Skip to content

Commit

Permalink
fix: 쿠키 적용 후 개발서버에서 에러 발생하는 문제 해결 (#259)
Browse files Browse the repository at this point in the history 
* fix: 캐스팅 대신 인터페이스 메서드 사용하도록 수정

* chore: 테스트 트리거 활성화

* fix: 엑세스 토큰을 헤더에서 추출하는 로직 수정

* refactor: 스웨거 리프레시 토큰 스키마 제거

* fix: 헤더가 null인 경우 파싱하기 전에 Optional로 감싸도록 수정

* fix: 헤더 변환 로직 수정

* fix: 시큐리티 유틸이 멤버 ID 파싱에 실패할 경우 커스텀 예외 던지도록 수정

* feat: 스웨거 API 요청 시 엑세스 토큰 헤더에 포함되도록 설정 변경

* chore: 테스트 트리거 비활성화
  • Loading branch information
@uwoobeat
uwoobeat authored Jan 31, 2024
1 parent 18f4841 commit c4c7703
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 15 deletions.
18 changes: 9 additions & 9 deletions src/main/java/com/depromeet/global/config/swagger/SwaggerConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.info.Info;
import io.swagger.v3.oas.models.info.License;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.security.SecurityScheme.In;
import io.swagger.v3.oas.models.security.SecurityScheme.Type;
Expand Down Expand Up @@ -37,6 +38,7 @@ public class SwaggerConfig {
public OpenAPI openAPI() {
return new OpenAPI()
.servers(swaggerServers())
.addSecurityItem(securityRequirement())
.components(authSetting())
.info(swaggerInfo());
}
Expand Down Expand Up @@ -66,15 +68,7 @@ private Components authSetting() {
.scheme("bearer")
.bearerFormat("JWT")
.in(In.HEADER)
.name("Authorization"))
.addSecuritySchemes(
"refreshToken",
new SecurityScheme()
.type(Type.HTTP)
.scheme("bearer")
.bearerFormat("JWT")
.in(In.HEADER)
.name("Refresh-Token"));
.name("Authorization"));
}

private Info swaggerInfo() {
Expand All @@ -89,6 +83,12 @@ private Info swaggerInfo() {
.license(license);
}

private SecurityRequirement securityRequirement() {
SecurityRequirement securityRequirement = new SecurityRequirement();
securityRequirement.addList("accessToken");
return securityRequirement;
}

@Bean
public ModelResolver modelResolver(ObjectMapper objectMapper) {
// 객체 직렬화
Expand Down
9 changes: 8 additions & 1 deletion src/main/java/com/depromeet/global/security/JwtAuthenticationFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,19 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
private final JwtTokenService jwtTokenService;
private final CookieUtil cookieUtil;

private static String extractAccessTokenFromHeader(HttpServletRequest request) {
return Optional.ofNullable(request.getHeader(HttpHeaders.AUTHORIZATION))
.filter(header -> header.startsWith(TOKEN_PREFIX))
.map(header -> header.replace(TOKEN_PREFIX, ""))
.orElse(null);
}

@Override
protected void doFilterInternal(
HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {

String accessTokenHeaderValue = request.getHeader(ACCESS_TOKEN_HEADER);
String accessTokenHeaderValue = extractAccessTokenFromHeader(request);
String accessTokenValue = extractAccessTokenFromCookie(request);
String refreshTokenValue = extractRefreshTokenFromCookie(request);

Expand Down
14 changes: 9 additions & 5 deletions src/main/java/com/depromeet/global/util/SecurityUtil.java
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,20 @@
package com.depromeet.global.util;

import com.depromeet.global.security.PrincipalDetails;
import com.depromeet.global.error.exception.CustomException;
import com.depromeet.global.error.exception.ErrorCode;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Component
public class SecurityUtil {

public Long getCurrentMemberId() {
PrincipalDetails principal =
(PrincipalDetails)
SecurityContextHolder.getContext().getAuthentication().getPrincipal();
return Long.parseLong(principal.getUsername());
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
try {
return Long.parseLong(authentication.getName());
} catch (Exception e) {
throw new CustomException(ErrorCode.AUTH_NOT_FOUND);
}
}
}

0 comments on commit c4c7703

Please sign in to comment.