2021-08-08

2021-08-08 17:09:59 +09:00
parent 94227fdd37
commit 2eef7786bd
16 changed files with 323 additions and 2 deletions
--- a/security-with-jwt/src/main/java/kr/pe/elex/examples/JwtExceptionHandler.java
+++ b/security-with-jwt/src/main/java/kr/pe/elex/examples/JwtExceptionHandler.java
@@ -0,0 +1,30 @@
+package kr.pe.elex.examples;
+
+import io.jsonwebtoken.*;
+import io.jsonwebtoken.security.SignatureException;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+
+import javax.servlet.http.HttpServletResponse;
+import java.util.HashMap;
+import java.util.Map;
+
+@Slf4j
+//@RestControllerAdvice
+@Deprecated
+public class JwtExceptionHandler {
+
+	@ExceptionHandler({IncorrectClaimException.class, MissingClaimException.class, ExpiredJwtException.class,
+			SignatureException.class, MalformedJwtException.class, UnsupportedJwtException.class})
+	public ResponseEntity<?> onEx(Throwable e) {
+		log.error("Oops~!!!", e);
+
+		Map<String, Object> data = new HashMap<>();
+		data.put("message", e.getMessage());
+		data.put("errorCode", HttpServletResponse.SC_BAD_REQUEST);
+		return ResponseEntity.badRequest().body(data);
+	}
+
+}
--- a/security-with-jwt/src/main/java/kr/pe/elex/examples/JwtInterceptor.java
+++ b/security-with-jwt/src/main/java/kr/pe/elex/examples/JwtInterceptor.java
@@ -0,0 +1,34 @@
+package kr.pe.elex.examples;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@Slf4j
+//@Component
+@Deprecated
+public class JwtInterceptor implements HandlerInterceptor {
+	@Autowired
+	private JwtService jwtService;
+
+	@Override
+	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+		//final HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+		log.info("Interceptor Triggered!! {}", getClass().getName());
+		final String authHeader = request.getHeader("Authorization");
+		if (null != authHeader) {
+			Authentication authentication = jwtService.getAuthentication(authHeader);
+			SecurityContextHolder.getContext().setAuthentication(authentication);
+		}
+		return true;
+		//return HandlerInterceptor.super.preHandle(request, response, handler);
+	}
+
+}
--- a/security-with-jwt/src/main/java/kr/pe/elex/examples/SampleInterceptor.java
+++ b/security-with-jwt/src/main/java/kr/pe/elex/examples/SampleInterceptor.java
@@ -0,0 +1,18 @@
+package kr.pe.elex.examples;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@Slf4j
+@Component
+public class SampleInterceptor implements HandlerInterceptor {
+	@Override
+	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+		log.info("Interceptor triggered!!! {}", getClass().getName());
+		return true;
+	}
+}
--- a/security-with-jwt/src/main/java/kr/pe/elex/examples/SecurityConfig.java
+++ b/security-with-jwt/src/main/java/kr/pe/elex/examples/SecurityConfig.java
@@ -37,7 +37,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 		http.authorizeRequests()
 				.antMatchers("/", "/info", "/h2-console").permitAll() // 아무나 접근 가능
 				.antMatchers("/h2-console/**").permitAll() // H2콘솔을 쓰기 위해 추가했음
-				.antMatchers("/api/signin").permitAll()
+				.antMatchers("/api/signin", "/hello/**").permitAll()
 				.antMatchers("/api/**").authenticated()

 				//.antMatchers("/admin").hasAnyRole("ADMIN")
@@ -62,6 +62,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 				.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
 				.sessionManagement()
 				.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+
 		;

 	}
--- a/security-with-jwt/src/main/java/kr/pe/elex/examples/WebConfig.java
+++ b/security-with-jwt/src/main/java/kr/pe/elex/examples/WebConfig.java
@@ -13,12 +13,17 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.core.Authentication;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Slf4j
@Configuration
+@EnableWebMvc
 public class WebConfig implements WebMvcConfigurer {
+	//@Autowired
+	//private JwtInterceptor jwtInterceptor;
 	/*
 	@Override
 	public void addViewControllers(@NotNull ViewControllerRegistry registry) {
@@ -26,4 +31,17 @@ public class WebConfig implements WebMvcConfigurer {
 	}
 	*/

+	@Override
+	public void addInterceptors(InterceptorRegistry registry) {
+		//WebMvcConfigurer.super.addInterceptors(registry);
+		//registry.addInterceptor(jwtInterceptor)
+				//.pathMatcher(new AntPathMatcher())
+				//.addPathPatterns("/**")
+				//.excludePathPatterns("/api/signin")
+		;
+		//registry.addInterceptor(new SampleInterceptor())
+		//		.addPathPatterns("/hello/**")
+				//.pathMatcher(new AntPathMatcher())
+		;
+	}
 }