-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BE] refactor: JWT에 권한에 따른 클레임을 담기 위해 인증 기능 개편 (#982) #985
Merged
Merged
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit
Hold shift + click to select a range
0a79522
refactor: MemberAuthCommandService oAuth2Login 메서드명 변경
seokjin8678 6cc3948
refactor: Authentication을 사용한 인증/인가 리팩터링
seokjin8678 bafe152
refactor: AuthenticationArgumentResolver 파라미터에 어노테이션 제거
seokjin8678 ebd3ce7
feat: 토큰 Subject에 식별자 추가
seokjin8678 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
42 changes: 42 additions & 0 deletions
42
backend/src/main/java/com/festago/auth/AdminAuthenticationArgumentResolver.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
package com.festago.auth; | ||
|
||
import com.festago.auth.annotation.Admin; | ||
import com.festago.auth.domain.authentication.AdminAuthentication; | ||
import com.festago.auth.domain.authentication.Authentication; | ||
import com.festago.common.exception.UnexpectedException; | ||
import org.springframework.core.MethodParameter; | ||
import org.springframework.util.Assert; | ||
import org.springframework.web.bind.support.WebDataBinderFactory; | ||
import org.springframework.web.context.request.NativeWebRequest; | ||
import org.springframework.web.method.support.HandlerMethodArgumentResolver; | ||
import org.springframework.web.method.support.ModelAndViewContainer; | ||
|
||
public class AdminAuthenticationArgumentResolver implements HandlerMethodArgumentResolver { | ||
|
||
private final AuthenticateContext authenticateContext; | ||
|
||
public AdminAuthenticationArgumentResolver(AuthenticateContext authenticateContext) { | ||
Assert.notNull(authenticateContext, "The authenticateContext must not be null"); | ||
this.authenticateContext = authenticateContext; | ||
} | ||
|
||
@Override | ||
public boolean supportsParameter(MethodParameter parameter) { | ||
return parameter.getParameterType().equals(AdminAuthentication.class) && parameter.hasParameterAnnotation( | ||
Admin.class); | ||
} | ||
|
||
@Override | ||
public AdminAuthentication resolveArgument( | ||
MethodParameter parameter, | ||
ModelAndViewContainer mavContainer, | ||
NativeWebRequest webRequest, | ||
WebDataBinderFactory binderFactory | ||
) { | ||
Authentication authentication = authenticateContext.getAuthentication(); | ||
if (authentication instanceof AdminAuthentication adminAuthentication) { | ||
return adminAuthentication; | ||
} | ||
throw new UnexpectedException("인가된 권한이 인자의 권한과 맞지 않습니다."); | ||
} | ||
} |
52 changes: 52 additions & 0 deletions
52
backend/src/main/java/com/festago/auth/AnnotationAuthorizationInterceptor.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
package com.festago.auth; | ||
|
||
import com.festago.auth.annotation.Authorization; | ||
import com.festago.auth.application.HttpRequestTokenExtractor; | ||
import com.festago.auth.domain.AuthenticationTokenExtractor; | ||
import com.festago.auth.domain.authentication.Authentication; | ||
import com.festago.common.exception.ErrorCode; | ||
import com.festago.common.exception.ForbiddenException; | ||
import com.festago.common.exception.UnauthorizedException; | ||
import com.festago.common.exception.UnexpectedException; | ||
import jakarta.servlet.http.HttpServletRequest; | ||
import jakarta.servlet.http.HttpServletResponse; | ||
import org.springframework.util.Assert; | ||
import org.springframework.web.method.HandlerMethod; | ||
import org.springframework.web.servlet.HandlerInterceptor; | ||
|
||
public class AnnotationAuthorizationInterceptor implements HandlerInterceptor { | ||
|
||
private final HttpRequestTokenExtractor httpRequestTokenExtractor; | ||
private final AuthenticationTokenExtractor authenticationTokenExtractor; | ||
private final AuthenticateContext authenticateContext; | ||
|
||
public AnnotationAuthorizationInterceptor( | ||
HttpRequestTokenExtractor httpRequestTokenExtractor, | ||
AuthenticationTokenExtractor authenticationTokenExtractor, | ||
AuthenticateContext authenticateContext) | ||
{ | ||
Assert.notNull(httpRequestTokenExtractor, "The httpRequestTokenExtractor must not be null"); | ||
Assert.notNull(authenticationTokenExtractor, "The authenticationTokenExtractor must not be null"); | ||
