[Feature] JWT Handler 응답 및 API 권한 설정 #134
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 tasks
hojeong2747
approved these changes
Nov 21, 2023
| @@ -78,6 +78,8 @@ public SecurityFilterChain filterChain(HttpSecurity http, HandlerMappingIntrospe | |||
| .requestMatchers(mvcMatcherBuilder.pattern("/v3/api-docs/**")).permitAll() | |||
| .requestMatchers(mvcMatcherBuilder.pattern("/volunteers/nickname/isDuplicated")).permitAll() | |||
| .requestMatchers(mvcMatcherBuilder.pattern("/fcm-test")).permitAll() | |||
| .requestMatchers(mvcMatcherBuilder.pattern("/volunteers/posts/{postId}/applications")).hasRole("AUTH_VOLUNTEER") | |||
| .requestMatchers(mvcMatcherBuilder.pattern("/intermediaries/**")).hasRole("AUTH_INTERMEDIARY") | |||
There was a problem hiding this comment.
신청을 할 때는 인증 완료한 봉사자만 신청 가능하게 하고, 중개의 경우는 모두 인증된 중개자만 접근하게 하는 권한 설정이네요. 처음 설계할 때 이동 봉사자와 중개를 분리하고, 각각 인증 절차를 거친 후에만 접근 가능한 기능을 구분했던 부분이 이렇게 마무리 되는 기분이에요! (기분 좋습니다😊)
There was a problem hiding this comment.
맞아요! 각각의 권한으로 테스트를 진행했는데 잘 동작하는 것 같습니다 ㅎ ㅎ
| @@ -12,6 +12,8 @@ public enum ErrorCode { | |||
| ALREADY_LOGOUT_MEMBER("A3", "이미 로그아웃한 회원입니다"), | |||
| EMAIL_SEND_ERROR("A4", "이메일 인증 코드 전송을 실패했습니다."), | |||
| UNKNOWN_PROVIDER("A4", "provider 값이 KAKAO 또는 NAVER가 아닙니다."), | |||
There was a problem hiding this comment.
인증 코드 중복된 제 부분 메모해 두었어요. 수정하겠습니다!
| @@ -12,6 +12,8 @@ public enum ErrorCode { | |||
| ALREADY_LOGOUT_MEMBER("A3", "이미 로그아웃한 회원입니다"), | |||
| EMAIL_SEND_ERROR("A4", "이메일 인증 코드 전송을 실패했습니다."), | |||
| UNKNOWN_PROVIDER("A4", "provider 값이 KAKAO 또는 NAVER가 아닙니다."), | |||
| NOT_ALLOWED_MEMBER("A6", "해당 요청에 대한 권한이 없습니다."), | |||
| NOT_AUTHENTICATED_REQUEST("A7", "유효한 JWT 토큰이 없습니다."), | |||
| @Override | ||
| public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException { | ||
| // 필요한 권한이 없이 접근하려 할때 403 | ||
| log.info("허가 받지 않은 사용자의 접근입니다."); | ||
| response.sendError(HttpServletResponse.SC_FORBIDDEN); | ||
| ErrorResponse errorResponse = ErrorResponse.of(NOT_ALLOWED_MEMBER.getCode(), NOT_ALLOWED_MEMBER.getMessage()); |
There was a problem hiding this comment.
이런 식으로 허가 받지 않은 사용자의 접근 응답 설정을 하는군요! 이렇게 하면 우리가 설정한 기존 에러 방식과 일치하고 좋은 것 같아요 👍
| @Override | ||
| public void commence(HttpServletRequest request, HttpServletResponse response, | ||
| AuthenticationException authException) throws IOException, ServletException { | ||
| log.info("인증되지 않은 요청입니다."); | ||
| response.sendError(HttpServletResponse.SC_UNAUTHORIZED); | ||
| ErrorResponse errorResponse = ErrorResponse.of(NOT_AUTHENTICATED_REQUEST.getCode(), NOT_AUTHENTICATED_REQUEST.getMessage()); | ||
| String jsonResponse = objectMapper.writeValueAsString(errorResponse); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
💡 연관된 이슈
close #133
📝 작업 내용
💬 리뷰 요구 사항