feat: JwtAuthenticationFilter 초안 (#7)

Tave100Shot · Nov 28, 2023 · 449ade7 · 449ade7
1 parent 99233bb
commit 449ade7
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 0 deletions.
diff --git a/src/main/java/com/api/TaveShot/global/config/SecurityConfig.java b/src/main/java/com/api/TaveShot/global/config/SecurityConfig.java
@@ -1,6 +1,8 @@
 package com.api.TaveShot.global.config;
 
+import com.api.TaveShot.global.jwt.JwtAuthenticationFilter;
 import com.api.TaveShot.global.oauth2.CustomOAuth2UserService;
+import jakarta.servlet.Filter;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
@@ -11,6 +13,7 @@
 import org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
 
 @Configuration
@@ -55,7 +58,14 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .userInfoEndpoint()
                 .userService(customOAuth2UserService);
 
+        http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
+
         return http.build();
     }
 
+    private JwtAuthenticationFilter jwtAuthenticationFilter() {
+        return new JwtAuthenticationFilter();
+    }
+
+
 }
diff --git a/src/main/java/com/api/TaveShot/global/jwt/JwtAuthenticationFilter.java b/src/main/java/com/api/TaveShot/global/jwt/JwtAuthenticationFilter.java
@@ -0,0 +1,43 @@
+package com.api.TaveShot.global.jwt;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+
+        String requestURI = request.getRequestURI();
+        if (isPublicUri(requestURI)) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+
+        String authorizationHeader = request.getHeader("Authorization");
+
+        if (authorizationHeader != null) {
+            // ToDo Access Token 검증
+            //  jwtProvider.isValidToken(authorizationHeader);
+
+            filterChain.doFilter(request, response);
+        }
+
+    }
+
+    private boolean isPublicUri(String requestURI) {
+        return requestURI.equals("/auth/signup") ||
+                requestURI.equals("/auth/login") ||
+                requestURI.equals("/auth/logout") ||
+                requestURI.equals("/auth/token") ||
+                requestURI.startsWith("/oauth") ||
+                requestURI.startsWith("/swagger-ui") ||
+                requestURI.startsWith("/favicon.ico") ||
+                requestURI.startsWith("/login");
+    }
+}