diff --git a/src/main/java/com/permitseoul/permitserver/domain/admin/timetable/block/api/controller/AdminNotionTimetableBlockController.java b/src/main/java/com/permitseoul/permitserver/domain/admin/timetable/block/api/controller/AdminNotionTimetableBlockController.java index 1e122c2e..f57adf37 100644 --- a/src/main/java/com/permitseoul/permitserver/domain/admin/timetable/block/api/controller/AdminNotionTimetableBlockController.java +++ b/src/main/java/com/permitseoul/permitserver/domain/admin/timetable/block/api/controller/AdminNotionTimetableBlockController.java @@ -6,7 +6,6 @@ import com.permitseoul.permitserver.global.response.ApiResponseUtil; import com.permitseoul.permitserver.global.response.BaseResponse; import com.permitseoul.permitserver.global.response.code.SuccessCode; -import jakarta.validation.Valid; import lombok.RequiredArgsConstructor; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; diff --git a/src/main/java/com/permitseoul/permitserver/global/config/SecurityConfig.java b/src/main/java/com/permitseoul/permitserver/global/config/SecurityConfig.java index 2fde5db1..bcfdd5f1 100644 --- a/src/main/java/com/permitseoul/permitserver/global/config/SecurityConfig.java +++ b/src/main/java/com/permitseoul/permitserver/global/config/SecurityConfig.java @@ -26,7 +26,7 @@ public class SecurityConfig { private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint; private final ExceptionHandlerFilter exceptionHandlerFilter; - private static final String[] whiteURIList = { + private static final String[] whiteURIListNotUsingToken = { "/actuator/health", "/api/users/signup", "/api/users/login", @@ -34,8 +34,6 @@ public class SecurityConfig { "/api/events", "/api/events/detail/*", "/api/users/email-check", - "/api/events/*/timetables", - "/api/events/timetables/*", "/api/tickets/info/*", "/api/tickets/door/staff/confirm", "/api/tickets/door/validation/*", @@ -44,6 +42,11 @@ public class SecurityConfig { "/api/events/*/sitemap", }; + private static final String[] whiteURIListUsingToken = { + "/api/events/*/timetables", // userId 있으면 개인화 + "/api/events/timetables/*", // userId 있으면 개인화 + }; + private static final String[] adminURIList = { "/api/admin/**" }; @@ -70,17 +73,16 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti .csrf(AbstractHttpConfigurer::disable) .formLogin(AbstractHttpConfigurer::disable) .httpBasic(AbstractHttpConfigurer::disable) - .sessionManagement(sessionManagementConfigurer -> - sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) - .exceptionHandling(exceptionHandlingConfigurer -> - exceptionHandlingConfigurer.authenticationEntryPoint(jwtAuthenticationEntryPoint)) + .sessionManagement(sessionManagementConfigurer -> sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .exceptionHandling(exceptionHandlingConfigurer -> exceptionHandlingConfigurer.authenticationEntryPoint(jwtAuthenticationEntryPoint)) .authorizeHttpRequests(auth -> auth - .requestMatchers(whiteURIList).permitAll() // 로그인 상관 X - .requestMatchers(adminURIList).hasRole(UserRole.ADMIN.name()) // ADMIN 권한 필요 - .requestMatchers(staffURIList).hasAnyRole(UserRole.STAFF.name(), UserRole.ADMIN.name()) //staff 권한 이상 + .requestMatchers(adminURIList).hasRole(UserRole.ADMIN.name()) // ADMIN// 권한 필요 + .requestMatchers(staffURIList).hasAnyRole(UserRole.STAFF.name(), UserRole.ADMIN.name()) // staff 권한 이상 .requestMatchers(authRequiredURIList).authenticated() // 로그인 필수 - ) - .addFilterBefore(new JwtAuthenticationFilter(jwtProvider, List.of(whiteURIList)), UsernamePasswordAuthenticationFilter.class) + .requestMatchers(whiteURIListNotUsingToken).permitAll() // 로그인 상관 X + AccessToken 사용X + .requestMatchers(whiteURIListUsingToken).permitAll() // 로그인 상관 X + AccessToken 있으면 사용 + .anyRequest().denyAll()) + .addFilterBefore(new JwtAuthenticationFilter(jwtProvider, List.of(whiteURIListNotUsingToken), List.of(whiteURIListUsingToken)), UsernamePasswordAuthenticationFilter.class) .addFilterBefore(exceptionHandlerFilter, JwtAuthenticationFilter.class) .build(); } diff --git a/src/main/java/com/permitseoul/permitserver/global/filter/JwtAuthenticationFilter.java b/src/main/java/com/permitseoul/permitserver/global/filter/JwtAuthenticationFilter.java index c64bdda8..15fc239d 100644 --- a/src/main/java/com/permitseoul/permitserver/global/filter/JwtAuthenticationFilter.java +++ b/src/main/java/com/permitseoul/permitserver/global/filter/JwtAuthenticationFilter.java @@ -5,13 +5,11 @@ import com.permitseoul.permitserver.domain.auth.core.exception.AuthWrongJwtException; import