From 60f63bb772f297bd567df68c57e0b5f0709804da Mon Sep 17 00:00:00 2001 From: iampingu99 <154869950+iampingu99@users.noreply.github.com> Date: Tue, 6 Aug 2024 19:23:45 +0900 Subject: [PATCH] =?UTF-8?q?feat:=20swagger=20=EC=A0=91=EA=B7=BC=20?= =?UTF-8?q?=EC=88=98=EC=A0=95=20=EB=B0=8F=20filter=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../example/holing/base/config/JwtFilter.java | 37 +++++++++++++++++++ .../holing/base/config/SecurityConfig.java | 11 ++++++ 2 files changed, 48 insertions(+) create mode 100644 src/main/java/com/example/holing/base/config/JwtFilter.java diff --git a/src/main/java/com/example/holing/base/config/JwtFilter.java b/src/main/java/com/example/holing/base/config/JwtFilter.java new file mode 100644 index 0000000..d593746 --- /dev/null +++ b/src/main/java/com/example/holing/base/config/JwtFilter.java @@ -0,0 +1,37 @@ +package com.example.holing.base.config; + +import com.example.holing.base.jwt.JwtProvider; +import com.example.holing.bounded_context.user.entity.User; +import com.example.holing.bounded_context.user.service.UserService; +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import lombok.RequiredArgsConstructor; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.web.filter.OncePerRequestFilter; + +import java.io.IOException; + +@RequiredArgsConstructor +public class JwtFilter extends OncePerRequestFilter { + private final UserService userService; + private final JwtProvider jwtProvider; + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { + try { + String accessToken = jwtProvider.getToken(request); + String userId = jwtProvider.getUserId(accessToken); + User user = userService.read(Long.parseLong(userId)); + + Authentication authentication = new UsernamePasswordAuthenticationToken(userId, null, null); //인증객체 생성 + SecurityContextHolder.getContext().setAuthentication(authentication); //인증정보 저장 + filterChain.doFilter(request, response); + } catch (Exception e) { + + } + } +} diff --git a/src/main/java/com/example/holing/base/config/SecurityConfig.java b/src/main/java/com/example/holing/base/config/SecurityConfig.java index bd88806..f258779 100644 --- a/src/main/java/com/example/holing/base/config/SecurityConfig.java +++ b/src/main/java/com/example/holing/base/config/SecurityConfig.java @@ -1,5 +1,7 @@ package com.example.holing.base.config; +import com.example.holing.base.jwt.JwtProvider; +import com.example.holing.bounded_context.user.service.UserService; import jakarta.servlet.http.HttpServletRequest; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; @@ -9,6 +11,7 @@ import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; @@ -19,6 +22,8 @@ @RequiredArgsConstructor public class SecurityConfig { private final AuthenticationEntryPoint customAuthenticationEntryPoint; + private final UserService userService; + private final JwtProvider jwtProvider; @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { @@ -41,7 +46,13 @@ public CorsConfiguration getCorsConfiguration(HttpServletRequest request) { .authorizeHttpRequests(request -> request.requestMatchers("/auth/**").permitAll() .requestMatchers("/survey/self-test").permitAll() + .requestMatchers("/swagger-resources/**", + "/swagger-ui/**", + "/v3/api-docs/**", + "/webjars/**", + "/error").permitAll() .anyRequest().authenticated()) + .addFilterBefore(new JwtFilter(userService, jwtProvider), UsernamePasswordAuthenticationFilter.class) .exceptionHandling(hp -> hp .authenticationEntryPoint(customAuthenticationEntryPoint)) .formLogin(Customizer.withDefaults())