JNU-econovation · hwangdaesun · Jun 6, 2024 · Jun 5, 2024 · Jun 5, 2024 · Jun 5, 2024
diff --git a/BE/exceed/src/main/java/com/gaebaljip/exceed/common/Encryption.java b/BE/exceed/src/main/java/com/gaebaljip/exceed/common/Encryption.java
@@ -13,10 +13,10 @@
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 
-import com.gaebaljip.exceed.common.annotation.Timer;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
+import com.gaebaljip.exceed.common.annotation.Timer;
 import com.gaebaljip.exceed.common.exception.DecryptionErrorException;
 import com.gaebaljip.exceed.common.exception.EncryptionErrorException;
 
@@ -47,6 +47,7 @@ public String encrypt(String value) {
             throw EncryptionErrorException.EXECPTION;
         }
     }
+
     @Timer
     public String decrypt(final String encryptedValue) {
         try {

diff --git a/BE/exceed/src/main/java/com/gaebaljip/exceed/common/exception/GlobalExceptionHandler.java b/BE/exceed/src/main/java/com/gaebaljip/exceed/common/exception/GlobalExceptionHandler.java
@@ -18,10 +18,7 @@
 import com.gaebaljip.exceed.common.ApiResponse;
 import com.gaebaljip.exceed.common.ApiResponseGenerator;
 import com.gaebaljip.exceed.common.Error;
-import com.gaebaljip.exceed.security.exception.ExpiredJwtException;
-import com.gaebaljip.exceed.security.exception.InvalidJwtException;
-import com.gaebaljip.exceed.security.exception.SecurityErrorCode;
-import com.gaebaljip.exceed.security.exception.UnSupportedJwtException;
+import com.gaebaljip.exceed.security.exception.*;
 
 import lombok.extern.slf4j.Slf4j;
 
@@ -32,21 +29,33 @@ public class GlobalExceptionHandler {
     @ExceptionHandler(ExpiredJwtException.class)
     protected ApiResponse<?> handleExpiredJwtAuthenticationException(ExpiredJwtException e) {
         return ApiResponseGenerator.fail(
-                SecurityErrorCode.EXPIRED_JWT.getCode(), e.getMessage(), HttpStatus.UNAUTHORIZED);
+                SecurityErrorCode.EXPIRED_JWT.getCode(),
+                SecurityErrorCode.EXPIRED_JWT.getReason(),
+                HttpStatus.UNAUTHORIZED);
     }
 
     @ExceptionHandler(UnSupportedJwtException.class)
     protected ApiResponse<?> handleUnsupportedJwtException(UnSupportedJwtException e) {
         return ApiResponseGenerator.fail(
                 SecurityErrorCode.UNSUPPORTED_JWT.getCode(),
-                e.getMessage(),
+                SecurityErrorCode.UNSUPPORTED_JWT.getReason(),
                 HttpStatus.UNAUTHORIZED);
     }
 
     @ExceptionHandler(InvalidJwtException.class)
     protected ApiResponse<?> handleInvalidJwtException(InvalidJwtException e) {
         return ApiResponseGenerator.fail(
-                SecurityErrorCode.INVALID_JWT.getCode(), e.getMessage(), HttpStatus.UNAUTHORIZED);
+                SecurityErrorCode.INVALID_JWT.getCode(),
+                SecurityErrorCode.UNSUPPORTED_JWT.getReason(),
+                HttpStatus.UNAUTHORIZED);
+    }
+
+    @ExceptionHandler(SignatureJwtException.class)
+    protected ApiResponse<?> handleSignatureJwtException(SignatureJwtException e) {
+        return ApiResponseGenerator.fail(
+                SecurityErrorCode.SIGNATURE_JWT.getCode(),
+                SecurityErrorCode.SIGNATURE_JWT.getReason(),
+                HttpStatus.UNAUTHORIZED);
     }
 
     @ExceptionHandler(HttpMessageNotReadableException.class)

diff --git a/BE/exceed/src/main/java/com/gaebaljip/exceed/common/log/LoggingFilter.java b/BE/exceed/src/main/java/com/gaebaljip/exceed/common/log/LoggingFilter.java
@@ -19,7 +19,8 @@
 @Component
 @Slf4j
 public class LoggingFilter extends OncePerRequestFilter {
-    private final List<String> excludeUrl = List.of("/actuator/health", "/actuator/prometheus");
+    private final List<String> excludeUrl =
+            List.of("/actuator/health", "/actuator/prometheus", "/v1/health");
 
