[feat] 에러 처리 기능 개발 중

Author: JeonHaeseung

src/main/java/Ness/Backend/domain/auth/jwt/JwtAuthorizationFilter.java

@@ -3,10 +3,15 @@
 import Ness.Backend.domain.auth.security.AuthDetailService;
 import Ness.Backend.domain.auth.security.AuthDetails;
 import Ness.Backend.domain.member.entity.Member;
+import Ness.Backend.global.error.ErrorCode;
+import Ness.Backend.global.error.exception.ExpiredTokenException;
+import Ness.Backend.global.error.exception.UnauthorizedAccessException;
+import Ness.Backend.global.error.exception.UnauthorizedUserException;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -18,6 +23,7 @@
 /* 사용자의 권한 부여
  * 요청에 포함된 JWT 토큰을 검증하고, 토큰에서 추출한 권한 정보를 기반으로 사용자에 대한 권한을 확인
  * 모든 사용자가 모든 리소스에 대한 권한을 가지는 것은 아님-특정 리소스에 대한 권한만 가지도록 해야 함*/
+@Slf4j
 public class JwtAuthorizationFilter extends BasicAuthenticationFilter {
     private JwtTokenProvider jwtTokenProvider;
 
@@ -41,18 +47,28 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 
         /* 헤더 안의 JWT 토큰을 검증해 정상적인 사용자인지 확인 */
         String jwtToken = jwtHeader.substring(7);
-        Member tokenMember = jwtTokenProvider.validJwtToken(jwtToken);
 
-        if(tokenMember != null){ //토큰이 정상일 경우
-            AuthDetails authDetails = new AuthDetails(tokenMember);
+        try {
+            Member tokenMember = jwtTokenProvider.validJwtToken(jwtToken);
 
-            /* JWT 토큰 서명이 정상이면 Authentication 객체 생성 */
-            Authentication authentication = new UsernamePasswordAuthenticationToken(authDetails, null, authDetails.getAuthorities());
+            if(tokenMember != null){ //토큰이 정상일 경우
+                AuthDetails authDetails = new AuthDetails(tokenMember);
 
-            /* 시큐리티 세션에 Authentication 을 저장 */
-            SecurityContextHolder.getContext().setAuthentication(authentication);
+                /* JWT 토큰 서명이 정상이면 Authentication 객체 생성 */
+                Authentication authentication = new UsernamePasswordAuthenticationToken(authDetails, null, authDetails.getAuthorities());
 
-            SecurityContextHolder.getContext().setAuthentication(authentication);
+                /* 시큐리티 세션에 Authentication 을 저장 */
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+            }
+        } catch (UnauthorizedAccessException e){
+            request.setAttribute("exception", ErrorCode.UNAUTHORIZED_ACCESS.getCode());
+            log.error("UNAUTHORIZED_ACCESS");
+        } catch (ExpiredTokenException e){
+            log.error("EXPIRED_TOKEN");
+            request.setAttribute("exception", ErrorCode.EXPIRED_TOKEN.getCode());
+        } catch (UnauthorizedUserException e){
+            log.error("UNAUTHORIZED_USER");
+            request.setAttribute("exception", ErrorCode.UNAUTHORIZED_USER.getCode());
         }
         chain.doFilter(request, response);
     }

src/main/java/Ness/Backend/domain/auth/jwt/JwtTokenProvider.java

@@ -3,10 +3,15 @@
 import Ness.Backend.domain.auth.jwt.entity.JwtToken;
 import Ness.Backend.domain.member.MemberRepository;
 import Ness.Backend.domain.member.entity.Member;
+import Ness.Backend.global.error.ErrorCode;
+import Ness.Backend.global.error.exception.ExpiredTokenException;
+import Ness.Backend.global.error.exception.UnauthorizedAccessException;
+import Ness.Backend.global.error.exception.UnauthorizedUserException;
 import com.auth0.jwt.JWT;
 import com.auth0.jwt.algorithms.Algorithm;
 import jakarta.annotation.PostConstruct;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.client.HttpServerErrorException;
 
