next-step · sang-eun · Aug 15, 2022 · Aug 15, 2022 · Aug 15, 2022 · Aug 15, 2022
diff --git a/src/main/java/nextstep/DataLoader.java b/src/main/java/nextstep/DataLoader.java
@@ -1,16 +1,8 @@
 package nextstep;
 
 import lombok.AllArgsConstructor;
-import nextstep.member.application.LoginMemberService;
-import nextstep.member.application.MemberService;
-import nextstep.member.application.dto.MemberRequest;
-import nextstep.member.domain.Member;
 import nextstep.member.domain.MemberRepository;
-import nextstep.member.domain.RoleType;
 import org.springframework.stereotype.Component;
-import org.springframework.transaction.annotation.Transactional;
-
-import java.util.List;
 
 @Component
 @AllArgsConstructor

diff --git a/src/main/java/nextstep/MemberData.java b/src/main/java/nextstep/MemberData.java
@@ -1,10 +1,7 @@
 package nextstep;
 
-import lombok.AllArgsConstructor;
 import nextstep.member.domain.Member;
-import nextstep.member.domain.MemberRepository;
 import nextstep.member.domain.RoleType;
-import org.springframework.stereotype.Component;
 
 import java.util.List;
 
@@ -17,6 +14,6 @@ public class MemberData {
     private static final String MEMBER_PASSWORD = "password";
     private static final int MEMBER_AGE = 20;
 
-    public static Member admin = new Member(ADMIN_EMAIL, ADMIN_PASSWORD, ADMIN_AGE, List.of(RoleType.ROLE_ADMIN.toString()));
-    public static Member member = new Member(MEMBER_EMAIL, MEMBER_PASSWORD, MEMBER_AGE, List.of(RoleType.ROLE_MEMBER.toString()));
+    public static Member admin = new Member(ADMIN_EMAIL, ADMIN_PASSWORD, ADMIN_AGE, List.of(RoleType.ROLE_ADMIN.name()));
+    public static Member member = new Member(MEMBER_EMAIL, MEMBER_PASSWORD, MEMBER_AGE, List.of(RoleType.ROLE_MEMBER.name()));
 }
diff --git a/src/main/java/nextstep/auth/AuthConfig.java b/src/main/java/nextstep/auth/AuthConfig.java
@@ -7,7 +7,7 @@
 import nextstep.auth.context.SecurityContextPersistenceFilter;
 import nextstep.auth.token.JwtTokenProvider;
 import nextstep.auth.token.TokenAuthenticationInterceptor;
-import nextstep.member.application.LoginMemberService;
+import nextstep.member.application.UserDetailsService;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@@ -16,20 +16,20 @@
 
 @Configuration
 public class AuthConfig implements WebMvcConfigurer {
-    private LoginMemberService loginMemberService;
+    private UserDetailsService userDetailsService;
     private JwtTokenProvider jwtTokenProvider;
 
-    public AuthConfig(LoginMemberService loginMemberService, JwtTokenProvider jwtTokenProvider) {
-        this.loginMemberService = loginMemberService;
+    public AuthConfig(UserDetailsService userDetailsService, JwtTokenProvider jwtTokenProvider) {
+        this.userDetailsService = userDetailsService;
         this.jwtTokenProvider = jwtTokenProvider;
     }
 
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(new SecurityContextPersistenceFilter());
-        registry.addInterceptor(new UsernamePasswordAuthenticationFilter(loginMemberService)).addPathPatterns("/login/form");
-        registry.addInterceptor(new TokenAuthenticationInterceptor(loginMemberService, jwtTokenProvider)).addPathPatterns("/login/token");
-        registry.addInterceptor(new BasicAuthenticationFilter(loginMemberService));
+        registry.addInterceptor(new UsernamePasswordAuthenticationFilter(userDetailsService)).addPathPatterns("/login/form");
+        registry.addInterceptor(new TokenAuthenticationInterceptor(userDetailsService, jwtTokenProvider)).addPathPatterns("/login/token");
+        registry.addInterceptor(new BasicAuthenticationFilter(userDetailsService));
         registry.addInterceptor(new BearerTokenAuthenticationFilter(jwtTokenProvider));
     }
 

diff --git a/src/main/java/nextstep/auth/authentication/AuthenticationToken.java b/src/main/java/nextstep/auth/authentication/AuthenticationToken.java
@@ -1,5 +1,8 @@
 package nextstep.auth.authentication;
 