     @Override
     protected void doFilterInternal(

diff --git a/...xceed/src/main/java/com/gaebaljip/exceed/member/adapter/out/persistence/EmailAdapter.java b/...xceed/src/main/java/com/gaebaljip/exceed/member/adapter/out/persistence/EmailAdapter.java
@@ -1,7 +1,6 @@
 package com.gaebaljip.exceed.member.adapter.out.persistence;
 
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.scheduling.annotation.Async;
 import org.springframework.stereotype.Component;
 import org.thymeleaf.context.Context;
 import org.thymeleaf.spring5.SpringTemplateEngine;

diff --git a/...in/java/com/gaebaljip/exceed/member/adapter/out/persistence/MemberPersistenceAdapter.java b/...in/java/com/gaebaljip/exceed/member/adapter/out/persistence/MemberPersistenceAdapter.java
@@ -3,7 +3,6 @@
 import java.time.LocalDateTime;
 import java.util.Optional;
 
-import com.gaebaljip.exceed.common.annotation.Timer;
 import org.springframework.stereotype.Component;
 
 import com.gaebaljip.exceed.auth.exception.MemberNotCheckedException;

diff --git a/...xceed/src/main/java/com/gaebaljip/exceed/member/adapter/out/persistence/RedisAdapter.java b/...xceed/src/main/java/com/gaebaljip/exceed/member/adapter/out/persistence/RedisAdapter.java
@@ -2,9 +2,9 @@
 
 import java.util.Optional;
 
-import com.gaebaljip.exceed.common.annotation.Timer;
 import org.springframework.stereotype.Component;
 
+import com.gaebaljip.exceed.common.annotation.Timer;
 import com.gaebaljip.exceed.common.redis.RedisUtils;
 import com.gaebaljip.exceed.member.application.port.out.TimeOutPort;
 

diff --git a/BE/exceed/src/main/java/com/gaebaljip/exceed/member/application/CheckCodeService.java b/BE/exceed/src/main/java/com/gaebaljip/exceed/member/application/CheckCodeService.java
@@ -1,10 +1,10 @@
 package com.gaebaljip.exceed.member.application;
 
-import com.gaebaljip.exceed.common.annotation.Timer;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
 import com.gaebaljip.exceed.common.Encryption;
+import com.gaebaljip.exceed.common.annotation.Timer;
 import com.gaebaljip.exceed.dto.request.CheckMemberRequest;
 import com.gaebaljip.exceed.member.adapter.out.persistence.MemberEntity;
 import com.gaebaljip.exceed.member.application.port.in.CheckCodeUsecase;

diff --git a/BE/exceed/src/main/java/com/gaebaljip/exceed/security/domain/JwtManager.java b/BE/exceed/src/main/java/com/gaebaljip/exceed/security/domain/JwtManager.java
@@ -77,6 +77,14 @@ public boolean validateAccessToken(String accessToken, HttpServletRequest reques
                     LocalDateTime.now(),
                     e.getMessage());
             throw UnSupportedJwtException.EXECPTION; // 지원되지 않는 토큰
+        } catch (io.jsonwebtoken.security.SignatureException e) {
+            log.error(
+                    "method ={}, URL = {}, time={}, errorMessage={}",
+                    request.getMethod(),
+                    request.getRequestURL(),
+                    LocalDateTime.now(),
+                    e.getMessage());
+            throw UnSupportedJwtException.EXECPTION; // 지원되지 않는 토큰
         } catch (IllegalArgumentException e) {
             log.error(
                     "method ={}, URL = {}, time={}, errorMessage={}",

diff --git a/BE/exceed/src/main/java/com/gaebaljip/exceed/security/exception/JwtAuthenticationPoint.java b/BE/exceed/src/main/java/com/gaebaljip/exceed/security/exception/JwtAuthenticationPoint.java
@@ -6,12 +6,21 @@
 import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.HandlerExceptionResolver;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.gaebaljip.exceed.common.ApiResponse;
+import com.gaebaljip.exceed.common.Error;
+
+import lombok.extern.slf4j.Slf4j;
+
 @Component
+@Slf4j
 public class JwtAuthenticationPoint implements AuthenticationEntryPoint {
 
