-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
27 changed files
with
694 additions
and
49 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
16 changes: 16 additions & 0 deletions
16
src/main/java/com/ewhatever/qna/common/config/WebConfiguration.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
package com.ewhatever.qna.common.config; | ||
|
||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.web.servlet.config.annotation.CorsRegistry; | ||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; | ||
|
||
@Configuration | ||
public class WebConfiguration implements WebMvcConfigurer { | ||
|
||
@Override | ||
public void addCorsMappings(CorsRegistry registry) { | ||
registry.addMapping("/**") | ||
.allowedOrigins("http://localhost:3000") //TODO : 프론트 베포 URL 추가 | ||
.allowedMethods("GET", "POST", "PATCH", "PUT", "DELETE"); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,9 @@ | ||
package com.ewhatever.qna.common.enums; | ||
|
||
public enum Role { | ||
SINY, JUNY | ||
SINY, JUNY; | ||
private static final String PREFIX = "ROLE_"; | ||
public String getAuthority(){ | ||
return PREFIX + this.name(); | ||
} | ||
} |
64 changes: 64 additions & 0 deletions
64
src/main/java/com/ewhatever/qna/login/JwtAuthProvider.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
package com.ewhatever.qna.login; | ||
|
||
import com.ewhatever.qna.common.Base.BaseException; | ||
import com.ewhatever.qna.login.dto.JwtTokenDto; | ||
import io.jsonwebtoken.Claims; | ||
import lombok.RequiredArgsConstructor; | ||
import org.springframework.stereotype.Component; | ||
import org.springframework.util.StringUtils; | ||
|
||
@Component | ||
@RequiredArgsConstructor | ||
public class JwtAuthProvider { | ||
|
||
//private final UserDetailsService userDetailsService; | ||
private final JwtIssuer jwtIssuer; | ||
|
||
// 인증용 | ||
public boolean validateToken(String token) throws BaseException { | ||
if (!StringUtils.hasText(token)) { | ||
return false; | ||
} | ||
Claims claims = jwtIssuer.getClaims(token); | ||
if (claims == null) { | ||
return false; | ||
} | ||
|
||
/* | ||
* 추가 검증 로직 | ||
*/ | ||
|
||
return true; | ||
} | ||
|
||
// 재발급용 | ||
public boolean validateToken(JwtTokenDto jwtDto) throws BaseException { | ||
if (!StringUtils.hasText(jwtDto.getAccessToken()) | ||
|| !StringUtils.hasText(jwtDto.getRefreshToken())) { | ||
return false; | ||
} | ||
|
||
Claims accessClaims = jwtIssuer.getClaims(jwtDto.getAccessToken()); | ||
Claims refreshClaims = jwtIssuer.getClaims(jwtDto.getRefreshToken()); | ||
|
||
/* | ||
* 추가 검증 로직 | ||
*/ | ||
|
||
return accessClaims != null && refreshClaims != null | ||
&& jwtIssuer.getSubject(accessClaims).equals(jwtIssuer.getSubject(refreshClaims)); | ||
} | ||
|
||
|
||
//TODO : userIdxStr 수정 | ||
/* | ||
public Authentication getAuthentication(String token) throws BaseException { | ||
Claims claims = jwtIssuer.getClaims(token); | ||
String userIdxStr = jwtIssuer.getSubject(claims); | ||
UserDetails userDetails = userDetailsService.loadUserByUsername(userIdxStr); | ||
return new UsernamePasswordAuthenticationToken(userDetails, null, | ||
userDetails.getAuthorities()); | ||
}*/ | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
/*package com.ewhatever.qna.login; | ||
import com.ewhatever.qna.common.Base.BaseException; | ||
import jakarta.servlet.FilterChain; | ||
import jakarta.servlet.ServletException; | ||
import jakarta.servlet.http.HttpServletRequest; | ||
import jakarta.servlet.http.HttpServletResponse; | ||
import lombok.RequiredArgsConstructor; | ||
import org.springframework.security.core.Authentication; | ||
import org.springframework.security.core.context.SecurityContextHolder; | ||
import org.springframework.stereotype.Component; | ||
