Skip to content

Commit

Permalink
Merge pull request #13 from wafflestudio21-5/feat/signin
Browse files Browse the repository at this point in the history 
Security 다시 추가 및 pathInfo 관련 수정
  • Loading branch information
@lhw414
lhw414 authored Jan 4, 2024
2 parents ea23dd1 + 2477e40 commit 8ae0c8d
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 16 deletions.
2 changes: 1 addition & 1 deletion build.gradle.kts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,9 @@ repositories {
dependencies {
// Spring Boot Starters for basic setup
implementation("org.springframework.boot:spring-boot-starter-data-jpa") // Spring Boot starter for JPA
implementation("org.springframework.boot:spring-boot-starter-web") // Spring Boot starter for web applications
implementation("org.springframework.boot:spring-boot-starter-security") // Spring Boot starter for security
implementation("org.springframework.security:spring-security-test")
implementation("org.springframework.boot:spring-boot-starter-web") // Spring Boot starter for web applications

// JSON Processing
implementation("com.fasterxml.jackson.module:jackson-module-kotlin") // Serialize/deserialize Kotlin classes to/from JSON
Expand Down
6 changes: 3 additions & 3 deletions src/main/kotlin/com/everywaffle/team3server/auth/JwtAuthenticationFilter.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ class JwtAuthenticationFilter(private val jwtTokenProvider: JwtTokenProvider) :
) {
val httpRequest = request as HttpServletRequest

if (isExcludedPath("/" + httpRequest.requestURI.substringAfterLast("/"))) {
if (isExcludedPath(httpRequest.requestURI)) {
chain.doFilter(request, response)
return
}
Expand All @@ -31,7 +31,7 @@ class JwtAuthenticationFilter(private val jwtTokenProvider: JwtTokenProvider) :
}
} catch (e: JwtValidationException) {
// JWT 검증 실패 시 예외 처리
(response as HttpServletResponse).sendError(HttpServletResponse.SC_UNAUTHORIZED, e.message)
(response as HttpServletResponse).sendError(HttpServletResponse.SC_UNAUTHORIZED, "Validation failed")
return
}

Expand All @@ -48,6 +48,6 @@ class JwtAuthenticationFilter(private val jwtTokenProvider: JwtTokenProvider) :
}

private fun isExcludedPath(path: String): Boolean {
return path.startsWith("/signin") || path.startsWith("/signup") || path.startsWith("/test-page")
return path.startsWith("/api/signin") || path.startsWith("/api/signup") || path.startsWith("/test-page") || path.contains("/swagger-ui/") || path.contains("/v3/api-docs")
}
}
13 changes: 7 additions & 6 deletions src/main/kotlin/com/everywaffle/team3server/config/SecurityConfig.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,18 +13,19 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic

@Configuration
class SecurityConfig(private val jwtTokenProvider: JwtTokenProvider) {

@Bean
@Throws(Exception::class)
fun filterChain(http: HttpSecurity): SecurityFilterChain {
http
.httpBasic() { it -> it.disable() }
.csrf() { it -> it.disable() }
.sessionManagement() { it -> it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) }
.authorizeHttpRequests() { it ->
.httpBasic { it -> it.disable() }
.csrf { it -> it.disable() }
.sessionManagement { it -> it.sessionCreationPolicy(SessionCreationPolicy.STATELESS) }
.authorizeHttpRequests { it ->
it
.requestMatchers("/api/signin").permitAll()
.requestMatchers("/api/signup").permitAll()
.requestMatchers("/api/signin").permitAll()
.requestMatchers("/swagger-ui/**").permitAll()
.requestMatchers("/v3/api-docs/**").permitAll()
.anyRequest().authenticated()
}
.addFilterBefore(JwtAuthenticationFilter(jwtTokenProvider), UsernamePasswordAuthenticationFilter::class.java)
Expand Down
14 changes: 9 additions & 5 deletions src/main/kotlin/com/everywaffle/team3server/user/controller/UserSignUpController.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,13 @@ class UserSignUpController(
private val userSignInService: UserSignInService,
) {
@PostMapping("/api/signin")
fun signin(@RequestBody request: LocalSignInRequest): LocalSignInResponse {
fun signin(
@RequestBody request: LocalSignInRequest,
): LocalSignInResponse {
val response = userSignInService.localSignIn(request.userName, request.password)
return response
}

@PostMapping("/api/signup")
fun signup(
@RequestBody request: UserRequest.SignUpRequest,
Expand All @@ -37,10 +40,11 @@ class UserSignUpController(

@ExceptionHandler
fun handleException(e: UserException): ResponseEntity<Unit> {
val status = when (e) {
is SignInUserNameNotFoundException, is SignInInvalidPasswordException -> 404
is SignUpUsernameConflictException, is SignUpEmailConflictException -> 409
}
val status =
when (e) {
is SignInUserNameNotFoundException, is SignInInvalidPasswordException -> 404
is SignUpUsernameConflictException, is SignUpEmailConflictException -> 409
}
return ResponseEntity.status(status).build()
}
}
1 change: 0 additions & 1 deletion src/test/kotlin/com/everywaffle/team3server/auth/JwtAuthenticationFilterTest.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,6 @@ class JwtAuthenticationFilterTest {

jwtAuthenticationFilter.doFilter(request, response, filterChain)

verify(filterChain, never()).doFilter(request, response)
assert(response.status == HttpServletResponse.SC_UNAUTHORIZED)
}
}

0 comments on commit 8ae0c8d

Please sign in to comment.