Merge pull request #311 from let-s-record-it/bug-310

Authorization Header가 없는 경우에 대한 예외처리 EntryPoint 구현

Author: soun997

src/main/java/com/sillim/recordit/config/security/SecurityConfig.java

@@ -2,6 +2,7 @@
 
 import com.sillim.recordit.config.security.filter.AuthExceptionTranslationFilter;
 import com.sillim.recordit.config.security.filter.JwtAuthenticationFilter;
+import com.sillim.recordit.config.security.handler.JwtAuthenticationEntryPoint;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
@@ -34,6 +35,7 @@
 public class SecurityConfig {
 
 	private final JwtAuthenticationFilter jwtAuthenticationFilter;
+	private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
 	private final AuthExceptionTranslationFilter authExceptionTranslationFilter;
 	private final OAuth2UserService<OAuth2UserRequest, OAuth2User> oAuth2UserService;
 	private final AuthenticationSuccessHandler successHandler;
@@ -76,6 +78,8 @@ public SecurityFilterChain securityFilterChain(
 				.sessionManagement(
 						configurer ->
 								configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+				.exceptionHandling(
+						config -> config.authenticationEntryPoint(jwtAuthenticationEntryPoint))
 				.addFilterBefore(
 						jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
 				.addFilterBefore(authExceptionTranslationFilter, JwtAuthenticationFilter.class)

src/main/java/com/sillim/recordit/config/security/handler/AuthenticationExceptionHandler.java

@@ -2,6 +2,7 @@
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.sillim.recordit.global.dto.response.ErrorResponse;
+import com.sillim.recordit.global.exception.ErrorCode;
 import com.sillim.recordit.global.exception.common.ApplicationException;
 import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
@@ -11,6 +12,9 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
+import org.springframework.security.authentication.InsufficientAuthenticationException;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.stereotype.Component;
 
 @Slf4j
@@ -25,20 +29,41 @@ public void handle(HttpServletResponse response, ApplicationException exception)
 		if (response.isCommitted()) {
 			return;
 		}
+		ErrorResponse body = ErrorResponse.from(exception.getErrorCode());
+		writeUnauthorizedResponse(response, body);
+	}
+
+	public void handle(HttpServletResponse response, AuthenticationException exception)
+			throws IOException {
+		if (response.isCommitted()) {
+			return;
+		}
+		ErrorResponse body = ErrorResponse.from(resolveErrorCode(exception));
+		writeUnauthorizedResponse(response, body);
+	}
+
+	private void writeUnauthorizedResponse(HttpServletResponse response, ErrorResponse body)
+			throws IOException {
+		log.info("Authentication Exception: {} {}", body.errorCode(), body.message());
 
-		log.info(
-				"Authentication Exception: {} {}",
-				exception.getErrorCode(),
-				exception.getMessage());
 		response.setStatus(HttpStatus.UNAUTHORIZED.value());
 		response.setContentType(MediaType.APPLICATION_JSON_VALUE);
 		response.setCharacterEncoding(StandardCharsets.UTF_8.name());
 
 		response.getWriter()
 				.write(
 						objectMapper.writeValueAsString(
-								ResponseEntity.status(HttpStatus.UNAUTHORIZED.value())
-										.body(ErrorResponse.from(exception.getErrorCode()))));
+								ResponseEntity.status(HttpStatus.UNAUTHORIZED.value()).body(body)));
 		response.getWriter().flush();
 	}
+
+	private ErrorCode resolveErrorCode(AuthenticationException e) {
+		log.debug("Implementation of AuthenticationException is {}", e.getClass().getSimpleName());
+		if (e instanceof AuthenticationCredentialsNotFoundException
+				|| e instanceof InsufficientAuthenticationException) {
+			return ErrorCode.AUTHENTICATION_REQUIRED;
+		} else {
+			return ErrorCode.AUTHENTICATION_FAILED;
+		}
+	}
 }

src/main/java/com/sillim/recordit/config/security/handler/JwtAuthenticationEntryPoint.java

