4 글 보임 - 1 에서 4 까지 (총 4 중에서)
-
@PostMapping("/login/jwt") @ResponseBody public String loginJWT(@RequestBody Map<String,String> data, HttpServletResponse response){UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken( data.get("username"), data.get("password"));Authentication auth = authenticationManagerBuilder.getObject().authenticate(authToken); SecurityContextHolder.getContext().setAuthentication(auth);
String jwt = JwtUtil.createToken(SecurityContextHolder.getContext().getAuthentication()); System.out.println(jwt); System.out.println(auth);
Cookie cookie = new Cookie("jwt",jwt); cookie.setMaxAge(1000); cookie.setHttpOnly(true); cookie.setPath("/"); response.addCookie(cookie);return ""; }가 돌아가면
2번째줄에 토큰뜨고 그 밑에 auth정보는 잘 나오는데
@GetMapping("/my-page/jwt") @ResponseBody public String myPageJWT(Authentication auth) { System.out.println(auth);return "마이페이지 데이터"; } 로 auth를 뽑으면 null이 튀어나옵니다
JwtFilter 파일에서 System.out.println(authToken.getPrincipal().toString()); 구분 추가해서 돌려봤는데 com.crud.first.member.CustomUser [Username=test, Password=[PROTECTED], Enabled=true, AccountNonExpired=true, CredentialsNonExpired=true, AccountNonLocked=true, Granted Authorities=[일반유저]] 요로코롬 정보는 잘 튀어나오더라구요 혹시 SecurityConfig.java 쪽 문제일까요 선생님? 코드는 아래와 같슴다
package com.crud.first;
import com.crud.first.board.Board; import com.crud.first.board.BoardRepository; import com.crud.first.member.JwtFilter; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.access.ExceptionTranslationFilter;
import java.util.List;
@Configuration @EnableWebSecurity @RequiredArgsConstructor public class SecurityConfig {private final BoardRepository boardRepository;
public Board getFirstBoardNum() { return boardRepository.findAll().getFirst(); }//기존 // @Bean // public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { // http.csrf((csrf) -> csrf.disable()); // // http.authorizeHttpRequests((authorize) -> authorize.requestMatchers("/**").permitAll()); // // http.formLogin((formLogin) -> formLogin.loginPage("/login").defaultSuccessUrl("/board/"+getFirstBoardNum().getBoardId())); // // http.logout(logout -> logout.logoutUrl("/logout").logoutSuccessUrl("/")); // // return http.build(); // }@Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { // CSRF 보호 비활성화 http.csrf((csrf) -> csrf.disable());http.addFilterBefore(new JwtFilter(), ExceptionTranslationFilter.class);
//로그인시 세션데이터 만들지마셈 http.sessionManagement((session) -> session .sessionCreationPolicy(SessionCreationPolicy.STATELESS) );// 요청 권한 설정 http.authorizeHttpRequests((authorize) -> { authorize.requestMatchers("/","/register","/member","/login","/login/jwt","/my-page/jwt").permitAll(); authorize.requestMatchers("home.css", "/dog.png", "register.css").permitAll(); authorize.anyRequest().authenticated(); // 위 2줄 외 모든 요청은 인증된 사용자만 접근 가능 });// // 로그인 설정 // http.formLogin((formLogin) -> // formLogin.loginPage("/login") // .defaultSuccessUrl("/board/"+getFirstBoardNum().getBoardId()) // .permitAll()); // 로그인 페이지는 모든 사용자가 접근 가능해야 함// 로그아웃 설정 http.logout((logout) -> logout.logoutUrl("/logout") .logoutSuccessUrl("/")); // 로그아웃 성공 시 "/" 로 리다이렉션// // 세션 관리 설정 (세션 만료 시 "/"로 리다이렉션) // http.sessionManagement((session) -> // session.invalidSessionUrl("/")); // 세션이 유효하지 않을 때 리다이렉트할 URL 설정return http.build(); }
@Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } } 추가로 공부한 코드들이 많아서 많이 더럽습니다 센세..죄송함다유효기간은 이빠이 늘려봤는데 그래도 이상한거 보니까 JwtFilter같은데요..
package com.crud.first.member;
import io.jsonwebtoken.Claims; import jakarta.servlet.FilterChain; import jakarta.servlet.ServletException; import jakarta.servlet.http.Cookie; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import org.springframework.web.filter.OncePerRequestFilter; import java.io.IOException; import java.util.Arrays; import java.util.List;
public class JwtFilter extends OncePerRequestFilter {@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {Cookie[] cookies = request.getCookies();
if (cookies == null){ filterChain.doFilter(request, response); return; }var jwtCookie ="";
for (int i = 0; i < cookies.length; i++) { if (cookies[i].getName().equals("jwt")){ jwtCookie = cookies[i].getValue(); System.out.println("확인 " +jwtCookie); }} Claims claim; try { claim = JwtUtil.extractToken(jwtCookie); }catch (Exception e){ filterChain.doFilter(request, response); return; }String[] arr = claim.get("authorities").toString().split(","); List<SimpleGrantedAuthority> authorities = Arrays.stream(arr).map(a -> new SimpleGrantedAuthority(a)).toList();CustomUser customUser = new CustomUser(claim.get("username").toString(),"none",authorities); customUser.setDisplayName(claim.get("displayName").toString());UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken( customUser,"" ); authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); SecurityContextHolder.getContext().setAuthentication(authToken);System.out.println(authToken.getPrincipal().toString());
filterChain.doFilter(request, response);
}
} 이건 JwtFilter코드인데 혹시 어디가 문제일까요..? sout찍는건 잘 나오는거같은데..
4 글 보임 - 1 에서 4 까지 (총 4 중에서)
- 답변은 로그인 후 가능합니다.