com.permitseoul.permitserver.domain.auth.core.jwt.CookieExtractor; import com.permitseoul.permitserver.domain.auth.core.jwt.JwtProvider; -import com.permitseoul.permitserver.global.Constants; import com.permitseoul.permitserver.global.domain.CookieType; import com.permitseoul.permitserver.global.exception.FilterException; import com.permitseoul.permitserver.global.response.code.ErrorCode; import jakarta.servlet.FilterChain; import jakarta.servlet.ServletException; -import jakarta.servlet.http.Cookie; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import lombok.NonNull; @@ -26,38 +24,38 @@ import org.springframework.web.filter.OncePerRequestFilter; import java.io.IOException; -import java.util.Enumeration; import java.util.List; - @RequiredArgsConstructor @Slf4j public class JwtAuthenticationFilter extends OncePerRequestFilter { private final JwtProvider jwtProvider; - private final List whiteURIList; + private final List whiteURIListNotUsingToken; + private final List whiteURIListUsingToken; private final AntPathMatcher pathMatcher = new AntPathMatcher(); - private static final String REISSUE_URI = "/api/users/reissue"; - private static final String LOGIN_URI = "/api/users/login"; private static final String USER_ID_MDC_KEY = "user_id"; private static final String ANONYMOUS_USER_ID = "anonymous"; + @Override + protected boolean shouldNotFilter(@NonNull final HttpServletRequest request) { + return whiteURIListNotUsingToken.stream() + .anyMatch(pattern -> pathMatcher.match(pattern, request.getRequestURI())); + } + @Override protected void doFilterInternal(@NonNull final HttpServletRequest request, - @NonNull final HttpServletResponse response, - @NonNull final FilterChain filterChain) throws ServletException, IOException { + @NonNull final HttpServletResponse response, + @NonNull final FilterChain filterChain) throws ServletException, IOException { final String uri = request.getRequestURI(); try { MDC.put(USER_ID_MDC_KEY, ANONYMOUS_USER_ID); - if(isHealthCheckUri(uri) || isLoginOrReissue(uri)) { - filterChain.doFilter(request, response); - return; - } setAuthentication(request); filterChain.doFilter(request, response); } catch (AuthCookieException e) { - if(isWhiteListUrl(uri)) { - SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(null, null, null)); + if (isUsingTokenUrl(uri)) { + SecurityContextHolder.getContext().setAuthentication( + new UsernamePasswordAuthenticationToken(null, null, null)); filterChain.doFilter(request, response); } else { throw new FilterException(ErrorCode.NOT_FOUND_AT_COOKIE); @@ -69,14 +67,12 @@ protected void doFilterInternal(@NonNull final HttpServletRequest request, } catch (ServletException | IOException e) { log.error("[JWT Filter] unexpected error. ua={}", request.getHeader("User-Agent"), - e - ); + e); throw new FilterException(ErrorCode.INTERNAL_FILTER_ERROR); } catch (Exception e) { log.error("[JWT Filter] unexpected error. ua={}", request.getHeader("User-Agent"), - e - ); + e); throw new FilterException(ErrorCode.INTERNAL_SERVER_ERROR); } finally { MDC.remove(USER_ID_MDC_KEY); @@ -93,16 +89,7 @@ private void setAuthentication(final HttpServletRequest request) { new UsernamePasswordAuthenticationToken(userId, null, authorities)); } - private boolean isWhiteListUrl(final String requestURI) { - return whiteURIList.stream().anyMatch(pattern -> pathMatcher.match(pattern, requestURI)); - } - - private boolean isHealthCheckUri(final String uri) { - return pathMatcher.match(Constants.HEALTH_CHECK_URL, uri); - } - - private boolean isLoginOrReissue(final String uri) { - return pathMatcher.match(LOGIN_URI, uri) - || pathMatcher.match(REISSUE_URI, uri); + private boolean isUsingTokenUrl(final String requestURI) { + return whiteURIListUsingToken.stream().anyMatch(pattern -> pathMatcher.match(pattern, requestURI)); } } diff --git a/src/main/java/com/permitseoul/permitserver/global/filter/RequestObservabilityFilter.java b/src/main/java/com/permitseoul/permitserver/global/filter/RequestObservabilityFilter.java index afe00a8d..b5f8c6d0 100644 --- a/src/main/java/com/permitseoul/permitserver/global/filter/RequestObservabilityFilter.java +++ b/src/main/java/com/permitseoul/permitserver/global/filter/RequestObservabilityFilter.java @@ -18,7 +18,7 @@ @Component @Slf4j -//@Profile("!local") +@Profile("!local") @Order(Ordered.HIGHEST_PRECEDENCE) class RequestObservabilityFilter extends OncePerRequestFilter { private static final String NGINX_REQUEST_ID = "X-Request-ID";