[fix] 401, 403 에러 핸들러 추가 (#21)

src/main/java/com/nadoyagsa/pillaroid/common/controller/ResponseEntityExceptionHandler.java

@@ -4,6 +4,7 @@
 import java.time.format.DateTimeParseException;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
+import com.nadoyagsa.pillaroid.common.exception.ForbiddenException;
 import com.nadoyagsa.pillaroid.common.exception.InternalServerException;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.MethodArgumentNotValidException;
@@ -17,6 +18,7 @@
 import com.nadoyagsa.pillaroid.common.exception.BadRequestException;
 import com.nadoyagsa.pillaroid.common.exception.ErrorCode;
 import com.nadoyagsa.pillaroid.common.exception.NotFoundException;
+import com.nadoyagsa.pillaroid.common.exception.UnauthorizedException;
 
 import lombok.extern.slf4j.Slf4j;
 
@@ -30,6 +32,43 @@ protected ApiResponse badRequestError(BadRequestException ex) {
 		return ApiResponse.error(ex.getErrorCode());
 	}
 
+	@ResponseStatus(value = HttpStatus.BAD_REQUEST)
+	@ExceptionHandler(value = {MethodArgumentTypeMismatchException.class})
+	protected ApiResponse methodArgumentTypeMismatchError(MethodArgumentTypeMismatchException ex) {
+		log.info(ex.getMessage());
+		return ApiResponse.error(ErrorCode.BAD_PARAMETER_TYPE);
+	}
+
+	// 유효성 검사 실패 시
+	@ResponseStatus(value = HttpStatus.BAD_REQUEST)
+	@ExceptionHandler(value = {MethodArgumentNotValidException.class})
+	protected ApiResponse methodArgumetNotValidError(MethodArgumentNotValidException ex) {
+		log.info(ex.getMessage());
+		return ApiResponse.error(ErrorCode.BAD_PARAMETER, ex.getBindingResult().getAllErrors().get(0).getDefaultMessage());
+	}
+
+	// JSON 직렬화, 역직렬화 실패 (ex. 타입 변환 실패)
+	@ResponseStatus(value = HttpStatus.BAD_REQUEST)
+	@ExceptionHandler(value = {JsonProcessingException.class})
+	protected ApiResponse jsonProcessingError(JsonProcessingException ex) {
+		log.info(ex.getMessage());
+		return ApiResponse.error(ErrorCode.BAD_PARAMETER);
+	}
+
+	@ResponseStatus(value = HttpStatus.UNAUTHORIZED)
+	@ExceptionHandler(value = {UnauthorizedException.class})
+	protected ApiResponse unauthorizedError(UnauthorizedException ex) {
+		log.info(ex.getErrorCode().getDetail());
+		return ApiResponse.error(ex.getErrorCode());
+	}
+
+	@ResponseStatus(value = HttpStatus.FORBIDDEN)
+	@ExceptionHandler(value = {ForbiddenException.class})
+	protected ApiResponse forbiddenError(ForbiddenException ex) {
+		log.info(ex.getErrorCode().getDetail());
+		return ApiResponse.error(ex.getErrorCode());
+	}
+
 	@ResponseStatus(value = HttpStatus.NOT_FOUND)
 	@ExceptionHandler(value = {NotFoundException.class})
 	protected ApiResponse notFoundError(NotFoundException ex) {
@@ -50,27 +89,4 @@ protected ApiResponse IOError(IOException ex) {
 		log.error(ex.getMessage());
 		return ApiResponse.error(ErrorCode.INTERNAL_ERROR);
 	}
-
-	@ResponseStatus(value = HttpStatus.BAD_REQUEST)
-	@ExceptionHandler(value = {MethodArgumentTypeMismatchException.class})
-	protected ApiResponse methodArgumentTypeMismatchError(MethodArgumentTypeMismatchException ex) {
-		log.error(ex.getMessage());
-		return ApiResponse.error(ErrorCode.BAD_PARAMETER_TYPE);
-	}
-
-	// 유효성 검사 실패 시
-	@ResponseStatus(value = HttpStatus.BAD_REQUEST)
-	@ExceptionHandler(value = {MethodArgumentNotValidException.class})
-	protected ApiResponse methodArgumetNotValidException(MethodArgumentNotValidException ex) {
-		log.error(ex.getMessage());
-		return ApiResponse.error(ErrorCode.BAD_PARAMETER, ex.getBindingResult().getAllErrors().get(0).getDefaultMessage());
-	}
-
-	// JSON 직렬화, 역직렬화 실패 (ex. 타입 변환 실패)
-	@ResponseStatus(value = HttpStatus.BAD_REQUEST)
-	@ExceptionHandler(value = {JsonProcessingException.class})
-	protected ApiResponse jsonProcessingException(JsonProcessingException ex) {
-		log.error(ex.getMessage());
-		return ApiResponse.error(ErrorCode.BAD_PARAMETER);
-	}
 }

src/main/java/com/nadoyagsa/pillaroid/common/exception/ErrorCode.java

@@ -18,6 +18,9 @@ public enum ErrorCode {
 	/* 401 UNAUTHORIZED: 인증 자격 없음 */
 	UNAUTHORIZED_USER(401, UNAUTHORIZED, "인증된 사용자가 아닙니다."),
 
+	/* 403 FORBIDDEN: 권한 없음 */
+	DELETE_FORBIDDEN(40301, FORBIDDEN, "삭제할 권한이 없습니다."),
+
 	/* 404 NOT_FOUND : Resource 를 찾을 수 없음 */
 	DATA_NOT_FOUND(40403, NOT_FOUND, "해당 정보가 없습니다."),
 	BARCODE_NOT_FOUND(40401, NOT_FOUND, "해당 바코드에 대한 정보가 없습니다."),

src/main/java/com/nadoyagsa/pillaroid/common/exception/ForbiddenException.java

@@ -0,0 +1,14 @@
+package com.nadoyagsa.pillaroid.common.exception;
+
+import lombok.RequiredArgsConstructor;
+
+@RequiredArgsConstructor
+public class ForbiddenException extends Exception {
+	public static final ForbiddenException deleteForbidden = new ForbiddenException(ErrorCode.DELETE_FORBIDDEN);
+
+	private final ErrorCode errorCode;
+
+	public ErrorCode getErrorCode() {
+		return errorCode;
+	}
+}

src/main/java/com/nadoyagsa/pillaroid/jwt/AuthInterceptor.java

@@ -8,6 +8,8 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import com.nadoyagsa.pillaroid.common.exception.UnauthorizedException;
+
 @Component
 public class AuthInterceptor implements HandlerInterceptor {
     private final AuthTokenProvider authTokenProvider;
@@ -18,13 +20,12 @@ public AuthInterceptor(AuthTokenProvider authTokenProvider) {
     }
 
     @Override
-    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
         String token = request.getHeader("authorization");
         if (token != null && authTokenProvider.validateToken(token)) {
             return true;
         } else {
-            response.setStatus(HttpStatus.UNAUTHORIZED.value());
-            return false;
+            throw UnauthorizedException.UNAUTHORIZED_USER;
         }
     }
 }