[#17] modify: Filter 내용 수정

- Request Content-Type 조건 추가 - logger 내용 제거
2022-11-01 03:16:03 +09:00
parent 78648ec47d
commit 1852098bf4
1 changed files with 9 additions and 13 deletions
--- a/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/common/security/ApiAuthenticationFilter.kt
+++ b/dongne-account-api/src/main/kotlin/io/beaniejoy/dongnecafe/common/security/ApiAuthenticationFilter.kt
@@ -2,8 +2,8 @@ package io.beaniejoy.dongnecafe.common.security

 import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper
 import io.beaniejoy.dongnecafe.domain.member.model.request.SignInRequest
-import mu.KotlinLogging
 import org.springframework.http.HttpMethod
+import org.springframework.http.MediaType
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.core.Authentication
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
@@ -15,19 +15,14 @@ import javax.servlet.http.HttpServletResponse
 class ApiAuthenticationFilter(requestMatcher: AntPathRequestMatcher) :
    AbstractAuthenticationProcessingFilter(requestMatcher) {

-    private val log = KotlinLogging.logger {}
-
    private val objectMapper = jacksonObjectMapper()

    override fun attemptAuthentication(
        request: HttpServletRequest,
        response: HttpServletResponse,
    ): Authentication {
-        log.info { "[API Filter] attempt to authenticate" }
-        if (isPostMethod(request).not()) {
-            val errorMsg = "Authentication is not supported (only support for POST method)"
-            log.error { errorMsg }
-            throw IllegalStateException(errorMsg)
+        if (isValidRequest(request).not()) {
+            throw IllegalStateException("request is not supported. check request method and content-type")
        }

        val signInRequest = objectMapper.readValue(request.reader, SignInRequest::class.java)
@@ -35,23 +30,24 @@ class ApiAuthenticationFilter(requestMatcher: AntPathRequestMatcher) :

        val token = signInRequest.let {
            if (StringUtils.hasText(it.email).not() || StringUtils.hasText(it.password).not()) {
-                log.error { "Email(${it.email}) & Password are not empty" }
                throw IllegalArgumentException("Email & Password are not empty!!")
            }

            UsernamePasswordAuthenticationToken(it.email, it.password)
        }

-        val authenticate = authenticationManager.authenticate(token)
-        logger.info("attempt authentication ${authenticate.principal}")
-        return authenticate
+        return authenticationManager.authenticate(token)
    }

-    private fun isPostMethod(request: HttpServletRequest): Boolean {
+    private fun isValidRequest(request: HttpServletRequest): Boolean {
        if (request.method != HttpMethod.POST.name) {
            return false
        }

+        if (request.contentType != MediaType.APPLICATION_JSON_VALUE) {
+            return false
+        }
+
        return true
    }
 }