fix: change for null password

Food-GO · Jul 28, 2024 · f03c654 · f03c654
1 parent 55d3740
commit f03c654
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 51 deletions.
diff --git a/core-module/src/main/java/com/foodgo/coremodule/security/config/SecurityConfig.java b/core-module/src/main/java/com/foodgo/coremodule/security/config/SecurityConfig.java
@@ -7,6 +7,7 @@
 import com.foodgo.coremodule.security.filter.CustomLogoutHandler;
 import com.foodgo.coremodule.security.filter.JwtAuthenticationFilter;
 import com.foodgo.coremodule.security.filter.JwtExceptionFilter;
+import com.foodgo.coremodule.security.user.CustomUserDetailsService;
 import com.foodgo.coremodule.security.util.JwtUtil;
 import com.foodgo.commonmodule.redis.util.RedisUtil;
 import com.foodgo.commonmodule.jwt.exception.JwtAccessDeniedHandler;
@@ -44,6 +45,7 @@ public class SecurityConfig {
 
     private final AuthenticationConfiguration authenticationConfiguration;
 
+    private final CustomUserDetailsService userDetailsService;
     private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
     private final JwtAccessDeniedHandler jwtAccessDeniedHandler;
     private final JwtUtil jwtUtil;
@@ -106,7 +108,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
         // JwtExceptionFilter 사용
         http
-            .addFilterBefore(new JwtAuthenticationFilter(jwtUtil, redisUtil), CustomLoginFilter.class);
+            .addFilterBefore(new JwtAuthenticationFilter(jwtUtil, redisUtil, userDetailsService), CustomLoginFilter.class);
 
         http
             .addFilterBefore(new JwtExceptionFilter(), JwtAuthenticationFilter.class);

diff --git a/core-module/src/main/java/com/foodgo/coremodule/security/filter/JwtAuthenticationFilter.java b/core-module/src/main/java/com/foodgo/coremodule/security/filter/JwtAuthenticationFilter.java
@@ -1,9 +1,9 @@
 package com.foodgo.coremodule.security.filter;
 
 import com.foodgo.commonmodule.jwt.exception.SecurityCustomException;
-import com.foodgo.commonmodule.redis.util.RedisUtil;
 import com.foodgo.commonmodule.jwt.exception.SecurityErrorCode;
-import com.foodgo.coremodule.security.user.CustomUserDetails;
+import com.foodgo.commonmodule.redis.util.RedisUtil;
+import com.foodgo.coremodule.security.user.CustomUserDetailsService;
 import com.foodgo.coremodule.security.util.JwtUtil;
 import io.jsonwebtoken.ExpiredJwtException;
 import jakarta.servlet.FilterChain;
@@ -13,11 +13,11 @@
 import lombok.NonNull;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-
 import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import java.io.IOException;
@@ -26,60 +26,60 @@
 @RequiredArgsConstructor
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
-	private final JwtUtil jwtUtil;
-	private final RedisUtil redisUtil;
+    private final JwtUtil jwtUtil;
+    private final RedisUtil redisUtil;
+    private final CustomUserDetailsService userDetailsService;
 
-	@Override
-	protected void doFilterInternal(
-		@NonNull HttpServletRequest request,
-		@NonNull HttpServletResponse response,
-		@NonNull FilterChain filterChain
-	) throws ServletException, IOException {
-		log.info("[*] Jwt Filter");
+    @Override
+    protected void doFilterInternal(
+            @NonNull HttpServletRequest request,
+            @NonNull HttpServletResponse response,
+            @NonNull FilterChain filterChain
+    ) throws ServletException, IOException {
+        log.info("[*] Jwt Filter");
 
-		try {
-			String accessToken = jwtUtil.resolveAccessToken(request);
+        try {
+            String accessToken = jwtUtil.resolveAccessToken(request);
 
-			// accessToken 없이 접근할 경우
-			if (accessToken == null) {
-				filterChain.doFilter(request, response);
-				return;
-			}
+            // accessToken 없이 접근할 경우
+            if (accessToken == null) {
+                filterChain.doFilter(request, response);
+                return;
+            }
 
-			// logout 처리된 accessToken
-			if (redisUtil.get(accessToken) != null && redisUtil.get(accessToken).equals("logout")) {
-				log.info("[*] Logout accessToken");
-				filterChain.doFilter(request, response);
-				return;
-			}
+            // logout 처리된 accessToken
+            if (redisUtil.get(accessToken) != null && redisUtil.get(accessToken).equals("logout")) {
+                log.info("[*] Logout accessToken");
+                filterChain.doFilter(request, response);
+                return;
+            }
 
-			log.info("[*] Authorization with Token");
-			authenticateAccessToken(accessToken);
-			filterChain.doFilter(request, response);
-		} catch (ExpiredJwtException e) {
-			log.warn("[*] case : accessToken Expired");
-			throw new SecurityCustomException(SecurityErrorCode.TOKEN_EXPIRED);
-		} catch (InsufficientAuthenticationException e) {
-			log.warn("[*] case : FORBIDDEN");
-			throw new SecurityCustomException(SecurityErrorCode.FORBIDDEN);
-		}
-	}
+            log.info("[*] Authorization with Token");
+            authenticateAccessToken(accessToken);
+            filterChain.doFilter(request, response);
+        } catch (ExpiredJwtException e) {
+            log.warn("[*] case : accessToken Expired");
+            throw new SecurityCustomException(SecurityErrorCode.TOKEN_EXPIRED);
+        } catch (InsufficientAuthenticationException e) {
+            log.warn("[*] case : FORBIDDEN");
+            throw new SecurityCustomException(SecurityErrorCode.FORBIDDEN);
+        }
+    }
 
-	private void authenticateAccessToken(String accessToken) {
-		CustomUserDetails userDetails = new CustomUserDetails(
-			jwtUtil.getUsername(accessToken),
-			null
-		);
+    private void authenticateAccessToken(String accessToken) {
+        String username = jwtUtil.getUsername(accessToken);
+        UserDetails userDetails = userDetailsService.loadUserByUsername(username);
 
-		log.info("[*] Authority Registration");
+        log.info("[*] Authority Registration");
 
-		// 스프링 시큐리티 인증 토큰 생성
-		Authentication authToken = new UsernamePasswordAuthenticationToken(
-			userDetails,
-			null,
-			userDetails.getAuthorities());
+        // 스프링 시큐리티 인증 토큰 생성
+        Authentication authToken = new UsernamePasswordAuthenticationToken(
+                userDetails,
+                null,
+                userDetails.getAuthorities());
 
-		// 컨텍스트 홀더에 저장
-		SecurityContextHolder.getContext().setAuthentication(authToken);
-	}
+        // 컨텍스트 홀더에 저장
+        SecurityContextHolder.getContext().setAuthentication(authToken);
+    }
 }
+