@@ -19,6 +24,7 @@
 
 /* JSON Web Token (JWT)을 생성하고 검증하는 역할 */
 @RequiredArgsConstructor
+@Slf4j
 public class JwtTokenProvider {
 
     private final MemberRepository memberRepository;
@@ -127,21 +133,25 @@ public Member validJwtToken(String jwtToken){
         /* email 값이 null이 아닌지 확인 */
         String authKey = getAuthKeyClaim(jwtToken);
         if (authKey == null){ //null 값이라면 올바른 jwtToken이 아님
-            //throw new UnauthorizedException(ErrorCode.INVALID_AUTH_TOKEN);
-            return null;
+            log.error("UnauthorizedAccessException");
+            throw new UnauthorizedAccessException();
         }
 
         /* JWT_EXPIRATION_TIME이 지나지 않았는지 확인 */
-        Date expiresAt =getExpireTimeClaim(jwtToken);
+        Date expiresAt = getExpireTimeClaim(jwtToken);
         if (!this.validExpiredTime(expiresAt)) { //만료시간이 지났다면 올바른 jwtToken이 아님
-            //throw new UnauthorizedException(ErrorCode.EXPIRED_TOKEN);
-            return null;
+            log.error("ExpiredTokenException");
+            throw new ExpiredTokenException();
         }
 
         /* email 값이 정상적으로 있고, JWT_EXPIRATION_TIME도 지나지 않았다면,
          * 해당 토큰의 email 정보를 가진 맴버가 있는지 DB에서 확인 */
-        //Member tokenUser = memberRepository.findMemberByEmail(email);
+        Member tokenMember = memberRepository.findMemberByEmail(authKey);
+        if (tokenMember == null) { //DB에 해당 맴버가 없다면 올바른 jwtToken이 아님
+            log.error("UnauthorizedUserException");
+            throw new UnauthorizedUserException();
+        }
 
-        return memberRepository.findMemberByEmail(authKey);
+        return tokenMember;
     }
 }

src/main/java/Ness/Backend/domain/auth/oAuth/OAuth2Service.java

@@ -17,7 +17,7 @@
 import Ness.Backend.global.auth.oAuth.naver.NaverOAuthApi;
 import Ness.Backend.global.auth.oAuth.naver.NaverResourceApi;
 import Ness.Backend.global.error.ErrorCode;
-import Ness.Backend.global.error.exception.UnauthorizedException;
+import Ness.Backend.global.error.exception.UnauthorizedAccessException;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.core.env.Environment;
@@ -201,7 +201,7 @@ private ResourceDto getUserResource(String accessToken, String registration) {
     public void logout(Member member) {
         /* refreshToken 만료 여부 확인 */
         if (!refreshTokenRepository.existsById(member.getId())) {
-            throw new UnauthorizedException(ErrorCode.INVALID_REFRESH_TOKEN);
+            throw new UnauthorizedAccessException(ErrorCode.INVALID_REFRESH_TOKEN);
         }
 
         refreshTokenRepository.deleteById(member.getId());

src/main/java/Ness/Backend/domain/auth/security/JwtAuthenticationEntryPoint.java

@@ -0,0 +1,51 @@
+package Ness.Backend.domain.auth.security;
+
+import Ness.Backend.global.error.ErrorCode;
+import Ness.Backend.global.error.exception.ExpiredTokenException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Slf4j
+@Component
+public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
+    @Override
+    public void commence(HttpServletRequest request,
+                         HttpServletResponse response,
+                         AuthenticationException e) throws IOException, ServletException {
+        log.error("JwtAuthenticationEntryPoint 호출");
+        String exception = (String)request.getAttribute("exception");
+        response.setCharacterEncoding("utf-8");
+
+        if(exception.equals(ErrorCode.UNAUTHORIZED_ACCESS.getCode())) {
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.setCharacterEncoding("utf-8");
+            response.setContentType("application/json");
+        }
+        else if(exception.equals(ErrorCode.EXPIRED_TOKEN.getCode())) {
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.setCharacterEncoding("utf-8");
+            response.setContentType("application/json");
+            ExpiredTokenException expiredTokenException = new ExpiredTokenException();
+            ObjectMapper objectMapper = new ObjectMapper();
+            String result = objectMapper.writeValueAsString(expiredTokenException);
+            response.getWriter().write(result);
+        }
+        else if(exception.equals(ErrorCode.UNAUTHORIZED_USER.getCode())) {
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.setCharacterEncoding("utf-8");
+            response.setContentType("application/json");        }
+        else {
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.setCharacterEncoding("utf-8");
+            response.setContentType("application/json");
+        }
+    }
+}

src/main/java/Ness/Backend/domain/auth/security/SecurityConfig.java

@@ -30,6 +30,7 @@ public class SecurityConfig {
     private final AuthDetailService authDetailService;
     private final AuthenticationConfiguration authenticationConfiguration;
     private final RefreshTokenService refreshTokenService;
+    private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
 
