From 241b26c2411dc5e92d1c793fb5a99c6edda81ed9 Mon Sep 17 00:00:00 2001 From: suhhyun <97878992+suhhyun524@users.noreply.github.com> Date: Sat, 12 Aug 2023 17:38:59 +0900 Subject: [PATCH] =?UTF-8?q?[add]=20=EC=9E=84=EC=8B=9C=EC=96=B4=EB=93=9C?= =?UTF-8?q?=EB=AF=BC=20=EB=A1=9C=EA=B7=B8=EC=9D=B8=20=EC=B0=A8=EB=8B=A8=20?= =?UTF-8?q?(#141)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [refact] 에러 이름 변경 #140 * [refact] 에러 이름 변경 #140 * [refact] url 변경 #140 * [add] 권한 확인 메서드 추가 #140 --- .../ceos/backend/domain/admin/helper/AdminHelper.java | 8 ++++++++ .../ceos/backend/domain/admin/service/AdminService.java | 2 ++ .../ceos/backend/global/config/WebSecurityConfig.java | 2 +- .../backend/global/config/jwt/JwtAccessDeniedHandler.java | 5 ++--- .../{ForbiddenAdminException.java => ForbiddenAdmin.java} | 6 +++--- 5 files changed, 16 insertions(+), 7 deletions(-) rename src/main/java/ceos/backend/global/error/exception/{ForbiddenAdminException.java => ForbiddenAdmin.java} (68%) diff --git a/src/main/java/ceos/backend/domain/admin/helper/AdminHelper.java b/src/main/java/ceos/backend/domain/admin/helper/AdminHelper.java index 612d1505..08a86a59 100644 --- a/src/main/java/ceos/backend/domain/admin/helper/AdminHelper.java +++ b/src/main/java/ceos/backend/domain/admin/helper/AdminHelper.java @@ -1,5 +1,6 @@ package ceos.backend.domain.admin.helper; +import static ceos.backend.domain.admin.domain.AdminRole.ROLE_ANONYMOUS; import ceos.backend.domain.admin.domain.Admin; import ceos.backend.domain.admin.domain.AdminRole; @@ -14,6 +15,7 @@ import ceos.backend.global.common.dto.AwsSESPasswordMail; import ceos.backend.global.common.event.Event; import ceos.backend.global.config.user.AdminDetailsService; +import ceos.backend.global.error.exception.ForbiddenAdmin; import lombok.RequiredArgsConstructor; import org.apache.commons.lang3.RandomStringUtils; import org.springframework.data.redis.core.RedisTemplate; @@ -161,6 +163,12 @@ public Admin findAdmin(Long adminId) { }); } + public void checkRole(Admin admin) { + if (admin.getRole().equals(ROLE_ANONYMOUS)) { + throw ForbiddenAdmin.EXCEPTION; + } + } + public void changeRole(Admin admin, AdminRole adminRole) { admin.updateRole(adminRole); } diff --git a/src/main/java/ceos/backend/domain/admin/service/AdminService.java b/src/main/java/ceos/backend/domain/admin/service/AdminService.java index 943a362d..5d1fe23b 100644 --- a/src/main/java/ceos/backend/domain/admin/service/AdminService.java +++ b/src/main/java/ceos/backend/domain/admin/service/AdminService.java @@ -56,6 +56,8 @@ public TokenResponse signIn(SignInRequest signInRequest) { final Admin admin = adminHelper.findForSignIn(signInRequest); final Authentication authentication = adminHelper.adminAuthorizationInput(admin); + adminHelper.checkRole(admin); + // 토큰 발급 final String accessToken = tokenProvider.createAccessToken(admin.getId(), authentication); final String refreshToken = tokenProvider.createRefreshToken(admin.getId(), authentication); diff --git a/src/main/java/ceos/backend/global/config/WebSecurityConfig.java b/src/main/java/ceos/backend/global/config/WebSecurityConfig.java index 152cc3b9..3760e101 100644 --- a/src/main/java/ceos/backend/global/config/WebSecurityConfig.java +++ b/src/main/java/ceos/backend/global/config/WebSecurityConfig.java @@ -50,7 +50,7 @@ public class WebSecurityConfig { }; private final String[] AdminPatterns = { - "/admin/login", + "/admin/signin", "/admin/newpassword", "/admin/logout", "/applications/**", diff --git a/src/main/java/ceos/backend/global/config/jwt/JwtAccessDeniedHandler.java b/src/main/java/ceos/backend/global/config/jwt/JwtAccessDeniedHandler.java index bb759fee..288845e4 100644 --- a/src/main/java/ceos/backend/global/config/jwt/JwtAccessDeniedHandler.java +++ b/src/main/java/ceos/backend/global/config/jwt/JwtAccessDeniedHandler.java @@ -3,7 +3,7 @@ import ceos.backend.global.error.BaseErrorCode; import ceos.backend.global.error.ErrorResponse; -import ceos.backend.global.error.exception.ForbiddenAdminException; +import ceos.backend.global.error.exception.ForbiddenAdmin; import com.fasterxml.jackson.databind.ObjectMapper; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; @@ -26,8 +26,7 @@ public void handle( HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException { - responseToClient( - response, getErrorResponse(ForbiddenAdminException.EXCEPTION.getErrorCode())); + responseToClient(response, getErrorResponse(ForbiddenAdmin.EXCEPTION.getErrorCode())); } private ErrorResponse getErrorResponse(BaseErrorCode errorCode) { diff --git a/src/main/java/ceos/backend/global/error/exception/ForbiddenAdminException.java b/src/main/java/ceos/backend/global/error/exception/ForbiddenAdmin.java similarity index 68% rename from src/main/java/ceos/backend/global/error/exception/ForbiddenAdminException.java rename to src/main/java/ceos/backend/global/error/exception/ForbiddenAdmin.java index 780438e5..13e98283 100644 --- a/src/main/java/ceos/backend/global/error/exception/ForbiddenAdminException.java +++ b/src/main/java/ceos/backend/global/error/exception/ForbiddenAdmin.java @@ -4,11 +4,11 @@ import ceos.backend.global.error.BaseErrorException; import ceos.backend.global.error.GlobalErrorCode; -public class ForbiddenAdminException extends BaseErrorException { +public class ForbiddenAdmin extends BaseErrorException { - public static final BaseErrorException EXCEPTION = new ForbiddenAdminException(); + public static final BaseErrorException EXCEPTION = new ForbiddenAdmin(); - private ForbiddenAdminException() { + private ForbiddenAdmin() { super(GlobalErrorCode.FORBIDDEN_ADMIN); } }