[#4] JWT Bearer 헤더 파싱 추가

Nexters · Oct 5, 2021 · 711d8f2 · 711d8f2
1 parent b9b1d7f
commit 711d8f2
Showing 1 changed file with 26 additions and 24 deletions.
diff --git a/api/src/main/java/com/teamnexters/lazy/api/config/auth/JwtAuthFilter.java b/api/src/main/java/com/teamnexters/lazy/api/config/auth/JwtAuthFilter.java
@@ -1,14 +1,10 @@
 package com.teamnexters.lazy.api.config.auth;
 
 import com.teamnexters.lazy.api.config.auth.jwt.JwtTokenProvider;
-import com.teamnexters.lazy.api.service.MemberService;
-import com.teamnexters.lazy.common.domain.member.Member;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.util.StringUtils;
 import org.springframework.web.filter.GenericFilterBean;
 
 import javax.servlet.FilterChain;
@@ -17,16 +13,14 @@
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import java.io.IOException;
-import java.util.Arrays;
-import java.util.Optional;
 
 @Slf4j
 public class JwtAuthFilter extends GenericFilterBean {
 
-    private final JwtTokenProvider jwtTokenProvider;
+    private static final String AUTHORIZATION_HEADER = "Authorization";
+    private static final String BEARER_PREFIX = "Bearer ";
 
-    @Autowired
-    private MemberService memberService;
+    private final JwtTokenProvider jwtTokenProvider;
 
     public JwtAuthFilter(JwtTokenProvider tokenProvider) {
         this.jwtTokenProvider = tokenProvider;
@@ -35,24 +29,32 @@ public JwtAuthFilter(JwtTokenProvider tokenProvider) {
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
             throws IOException, ServletException {
-        String token = ((HttpServletRequest)request).getHeader("Authorization");
-
-        log.info(">>> Filter Token : {}", token);
-
-        if (token != null && jwtTokenProvider.verifyToken(token)) {
-            String email = jwtTokenProvider.getUid(token);
-
-            Optional<Member> member = memberService.getOneMemberByEmail(email);
-
-            Authentication auth = getAuthentication(member.get());
-            SecurityContextHolder.getContext().setAuthentication(auth);
+        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+        String jwt = resolveToken(httpServletRequest);
+        String requestURI = httpServletRequest.getRequestURI();
+
+        if (StringUtils.hasText(jwt) && jwtTokenProvider.verifyToken(jwt)) {
+            Authentication authentication = jwtTokenProvider.getAuthentication(jwt);
+            SecurityContextHolder.getContext().setAuthentication(authentication);
+            log.info("Security Context - '{}' 인증 정보를 저장했습니다, uri: {}", authentication.getName(), requestURI);
+        } else {
+            log.debug("유효한 JWT 토큰이 없습니다, uri: {}", requestURI);
         }
 
         chain.doFilter(request, response);
     }
 
-    public Authentication getAuthentication(Member member) {
-        return new UsernamePasswordAuthenticationToken(member, "",
-                Arrays.asList(new SimpleGrantedAuthority("USER")));
+    /**
+     * Request Header 에서 토큰 정보 가져오기
+     *
+     * @param request Servlet Request
+     * @return Token String
+     */
+    private String resolveToken(HttpServletRequest request) {
+        String bearerToken = request.getHeader(AUTHORIZATION_HEADER);
+        if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(BEARER_PREFIX)) {
+            return bearerToken.substring(7);
+        }
+        return null;
     }
 }