Merge pull request #177 from GoToBILL/feature/alert

fix: 유효하지 않은 토큰을 헤더에 넣을시에 permitALl() 엔드포인트임에도 불구하고 토큰 에러나는 것을 수정했습니다.

Author: GoToBILL

src/main/java/com/example/cherrydan/oauth/config/SecurityConfig.java

@@ -1,5 +1,6 @@
 package com.example.cherrydan.oauth.config;
 
+import com.example.cherrydan.oauth.security.jwt.CustomAuthenticationEntryPoint;
 import com.example.cherrydan.oauth.security.jwt.JwtAuthenticationFilter;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
@@ -22,6 +23,7 @@
 public class SecurityConfig {
 
     private final JwtAuthenticationFilter jwtAuthenticationFilter;
+    private final CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
 
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
@@ -46,11 +48,17 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                         // 공지사항/홈 광고 배너 관련 경로
                         .requestMatchers("/api/noticeboard/**").permitAll()
                         .requestMatchers("/api/mypage/version").permitAll()
+                        // sns 연동 콜백
+                        .requestMatchers("/api/v1/sns/oauth/**").permitAll()
                         // 헬스 체크 관련
                         .requestMatchers("/actuator/**").permitAll()
                         // 나머지는 인증 필요
                         .anyRequest().authenticated()
                 )
+                // 인증 실패 시 커스텀 EntryPoint 사용
+                .exceptionHandling(exception -> exception
+                        .authenticationEntryPoint(customAuthenticationEntryPoint)
+                )
                 // JWT 필터 추가
                 .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
 

src/main/java/com/example/cherrydan/oauth/security/jwt/CustomAuthenticationEntryPoint.java

@@ -0,0 +1,42 @@
+package com.example.cherrydan.oauth.security.jwt;
+
+import com.example.cherrydan.common.response.ApiResponse;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+    private static final String INVALID_TOKEN_MESSAGE = "유효하지 않은 토큰입니다.";
+
+    private final ObjectMapper objectMapper;
+
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response,
+                         AuthenticationException authException) throws IOException {
+        log.warn("인증되지 않은 사용자의 접근 시도: {}", request.getRequestURI());
+
+        response.setStatus(HttpStatus.UNAUTHORIZED.value());
+        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
+        response.setCharacterEncoding("UTF-8");
+
+        ApiResponse<Void> errorResponse = ApiResponse.error(
+                HttpStatus.UNAUTHORIZED.value(),
+                INVALID_TOKEN_MESSAGE
+        );
+
+        response.getWriter().write(objectMapper.writeValueAsString(errorResponse));
+    }
+}

src/main/java/com/example/cherrydan/oauth/security/jwt/JwtAuthenticationFilter.java

@@ -72,11 +72,13 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
             filterChain.doFilter(request, response);
         } catch (ExpiredJwtException e) {
             log.warn("토큰이 만료되었습니다: {}", e.getMessage());
-            sendErrorResponse(response, HttpStatus.UNAUTHORIZED, "토큰이 만료되었습니다.");
+            filterChain.doFilter(request, response);
+//            sendErrorResponse(response, HttpStatus.UNAUTHORIZED, "토큰이 만료되었습니다.");
         } catch (Exception ex) {
             log.error("JWT 인증 처리 중 오류 발생: {}", ex.getMessage());
             SecurityContextHolder.clearContext();
-            sendErrorResponse(response, HttpStatus.UNAUTHORIZED, "유효하지 않은 토큰입니다.");
+            filterChain.doFilter(request, response);
+//            sendErrorResponse(response, HttpStatus.UNAUTHORIZED, "유효하지 않은 토큰입니다.");
         }
     }
 

src/main/java/com/example/cherrydan/oauth/security/jwt/JwtTokenProvider.java

@@ -94,6 +94,7 @@ public void validateToken(String token) {
             throw e;
         } catch (UnsupportedJwtException e) {
             log.error("지원되지 않는 JWT 토큰입니다: {}", e.getMessage());
+            throw e;
         } catch (MalformedJwtException e) {
             log.error("잘못된 형식의 JWT 토큰입니다: {}", e.getMessage());
             throw e;