diff --git a/src/main/java/com/speech/up/auth/filter/JwtAuthenticationFilter.java b/src/main/java/com/speech/up/auth/filter/JwtAuthenticationFilter.java index c48b325..7cd3bda 100644 --- a/src/main/java/com/speech/up/auth/filter/JwtAuthenticationFilter.java +++ b/src/main/java/com/speech/up/auth/filter/JwtAuthenticationFilter.java @@ -4,21 +4,21 @@ import java.util.ArrayList; import java.util.List; import java.util.NoSuchElementException; +import java.util.Objects; import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.stereotype.Component; import org.springframework.util.StringUtils; import org.springframework.web.filter.OncePerRequestFilter; import com.speech.up.auth.provider.JwtProvider; +import com.speech.up.common.enums.StatusCode; import com.speech.up.user.entity.UserEntity; import com.speech.up.user.repository.UserRepository; @@ -28,7 +28,9 @@ import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +@Slf4j @Component @RequiredArgsConstructor public class JwtAuthenticationFilter extends OncePerRequestFilter { @@ -40,31 +42,33 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { protected void doFilterInternal(@Nullable HttpServletRequest request, @Nullable HttpServletResponse response, @Nullable FilterChain filterChain) throws ServletException, IOException { try { - assert filterChain != null; - assert request != null; + assert Objects.nonNull(filterChain); + assert Objects.nonNull(request); String token = parseBearerToken(request); - if(token == null){ + if (token.equals(String.valueOf(StatusCode.NO_AUTHORIZATION))) { filterChain.doFilter(request, response); return; } String socialId = jwtProvider.validate(token); - if(socialId == null){ + if (socialId == null) { filterChain.doFilter(request, response); return; } UserEntity userEntity = userRepository.findBySocialId(socialId) - .orElseThrow(() -> new NoSuchElementException("not found UserEntity by socialId : " + socialId));; + .orElseThrow(() -> new NoSuchElementException("not found UserEntity by socialId : " + socialId)); + ; String role = userEntity.getAuthorization(); List authorities = new ArrayList<>(); authorities.add(new SimpleGrantedAuthority(role)); SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); - AbstractAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(socialId, token, authorities); + AbstractAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(socialId, token, + authorities); - authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); + authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); securityContext.setAuthentication(authenticationToken); SecurityContextHolder.setContext(securityContext); - }catch(Exception exception){ + } catch (Exception exception) { throw new IOException("JWT Authentication 이 실패 했으니 확인 : ", exception); } @@ -74,10 +78,16 @@ protected void doFilterInternal(@Nullable HttpServletRequest request, @Nullable private String parseBearerToken(HttpServletRequest request) { String authorization = request.getHeader("Authorization"); boolean hasAuthorization = StringUtils.hasText(authorization); - if(!hasAuthorization){return null;} + if (!hasAuthorization) { + log.warn("Authorization header is empty"); + return String.valueOf(StatusCode.NO_AUTHORIZATION); + } boolean isBearer = authorization.startsWith("Bearer "); - if(!isBearer){return null;} + if (!isBearer) { + log.warn("Authorization header is invalid"); + return String.valueOf(StatusCode.NO_AUTHORIZATION); + } return authorization.substring(7); }