Merge pull request #114 from Likelion-YeungNam-Univ/feature-security

feat: swagger 접근 수정 및 filter 추가

src/main/java/com/example/holing/base/config/JwtFilter.java

@@ -0,0 +1,37 @@
+package com.example.holing.base.config;
+
+import com.example.holing.base.jwt.JwtProvider;
+import com.example.holing.bounded_context.user.entity.User;
+import com.example.holing.bounded_context.user.service.UserService;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+@RequiredArgsConstructor
+public class JwtFilter extends OncePerRequestFilter {
+    private final UserService userService;
+    private final JwtProvider jwtProvider;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+        try {
+            String accessToken = jwtProvider.getToken(request);
+            String userId = jwtProvider.getUserId(accessToken);
+            User user = userService.read(Long.parseLong(userId));
+
+            Authentication authentication = new UsernamePasswordAuthenticationToken(userId, null, null); //인증객체 생성
+            SecurityContextHolder.getContext().setAuthentication(authentication); //인증정보 저장
+            filterChain.doFilter(request, response);
+        } catch (Exception e) {
+
+        }
+    }
+}

src/main/java/com/example/holing/base/config/SecurityConfig.java

@@ -1,5 +1,7 @@
 package com.example.holing.base.config;
 
+import com.example.holing.base.jwt.JwtProvider;
+import com.example.holing.bounded_context.user.service.UserService;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
@@ -9,6 +11,7 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 
@@ -19,6 +22,8 @@
 @RequiredArgsConstructor
 public class SecurityConfig {
     private final AuthenticationEntryPoint customAuthenticationEntryPoint;
+    private final UserService userService;
+    private final JwtProvider jwtProvider;
 
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
@@ -41,7 +46,13 @@ public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
                 .authorizeHttpRequests(request ->
                         request.requestMatchers("/auth/**").permitAll()
                                 .requestMatchers("/survey/self-test").permitAll()
+                                .requestMatchers("/swagger-resources/**",
+                                        "/swagger-ui/**",
+                                        "/v3/api-docs/**",
+                                        "/webjars/**",
+                                        "/error").permitAll()
                                 .anyRequest().authenticated())
+                .addFilterBefore(new JwtFilter(userService, jwtProvider), UsernamePasswordAuthenticationFilter.class)
                 .exceptionHandling(hp -> hp
                         .authenticationEntryPoint(customAuthenticationEntryPoint))
                 .formLogin(Customizer.withDefaults())