temp: WebSecurityConfig 수정 ssg-java3-240304#324

src/main/java/com/readyauction/app/auction/controller/AuctionController.java

@@ -6,6 +6,7 @@
 import com.readyauction.app.auction.dto.WinnerReqDto;
 import com.readyauction.app.auction.entity.Category;
 import com.readyauction.app.auction.service.ProductService;
+import com.readyauction.app.auth.principal.AuthPrincipal;
 import com.readyauction.app.common.paging.PageCriteria;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
@@ -20,6 +21,9 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.*;
@@ -37,8 +41,9 @@ public class AuctionController {
     private final ProductService productService;
 
     @GetMapping("/productUpload") // 상품 등록
-    public void createAuction(Model model) {
+    public void createAuction(Model model, @AuthenticationPrincipal AuthPrincipal principal) {
         // 상품 등록 로직
+        Long id = principal.getUser().getId();
     }
 
     @GetMapping("") // 상품 조회

src/main/java/com/readyauction/app/auction/controller/AuctionRestController.java

@@ -5,6 +5,7 @@
 import com.readyauction.app.auction.service.BidService;
 import com.readyauction.app.auction.service.ProductService;
 import com.readyauction.app.auction.service.RedisLockService;
+import com.readyauction.app.auth.principal.AuthPrincipal;
 import com.readyauction.app.chat.service.ChatService;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
@@ -15,6 +16,7 @@
 import org.springframework.messaging.handler.annotation.MessageMapping;
 import org.springframework.messaging.simp.SimpMessagingTemplate;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
@@ -35,7 +37,9 @@ public class AuctionRestController {
     final RedisLockService redisLockService;
 
     @PostMapping("/create")
-        public ResponseEntity<ProductRepDto> createAuction(HttpServletRequest request,@RequestBody ProductReqDto productReqDto) {
+        public ResponseEntity<ProductRepDto> createAuction(HttpServletRequest request
+            ,@RequestBody ProductReqDto productReqDto
+    ) {
         log.info(request.getHeader("email")+"이메일");
         log.info(productReqDto.toString());
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

src/main/java/com/readyauction/app/auth/config/WebSecurityConfig.java

@@ -8,6 +8,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -43,18 +44,17 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
 
         http.csrf(AbstractHttpConfigurer::disable)
                 .cors(cors -> cors.configurationSource(corsConfigurationSource()))
-                .authorizeHttpRequests((registry) -> {registry.requestMatchers("/auction-api/create", "/auction", "/", "/auth/login", "/inquiry/faq").permitAll()  // 누구나 허용
-                        .requestMatchers( "/member/register").anonymous() // 인증하지 않은 사용자만 허용
-                        .requestMatchers("/mypage/**", "/auction/**", "/cash/**", "/chat/**", "inquiry/register").authenticated() // 인증된 사용자만 허용
-                        .requestMatchers("/admin/**").hasAnyAuthority(String.valueOf(Authority.ROLE_ADMIN))  // ROLE_ADMIN 권한이 있는 사용자만 허용
-                        .anyRequest().authenticated();
-                })
-//                .authorizeHttpRequests((registry) -> {registry.requestMatchers("/auction-api/create", "/auction", "/", "/auth/login", "/inquiry/faq").permitAll()  // 누구나 허용
-//                    .requestMatchers( "/member/register").anonymous() // 인증하지 않은 사용자만 허용
-//                    .requestMatchers("/mypage/**", "/auction/**", "/cash/**", "/chat/**", "inquiry/register").authenticated() // 인증된 사용자만 허용
-//                    .requestMatchers("/admin/**").hasAnyAuthority(String.valueOf(Authority.ROLE_ADMIN))  // ROLE_ADMIN 권한이 있는 사용자만 허용
-//                    .anyRequest().authenticated();
+//                .authorizeHttpRequests((registry) -> {registry.requestMatchers("/auction", "/", "/auth/login", "/inquiry/faq").permitAll()  // 누구나 허용
+//                        .requestMatchers( "/member/register").anonymous() // 인증하지 않은 사용자만 허용
+//                        .requestMatchers("/mypage/**", "/auction/**", "/cash/**", "/chat/**", "inquiry/register").authenticated() // 인증된 사용자만 허용
+//                        .requestMatchers("/admin/**").hasAnyAuthority(String.valueOf(Authority.ROLE_ADMIN))  // ROLE_ADMIN 권한이 있는 사용자만 허용
+//                        .anyRequest().authenticated();
 //                })
+                .authorizeHttpRequests((registry) -> {registry.requestMatchers(HttpMethod.OPTIONS).permitAll()  // 누구나 허용
+                    .requestMatchers( "/member/register").anonymous() // 인증하지 않은 사용자만 허용
+                    .requestMatchers("/admin/**").hasAnyAuthority(String.valueOf(Authority.ROLE_ADMIN))  // ROLE_ADMIN 권한이 있는 사용자만 허용
+                    .anyRequest().permitAll();
+                })
                 .formLogin(AbstractHttpConfigurer::disable)
 //                .formLogin(configurer -> {
 //                    configurer.loginPage("/auth/login") // GET 로그인폼 요청 url (핸들러 작성 필요)

src/main/java/com/readyauction/app/auth/filter/JwtAuthorizationFilter.java

@@ -10,6 +10,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import java.io.IOException;
@@ -27,14 +28,19 @@ protected void doFilterInternal(HttpServletRequest request,
                                     HttpServletResponse response,
                                     FilterChain filterChain)
             throws ServletException, IOException {
-        String authorizationHeader = request.getHeader(HEADER_AUTHORIZATION);
-        log.error("authorizationHeader : {}", authorizationHeader);
-        String token = getAccessToken(authorizationHeader);
-        if (jwtProvider.validateAccessToken(token)) {
-            Authentication authentication = jwtProvider.getAuthentication(token);
-            SecurityContextHolder.getContext().setAuthentication(authentication);
+
+        try {
+            String authorizationHeader = request.getHeader(HEADER_AUTHORIZATION);
+            log.error("authorizationHeader : {}", authorizationHeader);
+            String token = getAccessToken(authorizationHeader);
+            if (jwtProvider.validateAccessToken(token)) {
+                Authentication authentication = jwtProvider.getAuthentication(token);
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+            }
+            filterChain.doFilter(request, response);
+        } catch (Exception e) {
+            response.sendRedirect("/auth/login");
         }
-        filterChain.doFilter(request, response);
     }
 
     private String getAccessToken(String authorizationHeader) {