Skip to content

Commit

Permalink
refact: token refresh logic
Browse files Browse the repository at this point in the history
  • Loading branch information
windeer9 committed Jan 19, 2024
1 parent ad42527 commit 064b499
Show file tree
Hide file tree
Showing 4 changed files with 48 additions and 14 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ protected void successfulAuthentication(HttpServletRequest request,
response.setHeader("Refresh", refreshToken);
}

private String delegateAccessToken(User user){
public String delegateAccessToken(User user){
Map<String, Object> claims = new HashMap<>();
claims.put("userId", user.getUserId());
claims.put("userName", user.getUserName());
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
package com.green.greenearthforus.login.filter;

import com.green.greenearthforus.exception.BusinessLogicException;
import com.green.greenearthforus.exception.ExceptionCode;
import com.green.greenearthforus.login.util.CustomAuthorityUtils;
import com.green.greenearthforus.login.jwttoken.JwtTokenizer;
import com.green.greenearthforus.user.entity.User;
import com.green.greenearthforus.user.repository.UserRepository;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
Expand All @@ -18,16 +22,26 @@
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Optional;

import io.jsonwebtoken.Jwts;

public class JwtVerificationFilter extends OncePerRequestFilter {
private final JwtTokenizer jwtTokenizer;
private final CustomAuthorityUtils authorityUtils;

private final UserRepository userRepository;

private final JwtAuthenticationFilter jwtAuthenticationFilter;

public JwtVerificationFilter(JwtTokenizer jwtTokenizer,
CustomAuthorityUtils customAuthorityUtils){
CustomAuthorityUtils customAuthorityUtils,
UserRepository userRepository,
JwtAuthenticationFilter jwtAuthenticationFilter){
this.authorityUtils = customAuthorityUtils;
this.jwtTokenizer = jwtTokenizer;
this.userRepository = userRepository;
this.jwtAuthenticationFilter = jwtAuthenticationFilter;
}

@Override
Expand All @@ -43,18 +57,25 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
// refresh토큰으로 만료된 access토큰을 재발급하는 로직
String jws = request.getHeader("Refresh");
String base64EncodedSecretKey = jwtTokenizer.key();
Claims accessClaims = jwtTokenizer.getClaims(jws, base64EncodedSecretKey).getBody();
String neoAccessToken = generateNewAccessTokenUsingRefreshToken(request.getHeader("Refresh"), base64EncodedSecretKey, accessClaims);
if (neoAccessToken != null) {
String subject = jwtTokenizer.getClaims(jws, base64EncodedSecretKey).getBody().getSubject();
Optional<User> optionalUser = userRepository.findByUserName(subject);
if(optionalUser.isPresent()){
User user = optionalUser.get();
String neoAccessToken = jwtAuthenticationFilter.delegateAccessToken(user);
response.setHeader("Authorization", "Bearer " + neoAccessToken);
}


// Claims accessClaims = jwtTokenizer.getClaims(jws, base64EncodedSecretKey).getBody();
//
// String neoAccessToken = generateNewAccessTokenUsingRefreshToken(request.getHeader("Refresh"), base64EncodedSecretKey, accessClaims, subject);
// if (neoAccessToken != null) {
// response.setHeader("Authorization", "Bearer " + neoAccessToken);
// }
}
}
}
}



chain.doFilter(request, response);
}

Expand Down Expand Up @@ -142,8 +163,10 @@ public boolean isRefreshTokenExpired(HttpServletRequest request){
}
}

public String generateNewAccessTokenUsingRefreshToken(String refreshToken, String key, Claims accessTokenClaims) {
public String generateNewAccessTokenUsingRefreshToken(String refreshToken, String key, Claims accessTokenClaims, String subject) {
// Key currentKey = jwtTokenizer.getKeyFromBase64EncodedKey(key);


//
// Claims claims = Jwts.parserBuilder()
// .setSigningKey(currentKey)
Expand All @@ -152,7 +175,7 @@ public String generateNewAccessTokenUsingRefreshToken(String refreshToken, Strin
// .getBody();
//
// String username = claims.getSubject();
String subject = jwtTokenizer.getClaims(refreshToken, key).getBody().getSubject();


return jwtTokenizer.generateAccessToken(accessTokenClaims, subject, jwtTokenizer.getTokenExpiration(jwtTokenizer.getAccessTokenExpirationMinutes()), key);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,8 +71,14 @@ public Jws<Claims> getClaims(String jws, String base64EncodedSecretKey) {
.build()
.parseClaimsJws(jws);
}

// 단순히 검증만 하는 용도로 쓰일 경우
public String getSubject(String jws, String base64EncodedSecretKey)
{
Key key = getKeyFromBase64EncodedKey(base64EncodedSecretKey);
return Jwts.parserBuilder()
.setSigningKey(key)
.build()
.parseClaimsJws(jws).getBody().getSubject();
} // 단순히 검증만 하는 용도로 쓰일 경우
public void verifySignature(String jws, String base64EncodedSecretKey) {
Key key = getKeyFromBase64EncodedKey(base64EncodedSecretKey);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
import com.green.greenearthforus.login.jwttoken.JwtTokenizer;
import com.green.greenearthforus.login.filter.JwtVerificationFilter;
import com.green.greenearthforus.user.controller.UserController;
import com.green.greenearthforus.user.repository.UserRepository;
import io.jsonwebtoken.Claims;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
Expand All @@ -35,10 +36,14 @@ public class SecurityConfig{
private final JwtTokenizer jwtTokenizer;
private final CustomAuthorityUtils authorityUtils;

private final UserRepository userRepository;

public SecurityConfig(JwtTokenizer jwtTokenizer,
CustomAuthorityUtils authorityUtils){
CustomAuthorityUtils authorityUtils,
UserRepository userRepository){
this.jwtTokenizer = jwtTokenizer;
this.authorityUtils = authorityUtils;
this.userRepository = userRepository;
}

@Bean
Expand Down Expand Up @@ -112,7 +117,7 @@ public void configure(HttpSecurity builder){
new JwtAuthenticationFilter(aUthenticationManager, jwtTokenizer);
jwtAuthenticationFilter.setFilterProcessesUrl("/auth/login");

JwtVerificationFilter jwtVerificationFilter = new JwtVerificationFilter(jwtTokenizer, authorityUtils);
JwtVerificationFilter jwtVerificationFilter = new JwtVerificationFilter(jwtTokenizer, authorityUtils, userRepository, jwtAuthenticationFilter);

builder.addFilter(jwtAuthenticationFilter)
.addFilterAfter(jwtVerificationFilter, JwtAuthenticationFilter.class);
Expand Down

0 comments on commit 064b499

Please sign in to comment.