Assert.notNull(authenticateContext, "The authenticateContext must not be null"); | ||
this.httpRequestTokenExtractor = httpRequestTokenExtractor; | ||
this.authenticationTokenExtractor = authenticationTokenExtractor; | ||
this.authenticateContext = authenticateContext; | ||
} | ||
|
||
@Override | ||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) { | ||
HandlerMethod handlerMethod = (HandlerMethod) handler; | ||
Authorization authorization = handlerMethod.getMethodAnnotation(Authorization.class); | ||
if (authorization == null) { | ||
throw new UnexpectedException("HandlerMethod에 Authorization 어노테이션이 없습니다."); | ||
} | ||
String token = httpRequestTokenExtractor.extract(request) | ||
.orElseThrow(() -> new UnauthorizedException(ErrorCode.NEED_AUTH_TOKEN)); | ||
Authentication authentication = authenticationTokenExtractor.extract(token); | ||
if (authentication.getRole() != authorization.role()) { | ||
throw new ForbiddenException(ErrorCode.NOT_ENOUGH_PERMISSION); | ||
} | ||
authenticateContext.setAuthentication(authentication); | ||
return true; | ||
} | ||
} |
82 changes: 0 additions & 82 deletions
82
backend/src/main/java/com/festago/auth/AuthInterceptor.java
This file was deleted.
Oops, something went wrong.
18 changes: 11 additions & 7 deletions
18
backend/src/main/java/com/festago/auth/AuthenticateContext.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,26 +1,30 @@ | ||
package com.festago.auth; | ||
|
||
import com.festago.auth.domain.Role; | ||
import com.festago.auth.domain.authentication.AnonymousAuthentication; | ||
import com.festago.auth.domain.authentication.Authentication; | ||
import org.springframework.stereotype.Component; | ||
import org.springframework.web.context.annotation.RequestScope; | ||
|
||
@Component | ||
@RequestScope | ||
public class AuthenticateContext { | ||
|
||
private Long id; | ||
private Role role = Role.ANONYMOUS; | ||
private Authentication authentication = AnonymousAuthentication.getInstance(); | ||
|
||
public void setAuthenticate(Long id, Role role) { | ||
this.id = id; | ||
this.role = role; | ||
public void setAuthentication(Authentication authentication) { | ||
this.authentication = authentication; | ||
} | ||
|
||
public Long getId() { | ||
return id; | ||
return authentication.getId(); | ||
} | ||
|
||
public Role getRole() { | ||
return role; | ||
return authentication.getRole(); | ||
} | ||
|
||
public Authentication getAuthentication() { | ||
return authentication; | ||
} | ||
} |
49 changes: 49 additions & 0 deletions
49
backend/src/main/java/com/festago/auth/FixedAuthorizationInterceptor.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
package com.festago.auth; | ||
|
||
import com.festago.auth.application.HttpRequestTokenExtractor; | ||
import com.festago.auth.domain.AuthenticationTokenExtractor; | ||
import com.festago.auth.domain.Role; | ||
import com.festago.auth.domain.authentication.Authentication; | ||
import com.festago.common.exception.ErrorCode; | ||
import com.festago.common.exception.ForbiddenException; | ||
import com.festago.common.exception.UnauthorizedException; | ||
import jakarta.servlet.http.HttpServletRequest; | ||
import jakarta.servlet.http.HttpServletResponse; | ||
import org.springframework.util.Assert; | ||
import org.springframework.web.servlet.HandlerInterceptor; | ||
|
||
public class FixedAuthorizationInterceptor implements HandlerInterceptor { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 기존 경로로 권한을 검증하는 기능을 위해 만들어진 인터셉터 입니다. |
||
|
||
private final HttpRequestTokenExtractor httpRequestTokenExtractor; | ||
private final AuthenticationTokenExtractor authenticationTokenExtractor; | ||
private final AuthenticateContext authenticateContext; | ||
private final Role role; | ||
|
||
public FixedAuthorizationInterceptor( | ||
HttpRequestTokenExtractor httpRequestTokenExtractor, | ||
AuthenticationTokenExtractor authenticationTokenExtractor, | ||
AuthenticateContext authenticateContext, | ||
Role role | ||
) { | ||
Assert.notNull(httpRequestTokenExtractor, "The httpRequestTokenExtractor must not be null"); | ||
