Skip to content

feat: security 적용 #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
happine2s merged 4 commits into from
Sep 1, 2025
Merged

feat: security 적용 #16

happine2s merged 4 commits into from
Sep 1, 2025

Conversation

@happine2s
Copy link
Collaborator

@happine2s happine2s commented Jul 5, 2025
edited
Loading

📌 Issue number and Link

#13 Spring Security 설정에 JWT 인증 필터(JwtAuthenticationFilter) 적용

✏️ Summary

SecurityConfig 클래스 내에 JwtAuthenticationFilter를 Spring Security 필터 체인에 적용했습니다.
JwtAuthenticationFilter가 모든 요청마다 JWT를 검사하고 인증 객체를 등록시키도록 구성했습니다.
전체적인 흐름

  1. Authorization 헤더에서 토큰 추출
  2. JwtTokenProvider로 유효성 검사
  3. 정상이라면 UsernamePasswordAuthenticationToken 생성
  4. SecurityContext에 등록

📝 Changes

  • jwt/에 JwtAuthenticationFilter와 JwtTokenProvider를 위치시켰습니다.
  • 개발 유용성을 위해 "/api/v1/**"에 대한 모든 authorizeHttpRequests를 허용시키도록 설정했습니다.
  • UsernamePasswordAuthenticationToken 생성할 때 Member 객체에 Role 필드가 없어서 String role = "ROLE_USER"; 로 하드코딩했습니다.

🔎 PR Type

What kind of change does this PR introduce?

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • CI related changes
  • Documentation content changes
  • angular.io application / infrastructure changes
  • Other... Please describe:

📚 Other information

qormoon
qormoon requested changes Jul 7, 2025
View reviewed changes
Copy link
Contributor

@qormoon qormoon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

그 filter 부분 잘 작동되는지, 예외처리 부분도 확인해서 캡처본 올려주면 좋을 듯!

src/main/java/com/api/sss/config/SecurityConfig.java Outdated
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(auth -> auth
.requestMatchers(
"/api/v1/**",
Copy link
Contributor

@qormoon qormoon Jul 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

이거 수정해야 할듯 /api/v1/** 이걸 모두 permitAll 시킨다는건 토큰 filter 안걸쳐서

Copy link
Contributor

@qormoon qormoon Jul 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

로그인 안했을때의 경로만 permitAll 시켜두고 나머지는 filter 들어갈 수 있게 수정해야돼

@happine2s happine2s marked this pull request as ready for review August 31, 2025 15:10
@happine2s happine2s merged commit f62316f into develop Sep 1, 2025
1 check passed
@happine2s happine2s deleted the feat/#13-security branch September 1, 2025 15:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@qormoon qormoon qormoon requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@happine2s @qormoon