import org.springframework.util.ObjectUtils; | ||
import org.springframework.util.StringUtils; | ||
import org.springframework.web.filter.OncePerRequestFilter; | ||
import java.io.IOException; | ||
@Component | ||
@RequiredArgsConstructor | ||
public class JwtFilter extends OncePerRequestFilter { | ||
private final JwtAuthProvider jwtAuthProvider; | ||
public static final String JWT_HEADER_KEY = "Authorization"; | ||
@Override | ||
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, | ||
FilterChain filterChain) throws ServletException, IOException { | ||
String token = resolveTokenFromRequest(request); | ||
if (!StringUtils.hasText(token)) { | ||
filterChain.doFilter(request, response); | ||
return; | ||
} | ||
try { | ||
if (jwtAuthProvider.validateToken(token)) { | ||
Authentication auth = jwtAuthProvider.getAuthentication(token); | ||
SecurityContextHolder.getContext().setAuthentication(auth); | ||
} | ||
} catch (BaseException e) { | ||
throw new RuntimeException(e); | ||
} | ||
filterChain.doFilter(request, response); | ||
} | ||
private String resolveTokenFromRequest(HttpServletRequest request) { | ||
String token = request.getHeader(JWT_HEADER_KEY); | ||
if (!ObjectUtils.isEmpty(token)) { | ||
return token; | ||
} | ||
return null; | ||
} | ||
}*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
package com.ewhatever.qna.login; | ||
|
||
import com.ewhatever.qna.common.Base.BaseException; | ||
import com.ewhatever.qna.common.Base.BaseResponseStatus; | ||
import com.ewhatever.qna.login.dto.JwtTokenDto; | ||
import io.jsonwebtoken.Claims; | ||
import io.jsonwebtoken.ExpiredJwtException; | ||
import io.jsonwebtoken.Jwts; | ||
import io.jsonwebtoken.SignatureAlgorithm; | ||
import jakarta.annotation.PostConstruct; | ||
import lombok.RequiredArgsConstructor; | ||
import org.springframework.stereotype.Component; | ||
|
||
import java.util.Base64; | ||
import java.util.Date; | ||
|
||
@Component | ||
@RequiredArgsConstructor | ||
public class JwtIssuer { | ||
|
||
private static String SECRET_KEY = "secretKeyForJsonWebTokenTutorial"; | ||
public static final long EXPIRE_TIME = 1000 * 60 * 5; | ||
public static final long REFRESH_EXPIRE_TIME = 1000 * 60 * 15; | ||
public static final String ROLE = "role"; | ||
|
||
@PostConstruct | ||
void init(){ | ||
SECRET_KEY = Base64.getEncoder().encodeToString(SECRET_KEY.getBytes()); | ||
} | ||
|
||
public JwtTokenDto createToken(Long userIdx, String role) { | ||
Claims claims = Jwts.claims().setSubject(String.valueOf(userIdx)); | ||
claims.put(ROLE, role); | ||
|
||
Date now = new Date(); | ||
|
||
String accessToken = Jwts.builder() | ||
.setClaims(claims) | ||
.setIssuedAt(now) | ||
.setExpiration(new Date(now.getTime() + EXPIRE_TIME)) | ||
.signWith(SignatureAlgorithm.HS256, SECRET_KEY) | ||
.compact(); | ||
|
||
String refreshToken = Jwts.builder() | ||
.setClaims(claims) | ||
.setIssuedAt(now) | ||
.setExpiration(new Date(now.getTime() + REFRESH_EXPIRE_TIME)) | ||
.signWith(SignatureAlgorithm.HS256, SECRET_KEY) | ||
.compact(); | ||
|
||
return JwtTokenDto.builder() | ||
.accessToken(accessToken) | ||
.refreshToken(refreshToken) | ||
.build(); | ||
} | ||
|
||
public String getSubject(Claims claims) { | ||
return claims.getSubject(); | ||
} | ||
|
||
public Claims getClaims(String token) throws BaseException { | ||
Claims claims; | ||
try { | ||
claims = Jwts.parser().setSigningKey(SECRET_KEY).parseClaimsJws(token).getBody(); | ||
} catch (ExpiredJwtException e) { | ||
claims = e.getClaims(); | ||
} catch (Exception e) { | ||
//throw new BadCredentialsException("유효한 토큰이 아닙니다."); | ||
throw new BaseException(BaseResponseStatus.NO_VALID_TOKEN); | ||
} | ||
return claims; | ||
} | ||
|
||
} |
Oops, something went wrong.