diff --git a/pickly-service/src/main/java/org/pickly/service/common/config/SecurityConfig.java b/pickly-service/src/main/java/org/pickly/service/common/config/SecurityConfig.java index d6afc9ba..89f2287f 100644 --- a/pickly-service/src/main/java/org/pickly/service/common/config/SecurityConfig.java +++ b/pickly-service/src/main/java/org/pickly/service/common/config/SecurityConfig.java @@ -2,11 +2,17 @@ import lombok.RequiredArgsConstructor; import org.pickly.service.common.filter.CorsWebFilter; +import org.pickly.service.common.filter.JwtFilter; +import org.pickly.service.common.utils.base.AuthTokenUtil; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; +import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; @Configuration @EnableWebSecurity @@ -15,12 +21,13 @@ public class SecurityConfig { private final CorsWebFilter corsFilter; -// private final JwtFilter jwtFilter; + private final UserDetailsService userDetailsService; + private final AuthTokenUtil authTokenUtil; private static final String[] AUTH_WHITELIST = { "/api/**", "/graphiql", "/graphql", "/swagger-ui/**", "/api-docs", "/swagger-ui-custom.html", - "/v3/api-docs/**", "/api-docs/**", "/swagger-ui.html" + "/v3/api-docs/**", "/api-docs/**", }; @Bean @@ -33,8 +40,11 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti .permitAll() .anyRequest() .authenticated() -// .and() -// .addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class) + .and() + .addFilterBefore(new JwtFilter( + userDetailsService, + authTokenUtil + ), UsernamePasswordAuthenticationFilter.class) ) .httpBasic().disable() .formLogin().disable() @@ -43,4 +53,8 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti .build(); } + @Bean + public WebSecurityCustomizer webSecurityCustomizer() { + return (web) -> web.ignoring().requestMatchers(AUTH_WHITELIST); + } } diff --git a/pickly-service/src/main/java/org/pickly/service/common/config/SwaggerConfig.java b/pickly-service/src/main/java/org/pickly/service/common/config/SwaggerConfig.java index bed6ccd5..f6269879 100644 --- a/pickly-service/src/main/java/org/pickly/service/common/config/SwaggerConfig.java +++ b/pickly-service/src/main/java/org/pickly/service/common/config/SwaggerConfig.java @@ -1,6 +1,8 @@ package org.pickly.service.common.config; +import io.swagger.v3.oas.models.Components; import io.swagger.v3.oas.models.OpenAPI; +import io.swagger.v3.oas.models.security.SecurityScheme; import io.swagger.v3.oas.models.servers.Server; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -24,7 +26,14 @@ public class SwaggerConfig { @Bean public OpenAPI openApi() { return new OpenAPI() + .components( + new Components().addSecuritySchemes("Bearer Authentication", createAPIKeyScheme())) .addServersItem(new Server().url("/")); } -} \ No newline at end of file + private SecurityScheme createAPIKeyScheme() { + return new SecurityScheme().type(SecurityScheme.Type.HTTP) + .bearerFormat("JWT") + .scheme("bearer"); + } +} diff --git a/pickly-service/src/main/java/org/pickly/service/common/filter/JwtFilter.java b/pickly-service/src/main/java/org/pickly/service/common/filter/JwtFilter.java index a698b261..b3407b42 100644 --- a/pickly-service/src/main/java/org/pickly/service/common/filter/JwtFilter.java +++ b/pickly-service/src/main/java/org/pickly/service/common/filter/JwtFilter.java @@ -1,22 +1,32 @@ package org.pickly.service.common.filter; +import com.google.firebase.auth.FirebaseToken; +import jakarta.servlet.FilterChain; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import java.io.IOException; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.pickly.service.common.utils.base.AuthTokenUtil; +import org.pickly.service.common.utils.base.RequestUtil; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.web.filter.OncePerRequestFilter; -//@Component -//@RequiredArgsConstructor -//@Slf4j -//public class JwtFilter extends OncePerRequestFilter { -// -// private final UserDetailsService userDetailsService; -// private final AuthTokenUtil authTokenUtil; -// -// @Override -// protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, -// FilterChain filterChain) -// throws IOException, ServletException { -// String bearerToken = RequestUtil.getAuthorizationToken(request.getHeader("Authorization")); -// FirebaseToken decodedToken = authTokenUtil.validateToken(bearerToken); -// -// //TODO: decodedToken security context에 저장 필요 -// filterChain.doFilter(request, response); -// } -//} +@RequiredArgsConstructor +@Slf4j +public class JwtFilter extends OncePerRequestFilter { + + private final UserDetailsService userDetailsService; + private final AuthTokenUtil authTokenUtil; + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, + FilterChain filterChain) throws IOException, ServletException { + String bearerToken = RequestUtil.getAuthorizationToken(request.getHeader("Authorization")); + FirebaseToken decodedToken = authTokenUtil.validateToken(bearerToken); + + //TODO: decodedToken security context에 저장 필요 + filterChain.doFilter(request, response); + } +}