+import lombok.EqualsAndHashCode;
+
+@EqualsAndHashCode
 public class AuthenticationToken {
     private String principal;
     private String credentials;

diff --git a/src/main/java/nextstep/auth/authentication/Authenticator.java b/src/main/java/nextstep/auth/authentication/Authenticator.java
@@ -0,0 +1,39 @@
+package nextstep.auth.authentication;
+
+import nextstep.member.application.UserDetailsService;
+import nextstep.member.domain.LoginMember;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+public abstract class Authenticator implements HandlerInterceptor {
+
+    private final UserDetailsService userDetailsService;
+
+    public Authenticator(UserDetailsService userDetailsService) {
+        this.userDetailsService = userDetailsService;
+    }
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws IOException {
+        AuthenticationToken token = convert(request);
+        LoginMember member = userDetailsService.loadUserByUsername(token.getPrincipal());
+
+        checkAuthentication(member, token.getCredentials());
+        authenticate(member, response);
+
+        return false;
+    }
+
+    abstract public AuthenticationToken convert(HttpServletRequest request) throws IOException;
+
+    abstract public void authenticate(LoginMember member, HttpServletResponse response) throws IOException;
+
+    private void checkAuthentication(LoginMember member, String password) {
+        if (!member.checkPassword(password)) {
+            throw new AuthenticationException();
+        }
+    }
+}
diff --git a/src/main/java/nextstep/auth/authentication/Authorizator.java b/src/main/java/nextstep/auth/authentication/Authorizator.java
@@ -0,0 +1,26 @@
+package nextstep.auth.authentication;
+
+import nextstep.auth.context.Authentication;
+import nextstep.auth.context.SecurityContextHolder;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public abstract class Authorizator implements HandlerInterceptor {
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+
+        try {
+            Authentication authentication = convert(request);
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+        } catch (RuntimeException e){
+            return true;
+        }
+
+        return true;
+    }
+
+    abstract public Authentication convert(HttpServletRequest request);
+}
diff --git a/src/main/java/nextstep/auth/authentication/BasicAuthenticationFilter.java b/src/main/java/nextstep/auth/authentication/BasicAuthenticationFilter.java
@@ -1,50 +1,45 @@
 package nextstep.auth.authentication;
 
 import nextstep.auth.context.Authentication;
-import nextstep.auth.context.SecurityContextHolder;
-import nextstep.member.application.LoginMemberService;
+import nextstep.member.application.UserDetailsService;
 import nextstep.member.domain.LoginMember;
 import org.apache.tomcat.util.codec.binary.Base64;
-import org.springframework.web.servlet.HandlerInterceptor;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 
-public class BasicAuthenticationFilter implements HandlerInterceptor {
-    private LoginMemberService loginMemberService;
+public class BasicAuthenticationFilter extends Authorizator {
 
-    public BasicAuthenticationFilter(LoginMemberService loginMemberService) {
-        this.loginMemberService = loginMemberService;
+    private final UserDetailsService userDetailsService;
+
+    public BasicAuthenticationFilter(UserDetailsService userDetailsService) {
+        this.userDetailsService = userDetailsService;
     }
 
     @Override
-    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
-        try {
-            String authCredentials = AuthorizationExtractor.extract(request, AuthorizationType.BASIC);
-            String authHeader = new String(Base64.decodeBase64(authCredentials));
+    public Authentication convert(HttpServletRequest request) {
+        AuthenticationToken token = getToken(request);
+        LoginMember loginMember = userDetailsService.loadUserByUsername(token.getPrincipal());
 
-            String[] splits = authHeader.split(":");
-            String principal = splits[0];
-            String credentials = splits[1];
+        checkAuthentication(token, loginMember);
 
-            AuthenticationToken token = new AuthenticationToken(principal, credentials);
+        return new Authentication(loginMember.getEmail(), loginMember.getAuthorities());
+    }
 
-            LoginMember loginMember = loginMemberService.loadUserByUsername(token.getPrincipal());
-            if (loginMember == null) {
-                throw new AuthenticationException();
-            }
 
-            if (!loginMember.checkPassword(token.getCredentials())) {
-                throw new AuthenticationException();
-            }
+    private AuthenticationToken getToken(HttpServletRequest request) {
+        String authCredentials = AuthorizationExtractor.extract(request, AuthorizationType.BASIC);
+        String authHeader = new String(Base64.decodeBase64(authCredentials));
 
-            Authentication authentication = new Authentication(loginMember.getEmail(), loginMember.getAuthorities());
+        String[] splits = authHeader.split(":");
+        String principal = splits[0];
+        String credentials = splits[1];
 
-            SecurityContextHolder.getContext().setAuthentication(authentication);
+        return new AuthenticationToken(principal, credentials);
+    }
 
-            return true;
-        } catch (Exception e) {
-            return true;
+    private void checkAuthentication(AuthenticationToken token, LoginMember loginMember) {
+        if (!loginMember.checkPassword(token.getCredentials())) {
+            throw new AuthenticationException();
         }
     }
 }
diff --git a/src/main/java/nextstep/auth/authentication/BearerTokenAuthenticationFilter.java b/src/main/java/nextstep/auth/authentication/BearerTokenAuthenticationFilter.java
@@ -3,35 +3,24 @@
 import nextstep.auth.context.Authentication;
 import nextstep.auth.context.SecurityContextHolder;
 import nextstep.auth.token.JwtTokenProvider;
+import nextstep.member.domain.LoginMember;
 import org.springframework.web.servlet.HandlerInterceptor;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.util.List;
 
