fix: 토큰 init메서드 수정 및 config 권한 수정(#1)

LikeLion-12th-SKHU · Jul 31, 2024 · 85c595e · 85c595e
1 parent 346e1ec
commit 85c595e
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 7 deletions.
diff --git a/src/main/java/net/skhu/likelion12thteam03be/global/config/SecurityConfig.java b/src/main/java/net/skhu/likelion12thteam03be/global/config/SecurityConfig.java
@@ -31,7 +31,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .logout(AbstractHttpConfigurer::disable)
                 .httpBasic(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(authorize -> authorize
-                        .requestMatchers(HttpMethod.POST, "/users/**").permitAll()
+                        .requestMatchers("/users/**").permitAll()
                         .requestMatchers("/swagger-ui/**", "/v3/api-docs/**").permitAll()
                         .requestMatchers("/", "/profile").permitAll()
                         .anyRequest().authenticated()

diff --git a/src/main/java/net/skhu/likelion12thteam03be/global/jwt/TokenProvider.java b/src/main/java/net/skhu/likelion12thteam03be/global/jwt/TokenProvider.java
@@ -14,10 +14,13 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.stereotype.Component;
 
 import java.security.Key;
 import java.util.Date;
+import java.util.List;
 
 @Slf4j
 @RequiredArgsConstructor
@@ -32,14 +35,11 @@ public class TokenProvider {
     private String secret;
     private Key key;
 
-/*    @PostConstruct
+    @PostConstruct
     public void init() {
+        this.secret = secret.replace('+', '-').replace('/', '_');
         byte[] key = Decoders.BASE64URL.decode(secret);
         this.key = Keys.hmacShaKeyFor(key);
-    }*/
-    @PostConstruct
-    public void init() {
-        this.key = Keys.secretKeyFor(SignatureAlgorithm.HS512);
     }
 
     public String generateToken(String loginId) {   // loginId
@@ -90,7 +90,9 @@ public Authentication getAuthentication(String token) {
 
         User user = userRepository.findByLoginId(claims.getSubject()).orElseThrow();
 
-        return new UsernamePasswordAuthenticationToken(user.getLoginId(), "");
+        List<GrantedAuthority> authorities = List.of(new SimpleGrantedAuthority(user.getRole().toString()));
+        return new UsernamePasswordAuthenticationToken(user.getLoginId(),
+                "", authorities);
     }
 
 }