step 2-2

src/main/java/nextstep/app/ui/MemberController.java

@@ -2,7 +2,9 @@
 
 import nextstep.app.domain.Member;
 import nextstep.app.domain.MemberRepository;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -22,4 +24,9 @@ public ResponseEntity<List<Member>> list() {
         List<Member> members = memberRepository.findAll();
         return ResponseEntity.ok(members);
     }
+
+    @ExceptionHandler(AuthenticationException.class)
+    public ResponseEntity<Void> handleAuthenticationException() {
+        return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
+    }
 }

src/main/java/nextstep/app/ui/WebConfig.java

@@ -4,18 +4,17 @@
 import java.util.List;
 import lombok.RequiredArgsConstructor;
 import nextstep.security.authentication.AuthenticationManager;
-import nextstep.security.authentication.BasicAuthenticationInterceptor;
 import nextstep.security.authentication.DaoAuthenticationProvider;
-import nextstep.security.authentication.FormLoginAuthenticationInterceptor;
 import nextstep.security.authentication.ProviderManager;
 import nextstep.security.filter.BasicAuthenticationSecurityFilter;
 import nextstep.security.filter.DefaultSecurityFilterChain;
+import nextstep.security.filter.DelegatingFilterProxy;
+import nextstep.security.filter.FilterChainProxy;
 import nextstep.security.filter.FormLoginAuthenticationFilter;
 import nextstep.security.filter.SecurityFilterChain;
 import nextstep.security.userdetils.UserDetailsService;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @RequiredArgsConstructor
@@ -24,10 +23,18 @@ public class WebConfig implements WebMvcConfigurer {
 
     private final UserDetailsService userDetailsService;
 
-    @Override
-    public void addInterceptors(InterceptorRegistry registry) {
-        registry.addInterceptor(new FormLoginAuthenticationInterceptor(authenticationManager())).addPathPatterns("/login");
-        registry.addInterceptor(new BasicAuthenticationInterceptor(authenticationManager()));
+    @Bean
+    public DelegatingFilterProxy delegatingFilterProxy(
+            AuthenticationManager authenticationManager
+    ) {
+        return new DelegatingFilterProxy(
+                filterChainProxy(List.of(securityFilterChain(authenticationManager))
+                ));
+    }
+
+    @Bean
+    public FilterChainProxy filterChainProxy(List<SecurityFilterChain> securityFilterChainList) {
+        return new FilterChainProxy(securityFilterChainList);
     }
 
     @Bean
@@ -41,7 +48,7 @@ public DaoAuthenticationProvider daoAuthenticationProvider() {
     }
 
     @Bean
-    public SecurityFilterChain securityFilterChain(AuthenticationManager authenticationManager){
+    public SecurityFilterChain securityFilterChain(AuthenticationManager authenticationManager) {
         return new DefaultSecurityFilterChain(
                 List.of(new FormLoginAuthenticationFilter(authenticationManager),
                         new BasicAuthenticationSecurityFilter(authenticationManager))

src/main/java/nextstep/security/filter/BasicAuthenticationSecurityFilter.java

@@ -1,5 +1,6 @@
 package nextstep.security.filter;
 
+
 import java.io.IOException;
 import java.util.Objects;
 import javax.servlet.FilterChain;
@@ -20,6 +21,7 @@
 public class BasicAuthenticationSecurityFilter extends GenericFilterBean {
 
     private final AuthenticationManager authenticationManager;
+    private static final String DEFAULT_REQUEST_URI = "/members";
 
     public BasicAuthenticationSecurityFilter(AuthenticationManager authenticationManager) {
         this.authenticationManager = authenticationManager;
@@ -28,13 +30,24 @@ public BasicAuthenticationSecurityFilter(AuthenticationManager authenticationMan
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
             throws IOException, ServletException {
-        UsernamePasswordAuthenticationToken authRequest = createAuthentication(
-                (HttpServletRequest) request);
+        if (!DEFAULT_REQUEST_URI.equals(((HttpServletRequest) request).getRequestURI())) {
+            chain.doFilter(request, response);
+            return;
+        }
 