-public class BearerTokenAuthenticationFilter implements HandlerInterceptor {
+public class BearerTokenAuthenticationFilter extends Authorizator {
     private final JwtTokenProvider jwtTokenProvider;
 
     public BearerTokenAuthenticationFilter(JwtTokenProvider jwtTokenProvider) {
         this.jwtTokenProvider = jwtTokenProvider;
     }
 
     @Override
-    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
-        try {
-            String authCredentials = AuthorizationExtractor.extract(request, AuthorizationType.BEARER);
+    public Authentication convert(HttpServletRequest request) {
+        String authCredentials = AuthorizationExtractor.extract(request, AuthorizationType.BEARER);
 
-            jwtTokenProvider.validateToken(authCredentials);
-            String principal = jwtTokenProvider.getPrincipal(authCredentials);
-            List<String> roles = jwtTokenProvider.getRoles(authCredentials);
-
-            Authentication authentication = new Authentication(principal, roles);
-
-            SecurityContextHolder.getContext().setAuthentication(authentication);
-
-            return true;
-        } catch (RuntimeException exception) {
-            return true;
-        }
+        return jwtTokenProvider.toAuthentication(authCredentials);
     }
 }
diff --git a/src/main/java/nextstep/auth/authentication/UsernamePasswordAuthenticationFilter.java b/src/main/java/nextstep/auth/authentication/UsernamePasswordAuthenticationFilter.java
@@ -1,45 +1,28 @@
 package nextstep.auth.authentication;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
 import nextstep.auth.context.Authentication;
-import nextstep.auth.context.SecurityContext;
 import nextstep.auth.context.SecurityContextHolder;
-import nextstep.member.application.LoginMemberService;
+import nextstep.member.application.UserDetailsService;
 import nextstep.member.domain.LoginMember;
-import nextstep.member.domain.Member;
-import org.springframework.web.servlet.HandlerInterceptor;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.util.List;
+import java.io.IOException;
 
-public class UsernamePasswordAuthenticationFilter implements HandlerInterceptor {
-    private final LoginMemberService loginMemberService;
+public class UsernamePasswordAuthenticationFilter extends Authenticator {
 
-    public UsernamePasswordAuthenticationFilter(LoginMemberService loginMemberService) {
-        this.loginMemberService = loginMemberService;
+    public UsernamePasswordAuthenticationFilter(UserDetailsService userDetailsService) {
+        super(userDetailsService);
     }
 
     @Override
-    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
-        String email = request.getParameter("email");
-        String password = request.getParameter("password");
-
-        LoginMember member;
-
-        try {
-            member = loginMemberService.loadUserByUsername(email);
-        } catch (RuntimeException e) {
-            throw new AuthenticationException();
-        }
-
-        if (!member.checkPassword(password)) {
-            throw new AuthenticationException();
-        }
+    public AuthenticationToken convert(HttpServletRequest request) {
+        return new AuthenticationToken(request.getParameter("email"), request.getParameter("password"));
+    }
 
+    @Override
+    public void authenticate(LoginMember member, HttpServletResponse response) throws IOException {
         Authentication authentication = new Authentication(member.getEmail(), member.getAuthorities());
         SecurityContextHolder.getContext().setAuthentication(authentication);
-
-        return true;
     }
 }
diff --git a/src/main/java/nextstep/auth/context/Authentication.java b/src/main/java/nextstep/auth/context/Authentication.java
@@ -1,8 +1,11 @@
 package nextstep.auth.context;
 
+import lombok.EqualsAndHashCode;
+
 import java.io.Serializable;
 import java.util.List;
 
+@EqualsAndHashCode
 public class Authentication implements Serializable {
     private Object principal;
     private List<String> authorities;

diff --git a/src/main/java/nextstep/auth/token/JwtTokenProvider.java b/src/main/java/nextstep/auth/token/JwtTokenProvider.java
@@ -1,6 +1,7 @@
 package nextstep.auth.token;
 
 import io.jsonwebtoken.*;
+import nextstep.auth.context.Authentication;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
@@ -14,6 +15,14 @@ public class JwtTokenProvider {
     @Value("${security.jwt.token.expire-length}")
     private long validityInMilliseconds;
 
+    public Authentication toAuthentication(String token) {
+        validateToken(token);
+        String principal = getPrincipal(token);
+        List<String> roles = getRoles(token);
+
+        return new Authentication(principal, roles);
+    }
+
     public String createToken(String principal, List<String> roles) {
         Claims claims = Jwts.claims().setSubject(principal);
         Date now = new Date();