feat: 인증되지 않은 사용자 요청에 대한 예외를 처리하는 AuthenticationEntryPoint 구현체 구현

Na-o-man · Aug 4, 2024 · a8e4290 · a8e4290
1 parent b4a8f68
commit a8e4290
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 2 deletions.
diff --git a/src/main/java/com/umc/naoman/global/error/code/GlobalErrorCode.java b/src/main/java/com/umc/naoman/global/error/code/GlobalErrorCode.java
@@ -22,6 +22,7 @@ public enum GlobalErrorCode implements ErrorCode {
     INTERNAL_SERVER_ERROR(500, "EG051", "내부 서버 오류입니다."),
     UNDEFINED_ERROR(400, "EG100", "정의되지 않은 에러입니다."),
     CLIENT_REGISTRATION_NOT_FOUND(400, "EM000", "해당 registrationId를 가진 ClientRegistration이 존재하지 않습니다."),
+    UNAUTHORIZED(401, "EG000", "인증되지 않은 사용자의 요청입니다. 로그인해 주세요.");
 
     ;
     private final int status;

diff --git a/src/main/java/com/umc/naoman/global/security/SecurityConfig.java b/src/main/java/com/umc/naoman/global/security/SecurityConfig.java
@@ -4,6 +4,7 @@
 import com.umc.naoman.domain.member.service.redis.RefreshTokenService;
 import com.umc.naoman.global.security.filter.JwtAuthenticationFilter;
 import com.umc.naoman.global.security.handler.CustomAccessDeniedHandler;
+import com.umc.naoman.global.security.handler.CustomAuthenticationEntryPoint;
 import com.umc.naoman.global.security.handler.OAuth2LoginSuccessHandler;
 import com.umc.naoman.global.security.repository.OAuth2AuthorizationRequestBasedOnCookieRepository;
 import com.umc.naoman.global.security.service.CustomOAuth2UserService;
@@ -26,6 +27,7 @@ public class SecurityConfig {
     private final CustomOAuth2UserService customOAuth2UserService;
     private final RefreshTokenService refreshTokenService;
     private final CustomAccessDeniedHandler customAccessDeniedHandler;
+    private final CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
     private final JwtUtils jwtUtils;
 
     @Bean
@@ -59,14 +61,15 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                                 "/v3/api-docs/**").permitAll()
                         .anyRequest().authenticated()
                 )
-                .exceptionHandling(exception -> exception.accessDeniedHandler(customAccessDeniedHandler))
+                .exceptionHandling(exception -> exception
+                        .accessDeniedHandler(customAccessDeniedHandler)
+                        .authenticationEntryPoint(customAuthenticationEntryPoint))
                 .oauth2Login(oauth2 -> oauth2
                         .authorizationEndpoint(endpoint -> endpoint
                                 .authorizationRequestRepository(oAuth2AuthorizationRequestBasedOnCookieRepository()))
                         .userInfoEndpoint(userInfoEndpointConfig ->
                                 userInfoEndpointConfig.userService(customOAuth2UserService))
                         .successHandler(oAuth2LoginSuccessHandler())
-                        .loginPage("/auth/login")
                 )
                 .addFilterAfter(new JwtAuthenticationFilter(jwtUtils), OAuth2LoginAuthenticationFilter.class);
 

diff --git a/src/main/java/com/umc/naoman/global/security/handler/CustomAuthenticationEntryPoint.java b/src/main/java/com/umc/naoman/global/security/handler/CustomAuthenticationEntryPoint.java
@@ -0,0 +1,37 @@
+package com.umc.naoman.global.security.handler;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.umc.naoman.global.error.ErrorResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.http.MediaType;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+import java.nio.charset.Charset;
+
+import static com.umc.naoman.global.error.code.GlobalErrorCode.UNAUTHORIZED;
+
+@Component
+public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {
+    private final ObjectMapper objectMapper = new ObjectMapper();
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response,
+                         AuthenticationException authException) throws IOException, ServletException {
+        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
+        response.setStatus(UNAUTHORIZED.getStatus());
+        response.setCharacterEncoding(Charset.defaultCharset().name());
+
+        ErrorResponse errorResponse = ErrorResponse.builder()
+                .status(response.getStatus())
+                .code(UNAUTHORIZED.getMessage())
+                .message(authException.getMessage())
+                .data(null)
+                .build();
+
+        response.getWriter().write(objectMapper.writeValueAsString(errorResponse));
+    }
+}