[YS-48] feat: security 관련 설정 추가 (#6)

Ji-soo708 · web-flow · commit 32a94f453f8f · 2024-12-30T02:12:02.000+09:00
* style: rename fileName

* feat: add AuthorizationException

* feat: add security configuration

* feat: add ExceptionHandler
diff --git a/src/main/kotlin/com/dobby/backend/domain/exception/AuthorizationException.kt b/src/main/kotlin/com/dobby/backend/domain/exception/AuthorizationException.kt
@@ -0,0 +1,7 @@
+package com.dobby.backend.domain.exception
+
+open class AuthorizationException(
+    errorCode: ErrorCode,
+) : DomainException(errorCode)
+
+class PermissionDeniedException : AuthorizationException(ErrorCode.PERMISSION_DENIED)
diff --git a/src/main/kotlin/com/dobby/backend/domain/exception/DefaultException.kt b/src/main/kotlin/com/dobby/backend/domain/exception/DefaultException.kt
@@ -0,0 +1,10 @@
+package com.dobby.backend.domain.exception
+
+open class DefaultException(
+    errorCode: ErrorCode,
+) : DomainException(errorCode)
+
+class UnknownErrorException : DefaultException(ErrorCode.UNKNOWN_SERVER_ERROR)
+class UnauthorizedException : DefaultException(ErrorCode.UNAUTHORIZED)
+class InvalidInputException : DefaultException(ErrorCode.INVALID_INPUT)
+class UnknownResourceException : DefaultException(ErrorCode.UNKNOWN_RESOURCE)
diff --git a/src/main/kotlin/com/dobby/backend/domain/exception/ErrorCode.kt b/src/main/kotlin/com/dobby/backend/domain/exception/ErrorCode.kt
@@ -24,6 +24,11 @@ enum class ErrorCode(
     TOKEN_EXPIRED("AU0003", "Authentication token has expired.", HttpStatus.UNAUTHORIZED),
     INVALID_TOKEN_TYPE("AU0004", "Invalid token type", HttpStatus.UNAUTHORIZED),
 
+    /**
+     * Authorization error codes
+     */
+    PERMISSION_DENIED("AZ0001", "Permission denied", HttpStatus.FORBIDDEN),
+
     /**
      * Member error codes
      */
diff --git a/src/main/kotlin/com/dobby/backend/infrastructure/gateway/TokenGatewayImpl.kt b/src/main/kotlin/com/dobby/backend/infrastructure/gateway/TokenGatewayImpl.kt
@@ -2,13 +2,13 @@ package com.dobby.backend.infrastructure.gateway
 
 import com.dobby.backend.domain.gateway.TokenGateway
 import com.dobby.backend.domain.model.Member
-import com.dobby.backend.infrastructure.token.JWTTokenProvider
+import com.dobby.backend.infrastructure.token.JwtTokenProvider
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.stereotype.Component
 
 @Component
 class TokenGatewayImpl(
-    private val tokenProvider: JWTTokenProvider,
+    private val tokenProvider: JwtTokenProvider,
 ) : TokenGateway {
     override fun generateAccessToken(member: Member): String {
         val authentication = UsernamePasswordAuthenticationToken(
diff --git a/src/main/kotlin/com/dobby/backend/infrastructure/token/JwtTokenProvider.kt b/src/main/kotlin/com/dobby/backend/infrastructure/token/JwtTokenProvider.kt
@@ -13,7 +13,7 @@ import javax.crypto.SecretKey
 import javax.crypto.spec.SecretKeySpec
 