-        Authentication authentication = authenticationManager.authenticate(authRequest);
+        try {
+            UsernamePasswordAuthenticationToken authRequest = createAuthentication(
+                    (HttpServletRequest) request);
 
-        if (Objects.isNull(authentication) || !authentication.isAuthenticated()) {
-            throw new AuthenticationException();
+            Authentication authentication = authenticationManager.authenticate(authRequest);
+
+            if (Objects.isNull(authentication) || !authentication.isAuthenticated()) {
+                ((HttpServletResponse) response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            }
+
+            chain.doFilter(request, response);
+        } catch (Exception e) {
+            ((HttpServletResponse) response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
         }
     }
 

src/main/java/nextstep/security/filter/DelegatingFilterProxy.java

@@ -6,15 +6,17 @@
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
+import lombok.AllArgsConstructor;
 import org.springframework.web.filter.GenericFilterBean;
 
+@AllArgsConstructor
 public class DelegatingFilterProxy extends GenericFilterBean {
 
     Filter delegate;
 
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
             throws IOException, ServletException {
-
+        delegate.doFilter(request, response, chain);
     }
 }

src/main/java/nextstep/security/filter/FilterChainProxy.java

@@ -9,8 +9,10 @@
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import lombok.AllArgsConstructor;
 import org.springframework.web.filter.GenericFilterBean;
 
+@AllArgsConstructor
 public class FilterChainProxy extends GenericFilterBean {
 
     List<SecurityFilterChain> securityFilterChainList;

src/main/java/nextstep/security/filter/FormLoginAuthenticationFilter.java

@@ -1,7 +1,5 @@
 package nextstep.security.filter;
 
-import static nextstep.security.authentication.FormLoginAuthenticationInterceptor.SPRING_SECURITY_CONTEXT_KEY;
-
 import java.io.IOException;
 import java.util.Map;
 import java.util.Objects;
@@ -10,15 +8,22 @@
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import nextstep.app.ui.AuthenticationException;
 import nextstep.security.authentication.Authentication;
 import nextstep.security.authentication.AuthenticationManager;
 import nextstep.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.filter.GenericFilterBean;
 
 public class FormLoginAuthenticationFilter extends GenericFilterBean {
 
     private final AuthenticationManager authenticationManager;
+    private final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
+
+    private static final String DEFAULT_REQUEST_URI = "/login";
 
     public FormLoginAuthenticationFilter(AuthenticationManager authenticationManager) {
         this.authenticationManager = authenticationManager;
@@ -27,18 +32,28 @@ public FormLoginAuthenticationFilter(AuthenticationManager authenticationManager
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
             throws IOException, ServletException {
-        Map<String, String[]> paramMap = request.getParameterMap();
-        String email = paramMap.get("username")[0];
-        String password = paramMap.get("password")[0];
 
-        Authentication authentication = authenticationManager.authenticate(
-                UsernamePasswordAuthenticationToken.unauthenticated(email, password));
-
-        if (Objects.isNull(authentication) || !authentication.isAuthenticated()) {
-            throw new AuthenticationException();
+        if (!DEFAULT_REQUEST_URI.equals(((HttpServletRequest)request).getRequestURI())) {
+            chain.doFilter(request, response);
+            return;
         }
 
-        ((HttpServletRequest) request).getSession()
-                .setAttribute(SPRING_SECURITY_CONTEXT_KEY, authentication);
+        try {
+            Map<String, String[]> paramMap = request.getParameterMap();
+            String email = paramMap.get("username")[0];
+            String password = paramMap.get("password")[0];
+
+            Authentication authentication = authenticationManager.authenticate(
+                    UsernamePasswordAuthenticationToken.unauthenticated(email, password));
+
+            if (Objects.isNull(authentication) || !authentication.isAuthenticated()) {
+                throw new AuthenticationException();
+            }
+
+            ((HttpServletRequest) request).getSession()
+                    .setAttribute(SPRING_SECURITY_CONTEXT_KEY, authentication);
+        } catch (Exception e) {
+            ((HttpServletResponse)response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        }
     }
 }