refactor: 시큐리티 및 토큰 코드 리팩토링

- 토큰 전체 코드 리팩토링 - 시큐리티 토큰으로 도메인명 변경 - 몇몇 잘못된 설정 변경 Related to: #95
prgrms-be-devcourse · Oct 7, 2024 · 5016341 · 5016341
1 parent f44bd5c
commit 5016341
Show file tree

Hide file tree

Showing 19 changed files with 427 additions and 291 deletions.
diff --git a/...2/java/bitta/security/SecurityConfig.java → ...a/bitta/global/config/SecurityConfig.java b/...2/java/bitta/security/SecurityConfig.java → ...a/bitta/global/config/SecurityConfig.java
@@ -1,5 +1,7 @@
-package com.prgrms2.java.bitta.security;
+package com.prgrms2.java.bitta.global.config;
 
+import com.prgrms2.java.bitta.token.filter.TokenAuthenticationFilter;
+import com.prgrms2.java.bitta.token.util.TokenProvider;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -20,11 +22,10 @@
 @EnableWebSecurity
 @RequiredArgsConstructor
 public class SecurityConfig {
-
-    private final JwtTokenProvider jwtTokenProvider;
+    private final TokenProvider tokenProvider;
 
     @Bean
-    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
+    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
         return httpSecurity
                 .httpBasic(basic -> basic.disable())
                 .csrf(csrf -> csrf.disable())
@@ -36,7 +37,7 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti
                         .requestMatchers("/v3/api-docs/**", "/swagger-ui.html", "/swagger-ui/**", "/webjars/**").permitAll()
                         .requestMatchers("/images/**").permitAll()
                         .anyRequest().authenticated())
-                .addFilterBefore(new JwtAuthenticationFilter(jwtTokenProvider), UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(new TokenAuthenticationFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class)
                 .build();
     }
 
@@ -68,7 +69,6 @@ public CorsConfigurationSource corsConfigurationSource() {
 
     @Bean
     public PasswordEncoder passwordEncoder() {
-        // BCrypt Encoder 사용
         return PasswordEncoderFactories.createDelegatingPasswordEncoder();
     }
 

diff --git a/src/main/java/com/prgrms2/java/bitta/global/exception/AuthenticationException.java b/src/main/java/com/prgrms2/java/bitta/global/exception/AuthenticationException.java
@@ -0,0 +1,15 @@
+package com.prgrms2.java.bitta.global.exception;
+
+public enum AuthenticationException {
+    CANNOT_ACCESS(403, "해당 API에 대한 액세스 권한이 없습니다.");
+
+    private AuthenticationTaskException authenticationTaskException;
+
+    AuthenticationException(int code, String message) {
+        authenticationTaskException = new AuthenticationTaskException(code, message);
+    }
+
+    public AuthenticationTaskException get() {
+        return authenticationTaskException;
+    }
+}
diff --git a/src/main/java/com/prgrms2/java/bitta/global/exception/AuthenticationTaskException.java b/src/main/java/com/prgrms2/java/bitta/global/exception/AuthenticationTaskException.java
@@ -0,0 +1,11 @@
+package com.prgrms2.java.bitta.global.exception;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+@Getter
+@AllArgsConstructor
+public class AuthenticationTaskException extends RuntimeException {
+    private int code;
+    private String message;
+}
diff --git a/src/main/java/com/prgrms2/java/bitta/global/util/AuthenticationProvider.java b/src/main/java/com/prgrms2/java/bitta/global/util/AuthenticationProvider.java
@@ -0,0 +1,31 @@
+package com.prgrms2.java.bitta.global.util;
+
+import com.prgrms2.java.bitta.member.entity.Role;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.util.StringUtils;
+
+
+public class AuthenticationProvider {
+    public static String getUsername() {
+        final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+        if (authentication == null || authentication.getName() == null) {
+            throw new RuntimeException("No authentication information.");
+        }
+
+        return authentication.getName();
+    }
+
+    public static Role getRoles() {
+        final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+        if (authentication == null || authentication.getAuthorities().isEmpty()) {
+            throw new RuntimeException("");
+        }
+
+        String role = authentication.getAuthorities().iterator().next().getAuthority();
+
+        return Role.valueOf(role);
+    }
+}
diff --git a/src/main/java/com/prgrms2/java/bitta/member/controller/advice/TokenControllerAdvice.java b/src/main/java/com/prgrms2/java/bitta/member/controller/advice/TokenControllerAdvice.java
diff --git a/src/main/java/com/prgrms2/java/bitta/security/JwtAuthenticationFilter.java b/src/main/java/com/prgrms2/java/bitta/security/JwtAuthenticationFilter.java
diff --git a/src/main/java/com/prgrms2/java/bitta/security/JwtToken.java b/src/main/java/com/prgrms2/java/bitta/security/JwtToken.java
diff --git a/src/main/java/com/prgrms2/java/bitta/security/JwtTokenProvider.java b/src/main/java/com/prgrms2/java/bitta/security/JwtTokenProvider.java
diff --git a/src/main/java/com/prgrms2/java/bitta/security/dto/RefreshTokenRequestDTO.java b/src/main/java/com/prgrms2/java/bitta/security/dto/RefreshTokenRequestDTO.java
diff --git a/src/main/java/com/prgrms2/java/bitta/security/exception/GlobalExceptionHandler.java b/src/main/java/com/prgrms2/java/bitta/security/exception/GlobalExceptionHandler.java
diff --git a/src/main/java/com/prgrms2/java/bitta/security/exception/InvalidTokenException.java b/src/main/java/com/prgrms2/java/bitta/security/exception/InvalidTokenException.java