 @Component
-class JWTTokenProvider(
+class JwtTokenProvider(
     private val tokenProperties: TokenProperties
 ) {
     private final val signKey: SecretKey = SecretKeySpec(tokenProperties.secretKey.toByteArray(), "AES")
diff --git a/src/main/kotlin/com/dobby/backend/presentation/api/config/WebConfig.kt b/src/main/kotlin/com/dobby/backend/presentation/api/config/WebConfig.kt
@@ -0,0 +1,17 @@
+package com.dobby.backend.presentation.api.config
+
+import org.springframework.context.annotation.Configuration
+import org.springframework.web.servlet.config.annotation.CorsRegistry
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer
+
+@Configuration
+class WebConfig : WebMvcConfigurer {
+    override fun addCorsMappings(registry: CorsRegistry) {
+        registry.addMapping("/**")
+            .allowedMethods("*")
+            .allowedOrigins(
+                "http://localhost:3000",
+                "http://localhost:3300",
+            )
+    }
+}
diff --git a/src/main/kotlin/com/dobby/backend/presentation/api/config/WebExceptionHandler.kt b/src/main/kotlin/com/dobby/backend/presentation/api/config/WebExceptionHandler.kt
@@ -0,0 +1,56 @@
+package com.dobby.backend.presentation.api.config
+
+import com.dobby.backend.domain.exception.AuthenticationException
+import com.dobby.backend.domain.exception.AuthorizationException
+import com.dobby.backend.domain.exception.DomainException
+import com.dobby.backend.domain.exception.PermissionDeniedException
+import com.dobby.backend.presentation.api.dto.payload.ApiResponse
+import jakarta.servlet.http.HttpServletRequest
+import org.springframework.http.HttpStatus
+import org.springframework.http.ResponseEntity
+import org.springframework.security.access.AccessDeniedException
+import org.springframework.web.bind.annotation.ExceptionHandler
+import org.springframework.web.bind.annotation.RestControllerAdvice
+
+@RestControllerAdvice
+class WebExceptionHandler {
+
+    @ExceptionHandler(value = [DomainException::class])
+    fun handleDomainException(
+        e: DomainException,
+        request: HttpServletRequest,
+    ): ResponseEntity<ApiResponse<Unit>> {
+        return ResponseEntity
+            .badRequest()
+            .body(e.toErrorResponse())
+    }
+
+    @ExceptionHandler(value = [AuthenticationException::class])
+    fun handleAuthenticationException(
+        exception: AuthenticationException,
+        request: HttpServletRequest,
+    ): ResponseEntity<ApiResponse<Unit>> {
+        return ResponseEntity
+            .status(HttpStatus.UNAUTHORIZED)
+            .body(exception.toErrorResponse())
+    }
+
+    @ExceptionHandler(value = [AuthorizationException::class])
+    fun handleAuthorizationException(
+        exception: AuthorizationException,
+    ): ResponseEntity<ApiResponse<Unit>> {
+        return ResponseEntity
+            .status(HttpStatus.FORBIDDEN)
+            .body(exception.toErrorResponse())
+    }
+
+    @ExceptionHandler(value = [AccessDeniedException::class])
+    fun handleAccessDeniedException() = handleAuthorizationException(PermissionDeniedException())
+
+    private fun DomainException.toErrorResponse(): ApiResponse<Unit> {
+        return ApiResponse.onFailure(
+            code = this.code,
+            message = this.errorMessage
+        )
+    }
+}
diff --git a/src/main/kotlin/com/dobby/backend/presentation/api/config/WebSecurityConfig.kt b/src/main/kotlin/com/dobby/backend/presentation/api/config/WebSecurityConfig.kt
@@ -0,0 +1,63 @@
+package com.dobby.backend.presentation.api.config
+
+import com.dobby.backend.domain.exception.PermissionDeniedException
+import com.dobby.backend.domain.exception.UnauthorizedException
+import com.dobby.backend.infrastructure.token.JwtTokenProvider
+import com.dobby.backend.presentation.api.config.filter.JwtAuthenticationFilter
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.core.annotation.Order
+import org.springframework.security.config.Customizer
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.http.SessionCreationPolicy
+import org.springframework.security.web.SecurityFilterChain