@@ -0,0 +1,26 @@
+package com.sillim.recordit.config.security.handler;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+@Component
+@RequiredArgsConstructor
+public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+	private final AuthenticationExceptionHandler authenticationExceptionHandler;
+
+	@Override
+	public void commence(
+			HttpServletRequest request,
+			HttpServletResponse response,
+			AuthenticationException authException)
+			throws IOException {
+
+		authenticationExceptionHandler.handle(response, authException);
+	}
+}

src/main/java/com/sillim/recordit/global/exception/ErrorCode.java

@@ -16,6 +16,9 @@ public enum ErrorCode {
 	ID_TOKEN_INVALID_KEY("ERR_OIDC_003", "App Key가 유효하지 않습니다."),
 	ID_TOKEN_INVALID_SIGNATURE("ERR_OIDC_004", "ID Token의 Signature가 유효하지 않습니다."),
 
+	AUTHENTICATION_REQUIRED("ERR_AUTH_001", "해당 리소스에 접근하기 위한 인증이 필요합니다."),
+	AUTHENTICATION_FAILED("ERR_AUTH_999", "인증에 실패했습니다."),
+
 	JWT_MALFORMED("ERR_JWT_001", "JWT가 손상되었습니다."),
 	JWT_EXPIRED("ERR_JWT_002", "JWT가 만료되었습니다."),
 	JWT_UNSUPPORTED("ERR_JWT_003", "지원되지 않는 JWT 형식입니다."),

src/test/java/com/sillim/recordit/config/security/handler/AuthenticationExceptionHandlerTest.java

@@ -9,15 +9,17 @@
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
 import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.authentication.InsufficientAuthenticationException;
+import org.springframework.security.core.AuthenticationException;
 
 class AuthenticationExceptionHandlerTest {
 
 	AuthenticationExceptionHandler authenticationExceptionHandler =
 			new AuthenticationExceptionHandler(new ObjectMapper());
 
 	@Test
-	@DisplayName("exception을 response를 통해 출력한다.")
-	void responseException() throws IOException {
+	@DisplayName("ApplicationException을 response를 통해 출력한다.")
+	void responseApplicationException() throws IOException {
 		MockHttpServletResponse httpServletResponse = new MockHttpServletResponse();
 		ApplicationException exception = new ApplicationException(ErrorCode.UNHANDLED_EXCEPTION);
 
@@ -30,8 +32,36 @@ void responseException() throws IOException {
 	}
 
 	@Test
-	@DisplayName("response가 commit되어 있다면 출력되지 않는다.")
-	void notWriteIfResponseCommitted() throws IOException {
+	@DisplayName("AuthenticationException을 response를 통해 출력한다.")
+	void responseAuthenticationException() throws IOException {
+		MockHttpServletResponse httpServletResponse = new MockHttpServletResponse();
+		AuthenticationException exception =
+				new InsufficientAuthenticationException("인증이 필요한 URI입니다.");
+
+		authenticationExceptionHandler.handle(httpServletResponse, exception);
+
+		assertThat(httpServletResponse.getStatus()).isEqualTo(401);
+		assertThat(httpServletResponse.getContentType())
+				.isEqualTo("application/json;charset=UTF-8");
+		assertThat(httpServletResponse.getCharacterEncoding()).isEqualTo("UTF-8");
+	}
+
+	@Test
+	@DisplayName("ApplicationException 처리 시 response가 commit되어 있다면 출력되지 않는다.")
+	void notWriteIfApplicationExceptionResponseCommitted() throws IOException {
+		MockHttpServletResponse httpServletResponse = new MockHttpServletResponse();
+		AuthenticationException exception =
+				new InsufficientAuthenticationException("인증이 필요한 URI입니다.");
+		httpServletResponse.setCommitted(true);
+
+		authenticationExceptionHandler.handle(httpServletResponse, exception);
+
+		assertThat(httpServletResponse.getStatus()).isEqualTo(200);
+	}
+
+	@Test
+	@DisplayName("AuthenticationException 처리 시 response가 commit되어 있다면 출력되지 않는다.")
+	void notWriteIfAuthenticationExceptionResponseCommitted() throws IOException {
 		MockHttpServletResponse httpServletResponse = new MockHttpServletResponse();
 		ApplicationException exception = new ApplicationException(ErrorCode.UNHANDLED_EXCEPTION);
 		httpServletResponse.setCommitted(true);