From 09dc5c855ffd5ec763e0f3ca3d0de27377a4130c Mon Sep 17 00:00:00 2001 From: wwan13 Date: Tue, 16 Jul 2024 14:13:11 +0900 Subject: [PATCH 1/2] fix : Modified to prevent jwt-related exceptions from occurring in requests with no security settings. --- .../auth/RequestAccessManager.java | 2 ++ .../processor/InterceptorAuthProcessor.java | 25 +++++++++++++------ .../provider/HttpRequestAccessManager.java | 12 ++++++--- 3 files changed, 29 insertions(+), 10 deletions(-) diff --git a/src/main/java/io/wwan13/wintersecurity/auth/RequestAccessManager.java b/src/main/java/io/wwan13/wintersecurity/auth/RequestAccessManager.java index f0f239c..71b9c5f 100644 --- a/src/main/java/io/wwan13/wintersecurity/auth/RequestAccessManager.java +++ b/src/main/java/io/wwan13/wintersecurity/auth/RequestAccessManager.java @@ -25,4 +25,6 @@ public interface RequestAccessManager { void manageWithAuthentication(HttpMethod method, String uri, Set roles); void manageWithoutAuthentication(HttpMethod method, String uri); + + boolean isUnsecuredRequest(HttpMethod method, String uri); } diff --git a/src/main/java/io/wwan13/wintersecurity/auth/processor/InterceptorAuthProcessor.java b/src/main/java/io/wwan13/wintersecurity/auth/processor/InterceptorAuthProcessor.java index ec9723b..1870f2f 100644 --- a/src/main/java/io/wwan13/wintersecurity/auth/processor/InterceptorAuthProcessor.java +++ b/src/main/java/io/wwan13/wintersecurity/auth/processor/InterceptorAuthProcessor.java @@ -20,6 +20,8 @@ import io.wwan13.wintersecurity.auth.RequestStorage; import io.wwan13.wintersecurity.auth.TokenExtractor; import io.wwan13.wintersecurity.constant.Constants; +import io.wwan13.wintersecurity.exception.unauthirized.ExpiredJwtTokenException; +import io.wwan13.wintersecurity.exception.unauthirized.InvalidJwtTokenException; import io.wwan13.wintersecurity.jwt.TokenClaims; import io.wwan13.wintersecurity.jwt.TokenDecoder; import org.springframework.http.HttpMethod; @@ -56,15 +58,24 @@ private void actionIfTokenPresent( HttpServletRequest request, RequestStorage storage ) { - TokenClaims claims = tokenDecoder.decode(token); + try { + TokenClaims claims = tokenDecoder.decode(token); - accessManager.manageWithAuthentication( - HttpMethod.resolve(request.getMethod()), - request.getRequestURI(), - claims.getRoles() - ); + accessManager.manageWithAuthentication( + HttpMethod.resolve(request.getMethod()), + request.getRequestURI(), + claims.getRoles() + ); + + storage.save(Constants.ATTRIBUTE_CLAIMS_KEY, claims); + } catch (InvalidJwtTokenException | ExpiredJwtTokenException e) { + HttpMethod method = HttpMethod.resolve(request.getMethod()); + String uri = request.getRequestURI(); - storage.save(Constants.ATTRIBUTE_CLAIMS_KEY, claims); + if (!accessManager.isUnsecuredRequest(method, uri)) { + throw e; + } + } } private void actionIfTokenAbsent(HttpServletRequest request) { diff --git a/src/main/java/io/wwan13/wintersecurity/auth/provider/HttpRequestAccessManager.java b/src/main/java/io/wwan13/wintersecurity/auth/provider/HttpRequestAccessManager.java index dc8f9b5..1afed0f 100644 --- a/src/main/java/io/wwan13/wintersecurity/auth/provider/HttpRequestAccessManager.java +++ b/src/main/java/io/wwan13/wintersecurity/auth/provider/HttpRequestAccessManager.java @@ -34,6 +34,7 @@ public HttpRequestAccessManager(AuthPatterns authPatterns) { this.authPatterns = authPatterns; } + @Override public void manageWithAuthentication( HttpMethod method, String uri, @@ -44,11 +45,16 @@ public void manageWithAuthentication( } } + @Override public void manageWithoutAuthentication(HttpMethod method, String uri) { - Set role = Collections.singleton(DefaultAuthPattern.ANONYMOUS_ROLE); - - if (!authPatterns.isAccessibleRequest(method, uri, role)) { + if (!isUnsecuredRequest(method, uri)) { throw new UnauthorizedException(); } } + + @Override + public boolean isUnsecuredRequest(HttpMethod method, String uri) { + Set role = Collections.singleton(DefaultAuthPattern.ANONYMOUS_ROLE); + return authPatterns.isAccessibleRequest(method, uri, role); + } } From c9883f641667e1a08a126863fe2fd4656692762b Mon Sep 17 00:00:00 2001 From: wwan13 Date: Tue, 16 Jul 2024 14:13:47 +0900 Subject: [PATCH 2/2] chore : Version 0.0.9 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 3cd933c..faad922 100644 --- a/build.gradle +++ b/build.gradle @@ -6,7 +6,7 @@ plugins { } group = 'io.wwan13' -version = '0.0.5' +version = '0.0.9' java { sourceCompatibility = '17'