8주차 미션 / 서버 4조 최재현

src/main/java/com/kuit/kuit4serverauth/config/WebConfig.java

@@ -15,6 +15,9 @@ public WebConfig(AuthInterceptor authInterceptor) {
 
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
+        // Interceptor를 등록
         // TODO /profile, /admin 앞에 붙이기
+        registry.addInterceptor(authInterceptor)
+                .addPathPatterns("/profile", "/admin");
     }
 }

src/main/java/com/kuit/kuit4serverauth/controller/UserController.java

@@ -1,23 +1,27 @@
 package com.kuit.kuit4serverauth.controller;
 
-import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestAttribute;
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
 public class UserController {
 
     @GetMapping("/profile")
-    public ResponseEntity<String> getProfile(HttpServletRequest request) {
-        // TODO : 로그인 한 사용자면 username 이용해 "Hello, {username}" 반환하기
+    public ResponseEntity<String> getProfile(@RequestAttribute("username") String username) {
+        if (username != null) {
+            return ResponseEntity.ok("Hello, " + username);
+        }
         return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized");
     }
 
     @GetMapping("/admin")
-    public ResponseEntity<String> getAdmin(HttpServletRequest request) {
-        // TODO: role이 admin이면 "Hello, admin" 반환하기
+    public ResponseEntity<String> getAdmin(@RequestAttribute("role") String role) {
+        if (role != null && role.equals("ROLE_ADMIN")) {
+            return ResponseEntity.ok("Hello, admin");
+        }
         return ResponseEntity.status(HttpStatus.FORBIDDEN).body("Forbidden");
     }
 }

src/main/java/com/kuit/kuit4serverauth/interceptor/AuthInterceptor.java

@@ -19,10 +19,12 @@ public AuthInterceptor(JwtUtil jwtUtil) {
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        // Controller로 요청이 넘어가기 전에 가로채서 선처리 수행
         String authHeader = request.getHeader("Authorization");
         if (authHeader != null && authHeader.startsWith("Bearer ")) {
             String token = authHeader.substring(7);
             Claims claims = jwtUtil.validateToken(token);
+            // username과 role를 request에 담아서 Controller에게 보냄
             request.setAttribute("username", claims.getSubject());
             request.setAttribute("role", claims.get("role"));
             return true;

src/main/java/com/kuit/kuit4serverauth/service/JwtUtil.java

@@ -5,27 +5,34 @@
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
 import java.util.Date;
 
 @Component
 public class JwtUtil {
-    private final String secret = "mysecretkey";
-    private final long expirationMs = 3600000; // 1 hour
+    @Value("${jwt.secret}")
+    private String secret;
+
+    @Value("${jwt.expiration}")
+    private long expirationMs; // 1 hour
 
     public String generateToken(String username, String role) {
+        // username과 role 정보를 받아서 Token 생성
         return Jwts.builder()
                 .setSubject(username)
                 .claim("role", role)
                 .setIssuedAt(new Date())
-                .setExpiration(new Date(System.currentTimeMillis() + expirationMs))
+                .setExpiration(new Date(System.currentTimeMillis() + expirationMs)) // 유효기간 설정
                 .signWith(SignatureAlgorithm.HS256, secret)
                 .compact();
     }
 
     public Claims validateToken(String token) {
+        // Token을 검증
         try {
+            // Token을 Parsing
             return Jwts.parser()
                     .setSigningKey(secret)
                     .parseClaimsJws(token)

src/main/resources/application.yml

@@ -13,6 +13,6 @@ spring:
       path: /h2-console
 
 jwt:
-  secret: mysecretkey
+  secret: mysecretkeymysecretkeymysecretkeymysecretkeymysecretkey
   expiration: 3600000