개발자되기 (245P)
@RequiredArgsConstructor
public class TokenAuthenticationFilter extends OncePerRequestFilter{
private final TokenProvider tokenProvider;
private final static String HEADER_AUTHORIZATION = "Authorization";
private final static String TOKEN_PREFIX = "Bearer ";
@Override
protected void doFilter(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain
)throws ServletException, IOException{
// 요청 헤더의 Authorization 키 값 조회
String authorizationHeader = request.getHeader(HEADER_AUTHORIZATION);
// 가져온 값에서 접두사 제거
String token = getAccessToken(authorizationHeader);
// 가져온 토큰 유효한지 확인, 유효한 경우 인증 정보 설정
if(tokenProvider.validToken(token)){
Authentication authentication = tokenProvider.getAuthentication(tokne);
SecurityContextHolder.getContext().setAuthentication(authentication);
}
filterChain.doFilter(request, response);
}
private String getAccessToken(String authorizationHeader){
if(authorizationHeader != null && authorizationHeader.startsWith(TOKEN_PREFIX)){
return authorizationHeader.substring(TOKEN_PREFIX.length());
}
return null;
}
}
Bearer
제외한 값 추출@Log4j2
public class ApiCheckFilter extends OncePerRequestFilter{
private AntPathMatcher antPathMatcher; // 패턴에 맞는 경우 다른 동작 수행
public ApiCheckFilter(String pattern){
this.antPathMatcher = antPathMatcher;
this.pattern = pattern;
}
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain)
throws ServletException, IOException{
log.info("REQUESTURI : "+request.getRequestURI());
log.info(antPathMatcher.match(pattern, request.getReuqestURI()));
if(antPathMatcher.match(pattern, request.getRequestURI())){
log.info(" -- ApiCheckFilter --");
return;
}
filterChain.doFilter(request, resposne)
}
}
문자열로 패턴 입력받는 생성자 추가 되었으므로 SecurityConfig
를 아래와 같이 수정
@Bean
public ApiCheckFilter apiCheckFilter(){
return new ApiCheckFilter("/notes/**/*");
}
이후에는 /notes
로 시작하는 경로만 로그 출력됨.
Authorization
헤더 데이터 전송@Log4j2
public class ApiLoginFilter extends AbstractAuthenticationProcessingFilter{
private JWTUtil jwtUtil;
public ApiLoginFilter(String defaultFilterProecssUrl, JWTUtil jwtUtil){
super(defaultFilterProcessUrl);
this.jwtUtil = jwtUtil;
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpservletResponse response) throws AuthenticationException, IOException, ServletException{
log.info(" =========== ApiLoginFilter ===========");
log.info(" === (ApiLoginFilter) attemptAuthentication ===");
String email = request.getParameter("email");
String pw = request.getParameter("pw");
if(email==null){
throw new BadCredentialException("Email cannot be null");
}
UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(email, pw);
}
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException{
log.info(" =========== (ApiLoginFilter) successfulAuthentication ================");
log.info(" successfulAuthentication : " + authResult);
log.info(authResult.getPrincipal());
String email = ((ClubAuthMemberDTO)authResult.getPrincipal()).getUsername();
String token = null;
try{
token = jwtUtil.generateToken(email);
response.setContentType("text/plain");
response.getOutStream().write(token.getBytes());
log.info(token);
}catch (Exception e){
e.printStackTrace();
}
}
}