From c4c7703392c2bfefaec0a4dd626ace91f91e7c6f Mon Sep 17 00:00:00 2001 From: Jaehyun Ahn <91878695+uwoobeat@users.noreply.github.com> Date: Wed, 31 Jan 2024 23:09:07 +0900 Subject: [PATCH] =?UTF-8?q?fix:=20=EC=BF=A0=ED=82=A4=20=EC=A0=81=EC=9A=A9?= =?UTF-8?q?=20=ED=9B=84=20=EA=B0=9C=EB=B0=9C=EC=84=9C=EB=B2=84=EC=97=90?= =?UTF-8?q?=EC=84=9C=20=EC=97=90=EB=9F=AC=20=EB=B0=9C=EC=83=9D=ED=95=98?= =?UTF-8?q?=EB=8A=94=20=EB=AC=B8=EC=A0=9C=20=ED=95=B4=EA=B2=B0=20(#259)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: 캐스팅 대신 인터페이스 메서드 사용하도록 수정 * chore: 테스트 트리거 활성화 * fix: 엑세스 토큰을 헤더에서 추출하는 로직 수정 * refactor: 스웨거 리프레시 토큰 스키마 제거 * fix: 헤더가 null인 경우 파싱하기 전에 Optional로 감싸도록 수정 * fix: 헤더 변환 로직 수정 * fix: 시큐리티 유틸이 멤버 ID 파싱에 실패할 경우 커스텀 예외 던지도록 수정 * feat: 스웨거 API 요청 시 엑세스 토큰 헤더에 포함되도록 설정 변경 * chore: 테스트 트리거 비활성화 --- .../global/config/swagger/SwaggerConfig.java | 18 +++++++++--------- .../security/JwtAuthenticationFilter.java | 9 ++++++++- .../depromeet/global/util/SecurityUtil.java | 14 +++++++++----- 3 files changed, 26 insertions(+), 15 deletions(-) diff --git a/src/main/java/com/depromeet/global/config/swagger/SwaggerConfig.java b/src/main/java/com/depromeet/global/config/swagger/SwaggerConfig.java index dbaabc28b..1dff23cee 100644 --- a/src/main/java/com/depromeet/global/config/swagger/SwaggerConfig.java +++ b/src/main/java/com/depromeet/global/config/swagger/SwaggerConfig.java @@ -10,6 +10,7 @@ import io.swagger.v3.oas.models.OpenAPI; import io.swagger.v3.oas.models.info.Info; import io.swagger.v3.oas.models.info.License; +import io.swagger.v3.oas.models.security.SecurityRequirement; import io.swagger.v3.oas.models.security.SecurityScheme; import io.swagger.v3.oas.models.security.SecurityScheme.In; import io.swagger.v3.oas.models.security.SecurityScheme.Type; @@ -37,6 +38,7 @@ public class SwaggerConfig { public OpenAPI openAPI() { return new OpenAPI() .servers(swaggerServers()) + .addSecurityItem(securityRequirement()) .components(authSetting()) .info(swaggerInfo()); } @@ -66,15 +68,7 @@ private Components authSetting() { .scheme("bearer") .bearerFormat("JWT") .in(In.HEADER) - .name("Authorization")) - .addSecuritySchemes( - "refreshToken", - new SecurityScheme() - .type(Type.HTTP) - .scheme("bearer") - .bearerFormat("JWT") - .in(In.HEADER) - .name("Refresh-Token")); + .name("Authorization")); } private Info swaggerInfo() { @@ -89,6 +83,12 @@ private Info swaggerInfo() { .license(license); } + private SecurityRequirement securityRequirement() { + SecurityRequirement securityRequirement = new SecurityRequirement(); + securityRequirement.addList("accessToken"); + return securityRequirement; + } + @Bean public ModelResolver modelResolver(ObjectMapper objectMapper) { // 객체 직렬화 diff --git a/src/main/java/com/depromeet/global/security/JwtAuthenticationFilter.java b/src/main/java/com/depromeet/global/security/JwtAuthenticationFilter.java index 54ceffbf3..6b5475aa3 100644 --- a/src/main/java/com/depromeet/global/security/JwtAuthenticationFilter.java +++ b/src/main/java/com/depromeet/global/security/JwtAuthenticationFilter.java @@ -31,12 +31,19 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { private final JwtTokenService jwtTokenService; private final CookieUtil cookieUtil; + private static String extractAccessTokenFromHeader(HttpServletRequest request) { + return Optional.ofNullable(request.getHeader(HttpHeaders.AUTHORIZATION)) + .filter(header -> header.startsWith(TOKEN_PREFIX)) + .map(header -> header.replace(TOKEN_PREFIX, "")) + .orElse(null); + } + @Override protected void doFilterInternal( HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { - String accessTokenHeaderValue = request.getHeader(ACCESS_TOKEN_HEADER); + String accessTokenHeaderValue = extractAccessTokenFromHeader(request); String accessTokenValue = extractAccessTokenFromCookie(request); String refreshTokenValue = extractRefreshTokenFromCookie(request); diff --git a/src/main/java/com/depromeet/global/util/SecurityUtil.java b/src/main/java/com/depromeet/global/util/SecurityUtil.java index 2eee4c682..aa4af8f13 100644 --- a/src/main/java/com/depromeet/global/util/SecurityUtil.java +++ b/src/main/java/com/depromeet/global/util/SecurityUtil.java @@ -1,6 +1,8 @@ package com.depromeet.global.util; -import com.depromeet.global.security.PrincipalDetails; +import com.depromeet.global.error.exception.CustomException; +import com.depromeet.global.error.exception.ErrorCode; +import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Component; @@ -8,9 +10,11 @@ public class SecurityUtil { public Long getCurrentMemberId() { - PrincipalDetails principal = - (PrincipalDetails) - SecurityContextHolder.getContext().getAuthentication().getPrincipal(); - return Long.parseLong(principal.getUsername()); + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + try { + return Long.parseLong(authentication.getName()); + } catch (Exception e) { + throw new CustomException(ErrorCode.AUTH_NOT_FOUND); + } } }