Assert.notNull(authenticationTokenExtractor, "The authenticationTokenExtractor must not be null"); | ||
Assert.notNull(authenticateContext, "The authenticateContext must not be null"); | ||
Assert.notNull(role, "The role must not be null"); | ||
this.httpRequestTokenExtractor = httpRequestTokenExtractor; | ||
this.authenticationTokenExtractor = authenticationTokenExtractor; | ||
this.authenticateContext = authenticateContext; | ||
this.role = role; | ||
} | ||
|
||
@Override | ||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) { | ||
String token = httpRequestTokenExtractor.extract(request) | ||
.orElseThrow(() -> new UnauthorizedException(ErrorCode.NEED_AUTH_TOKEN)); | ||
Authentication authentication = authenticationTokenExtractor.extract(token); | ||
if (authentication.getRole() != role) { | ||
throw new ForbiddenException(ErrorCode.NOT_ENOUGH_PERMISSION); | ||
} | ||
authenticateContext.setAuthentication(authentication); | ||
return true; | ||
} | ||
} |
39 changes: 39 additions & 0 deletions
39
backend/src/main/java/com/festago/auth/MemberAuthenticationArgumentResolver.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
package com.festago.auth; | ||
|
||
import com.festago.auth.annotation.Member; | ||
import com.festago.auth.domain.authentication.Authentication; | ||
import com.festago.auth.domain.authentication.MemberAuthentication; | ||
import com.festago.common.exception.UnexpectedException; | ||
import org.springframework.core.MethodParameter; | ||
import org.springframework.util.Assert; | ||
import org.springframework.web.bind.support.WebDataBinderFactory; | ||
import org.springframework.web.context.request.NativeWebRequest; | ||
import org.springframework.web.method.support.HandlerMethodArgumentResolver; | ||
import org.springframework.web.method.support.ModelAndViewContainer; | ||
|
||
public class MemberAuthenticationArgumentResolver implements HandlerMethodArgumentResolver { | ||
|
||
private final AuthenticateContext authenticateContext; | ||
|
||
public MemberAuthenticationArgumentResolver(AuthenticateContext authenticateContext) { | ||
Assert.notNull(authenticateContext, "The authenticateContext must not be null"); | ||
this.authenticateContext = authenticateContext; | ||
} | ||
|
||
@Override | ||
public boolean supportsParameter(MethodParameter parameter) { | ||
return parameter.getParameterType().equals(MemberAuthentication.class) && parameter.hasParameterAnnotation( | ||
Member.class); | ||
} | ||
|
||
@Override | ||
public MemberAuthentication resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, | ||
NativeWebRequest webRequest, WebDataBinderFactory binderFactory | ||
) { | ||
Authentication authentication = authenticateContext.getAuthentication(); | ||
if (authentication instanceof MemberAuthentication memberAuthentication) { | ||
return memberAuthentication; | ||
} | ||
throw new UnexpectedException("인가된 권한이 인자의 권한과 맞지 않습니다."); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
14 changes: 14 additions & 0 deletions
14
backend/src/main/java/com/festago/auth/annotation/Authorization.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
package com.festago.auth.annotation; | ||
|
||
import com.festago.auth.domain.Role; | ||
import java.lang.annotation.ElementType; | ||
import java.lang.annotation.Retention; | ||
import java.lang.annotation.RetentionPolicy; | ||
import java.lang.annotation.Target; | ||
|
||
@Target(ElementType.TYPE) | ||
@Retention(RetentionPolicy.RUNTIME) | ||
public @interface Authorization { | ||
|
||
Role role(); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
8 changes: 0 additions & 8 deletions
8
backend/src/main/java/com/festago/auth/application/AuthTokenExtractor.java
This file was deleted.
Oops, something went wrong.
9 changes: 0 additions & 9 deletions
9
backend/src/main/java/com/festago/auth/application/AuthTokenProvider.java
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
굳이
parameter.hasParameterAnnotation(Admin.class)
으로 검사할 필요가 있을까 싶네요. 😂애초에 권한이 맞지 않는 경우가 개발자가 실수로 핸들러 메서드에
Authorization(role = ADMIN)
을 해두고, 인자에MemberAuhentication
을 받는 경우일텐데..There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
parameter가 ~Authentication 으로 바뀌었으니 @Admin 과 같은 어노테이션은 없애도 되지 않을까요?