Fix: edit Security router (#1)

src/main/java/com/hanaro/starbucks/config/JwtAuthenticationFilter.java

@@ -23,38 +23,10 @@ public class JwtAuthenticationFilter extends GenericFilterBean {
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws ServletException, IOException {
         String token = jwtTokenProvider.resolveToken((HttpServletRequest) request);
 
-//        if (token != null && jwtTokenProvider.validateToken(token)) {
-//            Authentication authentication = jwtTokenProvider.getAuthentication(token);
-//            SecurityContextHolder.getContext().setAuthentication(authentication);
-//        }
-//        filterChain.doFilter(request, response);
-
         if (token != null && jwtTokenProvider.validateToken(token)) {
             Authentication authentication = jwtTokenProvider.getAuthentication(token);
             SecurityContextHolder.getContext().setAuthentication(authentication);
-
-            // 사용자의 권한을 확인하여 ADMIN인지 확인
-            if (authentication != null && authentication.getAuthorities().stream()
-                    .anyMatch(authority -> authority.getAuthority().equals("ROLE_ADMIN"))) {
-                filterChain.doFilter(request, response);
-            } else {
-                // ADMIN 권한이 아닌 경우 접근 거부 응답 전송
-                HttpServletResponse httpResponse = (HttpServletResponse) response;
-                httpResponse.setStatus(HttpStatus.FORBIDDEN.value());
-//                httpResponse.getWriter().write("관리자만 접근할 수 있는 요청입니다.");
-                httpResponse.getWriter().write("only admin can access it");
-                httpResponse.getWriter().flush();
-                httpResponse.getWriter().close();
-                return;
-            }
-        } else {
-            // 토큰이 없거나 유효하지 않은 경우 접근 거부 응답 전송
-            HttpServletResponse httpResponse = (HttpServletResponse) response;
-            httpResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
-            httpResponse.getWriter().write("unauthorized user");
-            httpResponse.getWriter().flush();
-            httpResponse.getWriter().close();
-            return;
         }
+        filterChain.doFilter(request, response);
     }
 }

src/main/java/com/hanaro/starbucks/config/SecurityConfig.java

@@ -35,8 +35,9 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                                 new AntPathRequestMatcher("/api/v1/users/signup")
                         ).permitAll() // 권한이 있든 말든 모두 접근 가능
                         // admin일 경우에만 /admin에 대한 요청에서 접근을 허용한다.
-                        .requestMatchers("/api/v1/user/admin/**").hasRole("ADMIN")
+                        .requestMatchers("/api/v1/users/admin/**").hasRole("ADMIN")
                         .requestMatchers("/api/v1/products/admin/**").hasRole("ADMIN")
+                        .requestMatchers("/api/v1/orders/admin/**").hasRole("ADMIN")
                         // 그 외 모든 요청은 인증된 사용자에게만 허용한다.
                         .anyRequest().permitAll()
                 )

src/main/java/com/hanaro/starbucks/controller/MemberController.java

@@ -49,6 +49,7 @@ public ResponseEntity<?> signup(@RequestBody SignupReqDto user) {
     @ResponseBody
     public ResponseEntity<?> login(@RequestBody LoginReqDto user)  {
         MemberResDto findUser = memberService.findUserByUserIdAndUserPw(user.getUserId(), user.getUserPw());
+        System.out.println(findUser);
         if (findUser != null) {
             String token = jwtUtil.createToken(findUser.getUserId(), Arrays.asList(findUser.getUserRole()));
             Map<String, Object> response = new HashMap<>();