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
+import org.springframework.web.servlet.HandlerExceptionResolver
+
+@Configuration
+@EnableMethodSecurity
+class WebSecurityConfig {
+    @Bean
+    @Order(0)
+    fun securityFilterChain(
+        httpSecurity: HttpSecurity,
+        jwtTokenProvider: JwtTokenProvider,
+        handlerExceptionResolver: HandlerExceptionResolver,
+    ): SecurityFilterChain = httpSecurity
+        .securityMatcher( "/v1/members/**")
+        .csrf { it.disable() }
+        .cors(Customizer.withDefaults())
+        .sessionManagement {
+            it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+        }
+        .authorizeHttpRequests {
+            it.anyRequest().authenticated()
+        }
+        .addFilterBefore(
+            JwtAuthenticationFilter(jwtTokenProvider, handlerExceptionResolver),
+            UsernamePasswordAuthenticationFilter::class.java
+        )
+        .exceptionHandling {
+            it.accessDeniedHandler { request, response, exception ->
+                handlerExceptionResolver.resolveException(request, response, null, PermissionDeniedException())
+            }.authenticationEntryPoint { request, response, authException ->
+                handlerExceptionResolver.resolveException(request, response, null, UnauthorizedException())
+            }
+        }
+        .build()
+
+    @Bean
+    @Order(1)
+    fun authSecurityFilterChain(httpSecurity: HttpSecurity): SecurityFilterChain = httpSecurity
+        .securityMatcher("/v1/auth/**")
+        .csrf { it.disable() }
+        .cors(Customizer.withDefaults())
+        .sessionManagement {
+            it.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+        }
+        .authorizeHttpRequests {
+            it.anyRequest().permitAll()
+        }
+        .build()
+}
diff --git a/src/main/kotlin/com/dobby/backend/presentation/api/config/filter/JwtAuthenticationFilter.kt b/src/main/kotlin/com/dobby/backend/presentation/api/config/filter/JwtAuthenticationFilter.kt
@@ -0,0 +1,36 @@
+package com.dobby.backend.presentation.api.config.filter
+
+import com.dobby.backend.domain.exception.AuthenticationTokenNotFoundException
+import com.dobby.backend.domain.exception.AuthenticationTokenNotValidException
+import com.dobby.backend.infrastructure.token.JwtTokenProvider
+import jakarta.servlet.FilterChain
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
+import org.springframework.security.core.context.SecurityContextHolder
+import org.springframework.web.filter.OncePerRequestFilter
+import org.springframework.web.servlet.HandlerExceptionResolver
+
+class JwtAuthenticationFilter(
+    private val jwtTokenProvider: JwtTokenProvider,
+    private val handlerExceptionResolver: HandlerExceptionResolver,
+) : OncePerRequestFilter() {
+    override fun doFilterInternal(
+        request: HttpServletRequest,
+        response: HttpServletResponse,
+        filterChain: FilterChain,
+    ) {
+        try {
+            val authenticationHeader =
+                request.getHeader("Authorization") ?: throw AuthenticationTokenNotFoundException()
+            val accessToken = if (authenticationHeader.startsWith("Bearer "))
+                authenticationHeader.substring(7)
+            else throw AuthenticationTokenNotValidException()
+
+            val authentication = jwtTokenProvider.parseAuthentication(accessToken)
+            SecurityContextHolder.getContext().authentication = authentication
+            return filterChain.doFilter(request, response)
+        } catch (e: Exception) {
+            handlerExceptionResolver.resolveException(request, response, null, e)
+        }
+    }
+}
diff --git a/src/test/kotlin/com/dobby/backend/infrastructure/token/JwtTokenProviderTest.kt b/src/test/kotlin/com/dobby/backend/infrastructure/token/JwtTokenProviderTest.kt
@@ -14,7 +14,7 @@ import kotlin.test.assertNotNull
 class JwtTokenProviderTest : BehaviorSpec() {
 
     @Autowired
-    lateinit var jwtTokenProvider: JWTTokenProvider
+    lateinit var jwtTokenProvider: JwtTokenProvider
 
     init {
         given("회원 정보가 주어지고") {
