From 449ade7205e14aa3ac70b0712aad7d792c35a3c8 Mon Sep 17 00:00:00 2001 From: toychip Date: Tue, 28 Nov 2023 17:03:59 +0900 Subject: [PATCH] =?UTF-8?q?feat:=20JwtAuthenticationFilter=20=EC=B4=88?= =?UTF-8?q?=EC=95=88=20(#7)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../global/config/SecurityConfig.java | 10 +++++ .../global/jwt/JwtAuthenticationFilter.java | 43 +++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 src/main/java/com/api/TaveShot/global/jwt/JwtAuthenticationFilter.java diff --git a/src/main/java/com/api/TaveShot/global/config/SecurityConfig.java b/src/main/java/com/api/TaveShot/global/config/SecurityConfig.java index 0288ae5..c5a725a 100644 --- a/src/main/java/com/api/TaveShot/global/config/SecurityConfig.java +++ b/src/main/java/com/api/TaveShot/global/config/SecurityConfig.java @@ -1,6 +1,8 @@ package com.api.TaveShot.global.config; +import com.api.TaveShot.global.jwt.JwtAuthenticationFilter; import com.api.TaveShot.global.oauth2.CustomOAuth2UserService; +import jakarta.servlet.Filter; import java.util.List; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; @@ -11,6 +13,7 @@ import org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.web.cors.CorsConfiguration; @Configuration @@ -55,7 +58,14 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { .userInfoEndpoint() .userService(customOAuth2UserService); + http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); + return http.build(); } + private JwtAuthenticationFilter jwtAuthenticationFilter() { + return new JwtAuthenticationFilter(); + } + + } diff --git a/src/main/java/com/api/TaveShot/global/jwt/JwtAuthenticationFilter.java b/src/main/java/com/api/TaveShot/global/jwt/JwtAuthenticationFilter.java new file mode 100644 index 0000000..58b0a16 --- /dev/null +++ b/src/main/java/com/api/TaveShot/global/jwt/JwtAuthenticationFilter.java @@ -0,0 +1,43 @@ +package com.api.TaveShot.global.jwt; + +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import java.io.IOException; +import org.springframework.web.filter.OncePerRequestFilter; + +public class JwtAuthenticationFilter extends OncePerRequestFilter { + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) + throws ServletException, IOException { + + String requestURI = request.getRequestURI(); + if (isPublicUri(requestURI)) { + filterChain.doFilter(request, response); + return; + } + + String authorizationHeader = request.getHeader("Authorization"); + + if (authorizationHeader != null) { + // ToDo Access Token 검증 + // jwtProvider.isValidToken(authorizationHeader); + + filterChain.doFilter(request, response); + } + + } + + private boolean isPublicUri(String requestURI) { + return requestURI.equals("/auth/signup") || + requestURI.equals("/auth/login") || + requestURI.equals("/auth/logout") || + requestURI.equals("/auth/token") || + requestURI.startsWith("/oauth") || + requestURI.startsWith("/swagger-ui") || + requestURI.startsWith("/favicon.ico") || + requestURI.startsWith("/login"); + } +}