Skip to content

Commit

Permalink
style: Filter, SerurityConfig 코드 정리
Browse files Browse the repository at this point in the history
  • Loading branch information
wonslee committed Sep 15, 2023
1 parent e55a758 commit 81f6677
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 33 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,11 @@ public class GlobalConstants {
/**
* Common
*/
public static final String[] APPOINTED_URIS = {
public static final String[] AUTH_WHITELIST = {
"/",
"/csrf",
"/error",

"/auth/login/admin",
"/auth/reissue",
"/auth/login",
Expand All @@ -26,10 +30,7 @@ public class GlobalConstants {
"/swagger-ui/#",
"/webjars/**",
"/swagger/**",
"/swagger-ui/**",
"/",
"/csrf",
"/error"
"/swagger-ui/**"
};

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,10 @@ public PasswordEncoder passwordEncoder() {

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf().disable()
http
.csrf().disable()
.formLogin().disable()
.httpBasic().disable()
.cors().configurationSource(corsConfigurationSource())
.and()

Expand All @@ -55,37 +58,35 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
//세션 사용 안함
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)

.and()
.formLogin().disable()
.httpBasic().disable()

.authorizeHttpRequests()
.requestMatchers(GlobalConstants.APPOINTED_URIS).permitAll()
.anyRequest().authenticated();
.requestMatchers(GlobalConstants.AUTH_WHITELIST).permitAll()
.anyRequest().authenticated()

http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
.and()
.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);

return http.build();
}

@Bean
public JwtAuthenticationFilter jwtAuthenticationFilter() {
JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter(jwtProvider);
return jwtAuthenticationFilter;
return new JwtAuthenticationFilter(jwtProvider);
}

@Bean
public CorsConfigurationSource corsConfigurationSource() { //다시 알아볼것..

CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowCredentials(true);
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedOrigins(List.of("*"));
configuration.setAllowedMethods(
Arrays.asList(HttpMethod.POST.name(), HttpMethod.GET.name(),
HttpMethod.PUT.name(), HttpMethod.DELETE.name(),
HttpMethod.OPTIONS.name())
);
configuration.setAllowedHeaders(Arrays.asList("*"));
configuration.setAllowedHeaders(List.of("*"));

UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ public ReadableRequestBodyWrapper(HttpServletRequest request) {
return;
}
if (request.getContentType() != null && request.getContentType().contains(
ContentType.MULTIPART_FORM_DATA.getMimeType())) { // 파일 업로드시 로깅 제외 TODO: 이 경우에도 로깅해야 하지 않나?
ContentType.MULTIPART_FORM_DATA.getMimeType())) { // 파일 업로드시 로깅 제외
return;
}

Expand Down
Original file line number Diff line number Diff line change
@@ -1,28 +1,20 @@
package bokjak.bokjakserver.web.log;

import jakarta.servlet.*;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebFilter;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.jetbrains.annotations.NotNull;
import org.springframework.web.filter.OncePerRequestFilter;

import java.io.IOException;

@WebFilter(urlPatterns = "/*") // 대상: 전체 URI
public class ReadableRequestBodyWrapperFilter implements Filter {

@Override
public void init(FilterConfig filterConfig) {
// Do nothing
}

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
ReadableRequestBodyWrapper wrapper = new ReadableRequestBodyWrapper((HttpServletRequest) request);
filterChain.doFilter(wrapper, response); // 필터 체인에 Wrapper 추가
}

public class ReadableRequestBodyWrapperFilter extends OncePerRequestFilter {
@Override
public void destroy() {
// Do nothing
protected void doFilterInternal(@NotNull HttpServletRequest request, @NotNull HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
filterChain.doFilter(new ReadableRequestBodyWrapper(request), response); // 필터 체인에 커스텀 Wrapper 추가
}

}

0 comments on commit 81f6677

Please sign in to comment.