fix: Jwt 필터 오류 해결

- 필터가 2번 발생하는 오류 해결 - 필터 상속 인터페이스 변경 : `GenericFilter` -> `OncePerRequestFilter` - 401이 반환되지 않는 오류 해결
Team-J9 · Aug 14, 2024 · 22abd0b · 22abd0b
1 parent d55c588
commit 22abd0b
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 36 deletions.
diff --git a/src/main/java/com/j9/bestmoments/exception/GlobalExceptionHandler.java b/src/main/java/com/j9/bestmoments/exception/GlobalExceptionHandler.java
@@ -1,5 +1,6 @@
 package com.j9.bestmoments.exception;
 
+import io.jsonwebtoken.ExpiredJwtException;
 import jakarta.persistence.EntityNotFoundException;
 import java.util.stream.Collectors;
 import lombok.extern.slf4j.Slf4j;

diff --git a/src/main/java/com/j9/bestmoments/jwt/JwtAuthenticationFilter.java b/src/main/java/com/j9/bestmoments/jwt/JwtAuthenticationFilter.java
@@ -3,34 +3,39 @@
 import com.j9.bestmoments.service.TokenService;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
-import jakarta.servlet.ServletRequest;
-import jakarta.servlet.ServletResponse;
 import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
-import org.springframework.web.filter.GenericFilterBean;
+import org.springframework.web.filter.OncePerRequestFilter;
 
 @Component
+@Slf4j
 @RequiredArgsConstructor
-public class JwtAuthenticationFilter extends GenericFilterBean {
+public class JwtAuthenticationFilter extends OncePerRequestFilter {
 
     private final JwtTokenProvider jwtTokenProvider;
     private final TokenService tokenService;
 
     @Override
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-        String token = resolveToken((HttpServletRequest) request);
-
-        if (token != null && jwtTokenProvider.validateToken(token)) {
-            Authentication authentication = jwtTokenProvider.getAuthentication(token);
-            SecurityContextHolder.getContext().setAuthentication(authentication);
-            tokenService.findByToken(token);
+    public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
+        String token = resolveToken(request);
+        if (token != null) {
+            try {
+                Authentication authentication = jwtTokenProvider.getAuthentication(token);
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+                tokenService.findByToken(token);
+            }
+            catch (Exception e) {
+                response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Expired Token");
+                return;
+            }
         }
-
         chain.doFilter(request, response);
     }
 
@@ -42,5 +47,4 @@ private String resolveToken(HttpServletRequest request) {
         return null;
     }
 
-
 }
diff --git a/src/main/java/com/j9/bestmoments/jwt/JwtTokenProvider.java b/src/main/java/com/j9/bestmoments/jwt/JwtTokenProvider.java
@@ -4,11 +4,8 @@
 import com.j9.bestmoments.domain.Member;
 import com.sun.security.auth.UserPrincipal;
 import io.jsonwebtoken.Claims;
-import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.MalformedJwtException;
 import io.jsonwebtoken.SignatureAlgorithm;
-import io.jsonwebtoken.UnsupportedJwtException;
 import io.jsonwebtoken.io.Decoders;
 import io.jsonwebtoken.security.Keys;
 import java.security.Key;
@@ -70,24 +67,4 @@ public Authentication getAuthentication(String accessToken) {
         return new UsernamePasswordAuthenticationToken(new UserPrincipal(id), "", Collections.singletonList(authority));
     }
 
-    // 토큰 정보 검증
-    public boolean validateToken(String token) {
-        try {
-            Jwts.parserBuilder()
-                    .setSigningKey(key)
-                    .build()
-                    .parseClaimsJws(token);
-            return true;
-        } catch (SecurityException | MalformedJwtException e) {
-            log.info("Invalid JWT Token", e);
-        } catch (ExpiredJwtException e) {
-            log.info("Expired JWT Token", e);
-        } catch (UnsupportedJwtException e) {
-            log.info("Unsupported JWT Token", e);
-        } catch (IllegalArgumentException e) {
-            log.info("JWT claims string is empty.", e);
-        }
-        return false;
-    }
-
 }