문제점
package com.secondhand.config;
import com.secondhand.interceptor.LoginInterceptor;
import com.secondhand.user.login.JwtUtil;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
// TODO : CORS 학습 후 addMapping, allowedOrigin, allowedMethods 설정
@Configuration
@RequiredArgsConstructor
public class WebConfig implements WebMvcConfigurer {
private final JwtUtil jwtUtil;
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowedMethods("*");
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new LoginInterceptor(jwtUtil))
.addPathPatterns("/posts/**")
.excludePathPatterns("/posts");
}
}
해결
/**
* CreatePostInterceptor.class
*/
package com.secondhand.interceptor;
import com.secondhand.exception.login.ExpiredTokenException;
import com.secondhand.exception.login.ManipulatedTokenException;
import com.secondhand.exception.login.NoAuthorizationException;
import com.secondhand.exception.login.NoBearerException;
import com.secondhand.user.login.JwtUtil;
import lombok.RequiredArgsConstructor;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@RequiredArgsConstructor
public class CreatePostInterceptor implements HandlerInterceptor {
private final JwtUtil jwtUtil;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (request.getMethod().equals("POST")) {
if (request.getHeader("Authorization") == null) {
throw new NoAuthorizationException();
}
String token = request.getHeader("Authorization").split(" ")[1];
if (!request.getHeader("Authorization").split(" ")[0].equals("Bearer")) {
throw new NoBearerException();
}
if (!jwtUtil.validateTokenIsManipulated(token)) {
throw new ManipulatedTokenException();
}
if (!jwtUtil.validateTokenIsExpired(token)) {
throw new ExpiredTokenException();
}
}
return true;
}
}
/**
* LoginInterceptor.class
*/
package com.secondhand.interceptor;
import com.secondhand.exception.login.ExpiredTokenException;
import com.secondhand.exception.login.ManipulatedTokenException;
import com.secondhand.exception.login.NoAuthorizationException;
import com.secondhand.exception.login.NoBearerException;
import com.secondhand.user.login.JwtUtil;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Slf4j
@RequiredArgsConstructor
public class LoginInterceptor implements HandlerInterceptor {
private final JwtUtil jwtUtil;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
log.info("LoginInterceptor.preHandle");
log.info("request.getHeader(\\"Authorization\\") : {}", request.getHeader("Authorization"));
if (request.getHeader("Authorization") == null) {
throw new NoAuthorizationException();
}
log.info("request.getHeader(\\"Authorization\\").split(\\" \\")[0] : {}", request.getHeader("Authorization").split(" ")[0]);
String token = request.getHeader("Authorization").split(" ")[1];
if (!request.getHeader("Authorization").split(" ")[0].equals("Bearer")) {
throw new NoBearerException();
}
log.info("jwtUtil.validateTokenIsManipulated(token) : {}", jwtUtil.validateTokenIsManipulated(token));
if (!jwtUtil.validateTokenIsManipulated(token)) {
throw new ManipulatedTokenException();
}
if (!jwtUtil.validateTokenIsExpired(token)) {
throw new ExpiredTokenException();
}
return true;
}
}
/**
* WebConfig.class
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new LoginInterceptor(jwtUtil))
.addPathPatterns("/posts/**")
.excludePathPatterns("/posts");
registry.addInterceptor(new CreatePostInterceptor(jwtUtil))
.addPathPatterns("/posts");
}