From 13311a7fb300155043672107398ddb9e6b653abb Mon Sep 17 00:00:00 2001 From: margie1a <4987kk@naver.com> Date: Mon, 17 Feb 2025 19:54:50 +0900 Subject: [PATCH 1/2] =?UTF-8?q?[refactor]:=20=EC=98=88=EC=99=B8=EC=B2=98?= =?UTF-8?q?=EB=A6=AC=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/umc/yeogi_gal_lae/global/error/ErrorStatus.java | 3 ++- src/main/java/com/umc/yeogi_gal_lae/global/jwt/JwtUtil.java | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/umc/yeogi_gal_lae/global/error/ErrorStatus.java b/src/main/java/com/umc/yeogi_gal_lae/global/error/ErrorStatus.java index 19f0a6e7..7a312caa 100644 --- a/src/main/java/com/umc/yeogi_gal_lae/global/error/ErrorStatus.java +++ b/src/main/java/com/umc/yeogi_gal_lae/global/error/ErrorStatus.java @@ -16,7 +16,8 @@ public enum ErrorStatus { // JWT 관련 에러 JWT_GENERATION_FAILED(HttpStatus.INTERNAL_SERVER_ERROR, "JWT_500", "JWT 토큰 생성 중 오류가 발생했습니다."), - JWT_INVALID_TOKEN(HttpStatus.UNAUTHORIZED, "JWT_401", "유효하지 않은 JWT 토큰입니다."); + JWT_INVALID_TOKEN(HttpStatus.UNAUTHORIZED, "JWT_401", "유효하지 않은 JWT 토큰입니다."), + JWT_EXPIRED_TOKEN(HttpStatus.BAD_REQUEST, "JWT_402", "만료된 JWT 토큰입니다."); private final HttpStatus httpStatus; private final String code; diff --git a/src/main/java/com/umc/yeogi_gal_lae/global/jwt/JwtUtil.java b/src/main/java/com/umc/yeogi_gal_lae/global/jwt/JwtUtil.java index f621c78a..09d5edff 100644 --- a/src/main/java/com/umc/yeogi_gal_lae/global/jwt/JwtUtil.java +++ b/src/main/java/com/umc/yeogi_gal_lae/global/jwt/JwtUtil.java @@ -3,6 +3,7 @@ import com.umc.yeogi_gal_lae.global.error.AuthHandler; import com.umc.yeogi_gal_lae.global.error.ErrorStatus; import io.jsonwebtoken.Claims; +import io.jsonwebtoken.ExpiredJwtException; import io.jsonwebtoken.JwtException; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; @@ -63,6 +64,8 @@ public boolean validateToken(String token) { try { Jwts.parserBuilder().setSigningKey(getSigningKey()).build().parseClaimsJws(token); return true; + } catch (ExpiredJwtException e) { + throw new AuthHandler(ErrorStatus.JWT_EXPIRED_TOKEN); } catch (JwtException e) { throw new AuthHandler(ErrorStatus.JWT_INVALID_TOKEN); } From bc0c14d6f08cc7069943bffb053ec4001dcb82f8 Mon Sep 17 00:00:00 2001 From: margie1a <4987kk@naver.com> Date: Mon, 17 Feb 2025 19:55:05 +0900 Subject: [PATCH 2/2] =?UTF-8?q?[refactor]:=20=ED=95=84=ED=84=B0=20?= =?UTF-8?q?=EB=A1=9C=EC=A7=81=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../global/jwt/JwtAuthenticationFilter.java | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/umc/yeogi_gal_lae/global/jwt/JwtAuthenticationFilter.java b/src/main/java/com/umc/yeogi_gal_lae/global/jwt/JwtAuthenticationFilter.java index 6642bcd5..5a7b844f 100644 --- a/src/main/java/com/umc/yeogi_gal_lae/global/jwt/JwtAuthenticationFilter.java +++ b/src/main/java/com/umc/yeogi_gal_lae/global/jwt/JwtAuthenticationFilter.java @@ -26,19 +26,28 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { - // 스웨거 및 로그인 관련 URL이면 필터 동작 X String requestURI = request.getRequestURI(); + + // 인증이 필요 없는 요청이면 필터를 통과시킴 if (isExcluded(requestURI)) { filterChain.doFilter(request, response); return; } + // JWT 토큰 확인 String token = resolveToken(request); if (token != null && jwtUtil.validateToken(token)) { String email = jwtUtil.extractEmail(token); + + // 현재 로그인한 사용자 정보 SecurityContext에 저장 JwtAuthenticationToken authentication = new JwtAuthenticationToken(email); SecurityContextHolder.getContext().setAuthentication(authentication); + + // Authorization 헤더가 없으면 자동으로 추가 + if (request.getHeader("Authorization") == null) { + request.setAttribute("Authorization", "Bearer " + token); + } } filterChain.doFilter(request, response);