     private final HandlerExceptionResolver resolver;
@@ -27,7 +36,28 @@ public void commence(
             HttpServletResponse response,
             AuthenticationException authException)
             throws IOException {
-        resolver.resolveException(
-                request, response, null, (Exception) request.getAttribute("exception"));
+        if (request.getAttribute("exception") == null) {
+            handleAuthenticationException(response);
+        } else {
+            resolver.resolveException(
+                    request, response, null, (Exception) request.getAttribute("exception"));
+        }
+    }
+
+    private void handleAuthenticationException(HttpServletResponse response) throws IOException {
+        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
+        response.setCharacterEncoding("UTF-8");
+        response.isCommitted();
+        ObjectMapper objectMapper = new ObjectMapper();
+        objectMapper.writeValue(
+                response.getWriter(),
+                new ApiResponse.CustomBody<>(
+                        false,
+                        null,
+                        new Error(
+                                SecurityErrorCode.NEED_AUTHENTICATION.getCode(),
+                                SecurityErrorCode.NEED_AUTHENTICATION.getReason(),
+                                HttpStatus.BAD_REQUEST.toString())));
     }
 }
diff --git a/BE/exceed/src/main/java/com/gaebaljip/exceed/security/exception/SecurityErrorCode.java b/BE/exceed/src/main/java/com/gaebaljip/exceed/security/exception/SecurityErrorCode.java
@@ -8,7 +8,9 @@
 public enum SecurityErrorCode {
     INVALID_JWT(401, "5000", "잘못된 토큰입니다."),
     EXPIRED_JWT(401, "5001", "만료된 토큰입니다."),
-    UNSUPPORTED_JWT(401, "5002", "지원되지 않는 토큰입니다.");
+    UNSUPPORTED_JWT(401, "5002", "지원되지 않는 토큰입니다."),
+    SIGNATURE_JWT(401, "5003", "토큰의 형식이 잘못 됬습니다."),
+    NEED_AUTHENTICATION(401, "5004", "인증이 필요합니다.");
 
     private final Integer status;
     private final String code;

diff --git a/BE/exceed/src/main/java/com/gaebaljip/exceed/security/exception/SignatureJwtException.java b/BE/exceed/src/main/java/com/gaebaljip/exceed/security/exception/SignatureJwtException.java
@@ -0,0 +1,15 @@
+package com.gaebaljip.exceed.security.exception;
+
+import org.springframework.security.core.AuthenticationException;
+
+import lombok.Getter;
+
+@Getter
+public class SignatureJwtException extends AuthenticationException {
+
+    public static AuthenticationException EXECPTION = new SignatureJwtException();
+
+    public SignatureJwtException() {
+        super(SecurityErrorCode.SIGNATURE_JWT.getReason());
+    }
+}
diff --git a/BE/exceed/src/main/java/com/gaebaljip/exceed/security/filter/JwtAuthenticationFilter.java b/BE/exceed/src/main/java/com/gaebaljip/exceed/security/filter/JwtAuthenticationFilter.java
@@ -2,6 +2,7 @@
 
 import java.io.IOException;
 import java.time.LocalDateTime;
+import java.util.List;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
@@ -29,19 +30,19 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
     private final JwtManager jwtManager;
     private final JwtResolver jwtResolver;
     private final MemberDetailService memberDetailService;
+    private final List<String> excludeUrl = List.of("/actuator", "/v1/health");
 
     @Override
     protected void doFilterInternal(
             HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
             throws ServletException, IOException {
 
         final String bearerToken = request.getHeader(HttpHeaders.AUTHORIZATION);
-
+        log.info("bearerToken : {}", bearerToken);
         if (bearerToken == null || !bearerToken.startsWith("Bearer ")) {
             filterChain.doFilter(request, response);
             return;
         }
-
         String accessToken = jwtResolver.extractToken(bearerToken);
         try {
             if (jwtManager.validateAccessToken(accessToken, request)) {
@@ -72,4 +73,16 @@ protected void doFilterInternal(
         }
         filterChain.doFilter(request, response);
     }
+
+    @Override
+    protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
+        String path = request.getRequestURI();
+        boolean flag = false;
+        for (String url : excludeUrl) {
+            if (path.startsWith(url)) {
+                flag = true;
+            }
+        }
+        return flag;
+    }
 }