     /* 회원가입: 패스워드 암호화를 위해 사용 */
     @Bean
@@ -81,6 +82,9 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti
                 .sessionManagement(c -> c.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) //세션을 생성하지 않음->토큰 기반 인증 필요
                 .addFilter(new JwtAuthenticationFilter(authenticationManager(), jwtTokenProvider(), refreshTokenService))  //사용자 인증
                 .addFilter(new JwtAuthorizationFilter(authenticationManager(),  jwtTokenProvider(), authDetailService)) //사용자 권한 부여
+                .exceptionHandling((exceptionConfig) ->
+                        exceptionConfig.authenticationEntryPoint(jwtAuthenticationEntryPoint)
+                ) //인가(Authorization)가 실패시 실행
                 .authorizeHttpRequests(requests -> requests
                         .dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll()
                         //.requestMatchers("/signup/**", "/login/**").permitAll() // 회원가입 및 로그인 경로는 인증 생략

src/main/java/Ness/Backend/global/error/exception/BadRequestException.java

@@ -0,0 +1,20 @@
+package Ness.Backend.global.error.exception;
+
+import Ness.Backend.global.error.ErrorCode;
+import lombok.Getter;
+
+/**
+ * status : 400
+ */
+@Getter
+public class BadRequestException extends BaseException {
+    public BadRequestException() {
+        super(ErrorCode._BAD_REQUEST, ErrorCode._BAD_REQUEST.getMessage());
+    }
+    public BadRequestException(String message) {
+        super(ErrorCode._BAD_REQUEST, message);
+    }
+    public BadRequestException(ErrorCode errorCode) {
+        super(errorCode, errorCode.getMessage());
+    }
+}

src/main/java/Ness/Backend/global/error/exception/ExpiredTokenException.java

@@ -0,0 +1,20 @@
+package Ness.Backend.global.error.exception;
+
+import Ness.Backend.global.error.ErrorCode;
+import lombok.Getter;
+
+/**
+ * status : 403
+ */
+@Getter
+public class ExpiredTokenException extends BaseException {
+    public ExpiredTokenException() {
+        super(ErrorCode.EXPIRED_TOKEN, ErrorCode.EXPIRED_TOKEN.getMessage());
+    }
+    public ExpiredTokenException(String message) {
+        super(ErrorCode.EXPIRED_TOKEN, message);
+    }
+    public ExpiredTokenException(ErrorCode errorCode) {
+        super(errorCode, errorCode.getMessage());
+    }
+}

src/main/java/Ness/Backend/global/error/exception/UnauthorizedAccessException.java

@@ -7,14 +7,14 @@
  * status : 401
  */
 @Getter
-public class UnauthorizedException extends BaseException {
-    public UnauthorizedException() {
+public class UnauthorizedAccessException extends BaseException {
+    public UnauthorizedAccessException() {
         super(ErrorCode.UNAUTHORIZED_ACCESS, ErrorCode.UNAUTHORIZED_ACCESS.getMessage());
     }
-    public UnauthorizedException(String message) {
+    public UnauthorizedAccessException(String message) {
         super(ErrorCode.UNAUTHORIZED_ACCESS, message);
     }
-    public UnauthorizedException(ErrorCode errorCode) {
+    public UnauthorizedAccessException(ErrorCode errorCode) {
         super(errorCode, errorCode.getMessage());
     }
 }

src/main/java/Ness/Backend/global/error/exception/UnauthorizedUserException.java

@@ -0,0 +1,20 @@
+package Ness.Backend.global.error.exception;
+
+import Ness.Backend.global.error.ErrorCode;
+import lombok.Getter;
+
+/**
+ * status : 403
+ */
+@Getter
+public class UnauthorizedUserException extends BaseException {
+    public UnauthorizedUserException() {
+        super(ErrorCode.UNAUTHORIZED_USER, ErrorCode.UNAUTHORIZED_USER.getMessage());
+    }
+    public UnauthorizedUserException(String message) {
+        super(ErrorCode.UNAUTHORIZED_USER, message);
+    }
+    public UnauthorizedUserException(ErrorCode errorCode) {
+        super(errorCode, errorCode.getMessage());
+    }
+}