Konkuk-KUIT · hd0rable · Nov 20, 2024
diff --git a/src/main/java/com/kuit/kuit4serverauth/config/WebConfig.java b/src/main/java/com/kuit/kuit4serverauth/config/WebConfig.java
@@ -13,8 +13,10 @@ public WebConfig(AuthInterceptor authInterceptor) {
         this.authInterceptor = authInterceptor;
     }
 
+    //토큰 검증 로직을 컨트롤러 내에서 하는게 아니라 Interceptor의 preHandle로 선행처리
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
-        // TODO /profile, /admin 앞에 붙이기
+        registry.addInterceptor(authInterceptor)
+                .addPathPatterns("/profile", "/admin");
     }
 }
diff --git a/src/main/java/com/kuit/kuit4serverauth/controller/UserController.java b/src/main/java/com/kuit/kuit4serverauth/controller/UserController.java
@@ -4,20 +4,26 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestAttribute;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
 public class UserController {
 
     @GetMapping("/profile")
-    public ResponseEntity<String> getProfile(HttpServletRequest request) {
-        // TODO : 로그인 한 사용자면 username 이용해 "Hello, {username}" 반환하기
-        return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized");
+    public ResponseEntity<String> getProfile(@RequestAttribute("username") String username) {
+        if (username == null) {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized");
+        }
+        return ResponseEntity.ok("Hello, " + username);
     }
 
     @GetMapping("/admin")
-    public ResponseEntity<String> getAdmin(HttpServletRequest request) {
-        // TODO: role이 admin이면 "Hello, admin" 반환하기
-        return ResponseEntity.status(HttpStatus.FORBIDDEN).body("Forbidden");
+    public ResponseEntity<String> getAdmin(@RequestAttribute("role") String role) {
+        if (!"ROLE_ADMIN".equals(role)) {
+            return ResponseEntity.status(HttpStatus.FORBIDDEN).body("Forbidden");
+        }
+        return ResponseEntity.ok("Hello, admin");
     }
 }
diff --git a/src/main/java/com/kuit/kuit4serverauth/service/JwtUtil.java b/src/main/java/com/kuit/kuit4serverauth/service/JwtUtil.java
@@ -5,14 +5,19 @@
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
 import java.util.Date;
 
 @Component
 public class JwtUtil {
-    private final String secret = "mysecretkey";
-    private final long expirationMs = 3600000; // 1 hour
+
+    @Value("${jwt.secret}")
+    private String secret;
+
+    @Value("${jwt.expiration}")
+    private long expirationMs;
 
     public String generateToken(String username, String role) {
         return Jwts.builder()

diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -11,8 +11,7 @@ spring:
     console:
       enabled: true
       path: /h2-console
-
 jwt:
-  secret: mysecretkey
+  secret: mysecretkeymysecretkeymysecretkeymysecretkeymysecretkey
   expiration: 3600000