로그인 필터
jwt필터 등록
JwtAuthorizationFilter 등록
package shop.mtcoding.todayhome.core.filter;
import com.fasterxml.jackson.databind.ObjectMapper;
import jakarta.servlet.*;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import jdk.swing.interop.SwingInterOpUtils;
import org.springframework.stereotype.Component;
import shop.mtcoding.todayhome.core.util.JwtUtil;
import shop.mtcoding.todayhome.core.util.Resp;
import shop.mtcoding.todayhome.user.User;
import java.io.IOException;
import java.io.PrintWriter;
public class JwtAuthorizationFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
String accessToken = req.getHeader("Authorization");
if(accessToken == null || accessToken.isBlank()){
System.out.println("토큰 없음");
resp.setHeader("Content-Type","application/json; charset=utf-8");
PrintWriter out = resp.getWriter();
Resp fail = Resp.fail(401, "토큰이 없어요");
String responseBody = new ObjectMapper().writeValueAsString(fail);
out.println(responseBody);
out.flush();
return;
}
try {
User sessionUser = JwtUtil.verify(accessToken);
System.out.println("id-- : " + sessionUser.getId());
System.out.println("username-- : " + sessionUser.getUsername());
HttpSession session = req.getSession();
session.setAttribute("sessionUser", sessionUser);
chain.doFilter(req, resp);
}catch (Exception e){
// resp.setHeader("Content-Type","application/json; charset=utf-8");
resp.setContentType("application/json; charset=utf-8");
PrintWriter out = resp.getWriter();
Resp fail = Resp.fail(401, e.getMessage());
String responseBody = new ObjectMapper().writeValueAsString(fail);
out.println(responseBody);
out.flush();
}
}
private void failJWT(){
}
}
jwt토큰 생성 및 검증로직등록
Jwt 생성 및 검증 util 생성
package shop.mtcoding.todayhome.core.util;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import shop.mtcoding.todayhome.user.User;
import java.util.Date;
public class JwtUtil {
public static String create(User user){
String accessToken = JWT.create()
.withExpiresAt(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 24 * 7))
.withClaim("id",user.getId())
.withClaim("username", user.getUsername())
.sign(Algorithm.HMAC512("meta"));
return accessToken;
}
public static User verify(String jwt){
jwt = jwt.replace("Bearer ", "").trim();
DecodedJWT decodedJWT = JWT.require(Algorithm.HMAC512("meta")).build().verify(jwt);
int id = decodedJWT.getClaim("id").asInt();
String username = decodedJWT.getClaim("username").asString();
System.out.println("id: " + id);
System.out.println("username: " + username);
return User.builder()
.id(id)
.username(username)
.build();
}
}
로그인 요청과 응답 과정
Requset
{
"username":"ssar",
"password":"1234"
}controller
@PostMapping("login")
public ResponseEntity<?> login(@RequestBody UserRequest.LoginDTO loginDTO){
UserResponse.LoginDTO responseDTO = userService.로그인(loginDTO);
return ResponseEntity.ok()
.header("Authorization","Bearer " + responseDTO.accessToken())
.body(Resp.ok(responseDTO));
}Service
public UserResponse.LoginDTO 로그인(UserRequest.LoginDTO loginDTO) {
User userPS = userRepository.findByUsernameAndPassword(loginDTO.getUsername(), loginDTO.getPassword())
.orElseThrow(() -> new ExceptionApi401("아이뒤 또는 이메일이 틀렸습니다."));
String accessToken = JwtUtil.create(userPS);
return new UserResponse.LoginDTO(accessToken, userPS);
}repository
public interface UserRepository extends JpaRepository<User, Integer> {
@Query("select u from User u where u.username=:username and u.password=:password")
Optional<User> findByUsernameAndPassword(@Param("username") String username, @Param("password") String password);로그인 응답 postman
로그인 결과화면
추가 로그인 oauth
Share article
