Implement jwt base

src/main/java/demo/api/jwt/JwtAccessDeniedHandler.java

@@ -0,0 +1,24 @@
+package demo.api.jwt;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+
+/**
+ * AccessDeniedHandler
+ *
+ * AuthenticationEntryPoint와 달리 AccessDeniedHandler는
+ * 유저 정보는 있으나, 엑세스 권한이 없는 경우 동작하는 친구이다.
+ */
+@Component
+public class JwtAccessDeniedHandler implements AccessDeniedHandler {
+
+  @Override
+  public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException, ServletException {
+    response.sendError(HttpServletResponse.SC_FORBIDDEN);
+  }
+}

src/main/java/demo/api/jwt/JwtAuthenticationEntryPoint.java

@@ -0,0 +1,34 @@
+package demo.api.jwt;
+
+import java.io.IOException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+/**
+ * AuthenticationEntryPoint
+ *
+ * 인증 과정에서 실패하거나 인증을 위한 헤더정보를 보내지 않은 경우
+ * 401(UnAuthorized) 에러가 발생하게 된다.
+ *
+ * Spring Security에서 인증되지 않은 사용자에 대한 접근 처리는 AuthenticationEntryPoint가 담당하는데,
+ * commence 메소드가 실행되어 처리된다.
+ */
+
+@Slf4j
+@Component
+public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
+  @Override
+  public void commence(
+      HttpServletRequest request,
+      HttpServletResponse response,
+      AuthenticationException e
+  ) throws IOException {
+    System.out.println(request.getRequestURI());
+    log.error("UnAuthorized -- message : " + e.getMessage()); // 로그를 남기고
+    response.sendRedirect("/user/signIn"); // 로그인 페이지로 리다이렉트되도록 하였다.
+  }
+}

src/main/java/demo/api/jwt/JwtTokenFilter.java

@@ -1,6 +1,6 @@
 package demo.api.jwt;
 
-import demo.api.jwt.exception.CustomException;
+import demo.api.exception.CustomException;
 import java.io.IOException;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
@@ -28,7 +28,7 @@ public class JwtTokenFilter extends OncePerRequestFilter {
     try {
       if (token != null && jwtTokenProvider.validateToken(token)) {
         Authentication auth = jwtTokenProvider.getAuthentication(token);
-        SecurityContextHolder.getContext().setAuthentication(auth);
+        SecurityContextHolder.getContext().setAuthentication(auth); // 정상 토큰이면 SecurityContext에 저장
       }
     } catch (CustomException ex) {
       //this is very important, since it guarantees the user is not authenticated at all

src/main/java/demo/api/jwt/JwtTokenProvider.java

@@ -1,31 +1,25 @@
 package demo.api.jwt;
 
-import demo.api.jwt.exception.CustomException;
+import demo.api.exception.CustomException;
 import io.jsonwebtoken.Claims;
-import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.JwtException;
 import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.MalformedJwtException;
-import java.util.Base64;
+import io.jsonwebtoken.SignatureAlgorithm;
 import java.util.Date;
 import javax.servlet.http.HttpServletRequest;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.stereotype.Component;
-import javax.annotation.PostConstruct;
 
 // 유저 정보로 JWT 토큰을 만들거나 토큰을 바탕으로 유저 정보를 가져옴
 @Component
 public class JwtTokenProvider {
-  /**
-   * THIS IS NOT A SECURE PRACTICE! For simplicity, we are storing a static key here. Ideally, in a
-   * microservices environment, this key would be kept on a config-server.
-   */
-  @Value("${jwt.token.open-secret-key}")
+  @Value("${jwt.token.secret-key}")
   private String secret_key;
 
   @Value("${jwt.token.expire-length}")
@@ -34,36 +28,44 @@ public class JwtTokenProvider {
   @Autowired
   private UserDetailsService userDetailsService;
 
-  @PostConstruct // 의존성 주입이 이루어진 후 초기화를 수행
-  protected void init() {
-    secret_key = Base64.getEncoder().encodeToString(secret_key.getBytes());
-  }
+  /**
+   * 적절한 설정을 통해 토큰을 생성하여 반환
+   * @param authentication
+   * @return
+   */
+  public String generateToken(Authentication authentication) {
 
-  public String createToken(String username, List<AppUserRole> appUserRoles) {
-
-    Claims claims = Jwts.claims().setSubject(username);
-    claims.put("auth", appUserRoles.stream().map(s -> new SimpleGrantedAuthority(s.getAuthority())).filter(Objects::nonNull).collect(Collectors.toList()));
+    Claims claims = Jwts.claims().setSubject(authentication.getName());
+//    claims.put("auth", appUserRoles.stream().map(s -> new SimpleGrantedAuthority(s.getAuthority())).filter(Objects::nonNull).collect(Collectors.toList()));
 
     Date now = new Date();
-    Date validity = new Date(now.getTime() + expire_time);
+    Date expiresIn = new Date(now.getTime() + expire_time);
 
     return Jwts.builder()
         .setClaims(claims)
         .setIssuedAt(now)
-        .setExpiration(validity)
+        .setExpiration(expiresIn)
         .signWith(SignatureAlgorithm.HS256, secret_key)
         .compact();
   }
 
+  /**
+   * 토큰으로부터 클레임을 만들고, 이를 통해 User 객체를 생성하여 Authentication 객체를 반환
+   * @param token
+   * @return
+   */
   public Authentication getAuthentication(String token) {
-    UserDetails userDetails = userDetailsService.loadUserByUsername(getUsername(token));
+    String username = Jwts.parser().setSigningKey(secret_key).parseClaimsJws(token).getBody().getSubject();
+    UserDetails userDetails = userDetailsService.loadUserByUsername(username);
+    
     return new UsernamePasswordAuthenticationToken(userDetails, "", userDetails.getAuthorities());
   }
 
-  public String getUsername(String token) {
-    return Jwts.parser().setSigningKey(secret_key).parseClaimsJws(token).getBody().getSubject();
-  }
-
+  /**
+   * http 헤더로부터 bearer 토큰을 가져옴.
+   * @param req
+   * @return
+   */
   public String resolveToken(HttpServletRequest req) {
     String bearerToken = req.getHeader("Authorization");
     if (bearerToken != null && bearerToken.startsWith("Bearer ")) {
@@ -72,6 +74,11 @@ public class JwtTokenProvider {
     return null;
   }
 
+  /**
+   * 토큰을 검증
+   * @param token
+   * @return
+   */
   public boolean validateToken(String token) {
     try {
       Jwts.parser().setSigningKey(secret_key).parseClaimsJws(token);

src/main/java/demo/api/jwt/exception/CustomException.java

@@ -1,26 +0,0 @@
-package demo.api.jwt.exception;
-
-import org.springframework.http.HttpStatus;
-
-public class CustomException extends RuntimeException {
-
-  private static final long serialVersionUID = 1L;
-
-  private final String message;
-  private final HttpStatus httpStatus;
-
-  public CustomException(String message, HttpStatus httpStatus) {
-    this.message = message;
-    this.httpStatus = httpStatus;
-  }
-
-  @Override
-  public String getMessage() {
-    return message;
-  }
-
-  public HttpStatus getHttpStatus() {
-    return httpStatus;
-  }
-
-}