenticationDetailsSource().buildDetails(request) |
| 58 | + ); |
60 | 59 |
|
61 | | - @Override |
62 | | - protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException { |
63 | | - if (request.getMethod().equalsIgnoreCase(HttpMethod.OPTIONS.name())) { |
64 | | - return true; |
| 60 | + SecurityContextHolder.getContext().setAuthentication(authToken); |
65 | 61 | } |
66 | 62 |
|
67 | | - // 더 안정적인 AntPathMatcher.match() 로 수정 |
68 | | - return WHITE_LIST.stream().anyMatch(white -> antPathMatcher.match(white, request.getRequestURI())); |
| 63 | + filterChain.doFilter(request, response); |
69 | 64 | } |
70 | 65 | } |
0 commit comments