From dc510545bf5dc56e16a07f35ab54f0826095f1ae Mon Sep 17 00:00:00 2001 From: soongjamm Date: Tue, 27 Jul 2021 21:42:26 +0900 Subject: [PATCH 1/2] =?UTF-8?q?fix:=20=ED=95=9C=20=EC=9A=94=EC=B2=AD?= =?UTF-8?q?=EB=82=B4=EC=97=90=EC=84=9C=20@AuthenticationRequired=EB=A1=9C?= =?UTF-8?q?=20=EC=9D=B8=EC=A6=9D=EA=B0=9D=EC=B2=B4=EB=A5=BC=20=ED=95=9C?= =?UTF-8?q?=EB=B2=88=20=EC=A1=B0=ED=9A=8C=ED=95=98=EB=A9=B4=20ThreadLocal?= =?UTF-8?q?=EC=97=90=20=EC=A0=80=EC=9E=A5=ED=95=98=EC=97=AC=20=EC=9E=AC?= =?UTF-8?q?=EC=82=AC=EC=9A=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../AuthenticatedUserArgumentResolver.java | 3 +++ .../api/authentication/AuthenticationHolder.java | 15 +++++++++++++++ .../api/authentication/UserAuthInterceptor.java | 12 ++---------- .../domain/authentication/Authentication.java | 13 +++++++++++++ 4 files changed, 33 insertions(+), 10 deletions(-) create mode 100644 src/main/java/com/bluedelivery/api/authentication/AuthenticationHolder.java diff --git a/src/main/java/com/bluedelivery/api/authentication/AuthenticatedUserArgumentResolver.java b/src/main/java/com/bluedelivery/api/authentication/AuthenticatedUserArgumentResolver.java index 9cdabbc3..a84823d2 100644 --- a/src/main/java/com/bluedelivery/api/authentication/AuthenticatedUserArgumentResolver.java +++ b/src/main/java/com/bluedelivery/api/authentication/AuthenticatedUserArgumentResolver.java @@ -35,6 +35,9 @@ public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) { + if (Authentication.isAnnotated(parameter.getMethod())) { + return AuthenticationHolder.getAuthentication(); + } HttpServletRequest req = (HttpServletRequest) webRequest.getNativeRequest(); Optional optional = authenticationService.getAuthentication(req.getHeader(AUTHORIZATION)); if (optional.isPresent()) { diff --git a/src/main/java/com/bluedelivery/api/authentication/AuthenticationHolder.java b/src/main/java/com/bluedelivery/api/authentication/AuthenticationHolder.java new file mode 100644 index 00000000..e2816ed0 --- /dev/null +++ b/src/main/java/com/bluedelivery/api/authentication/AuthenticationHolder.java @@ -0,0 +1,15 @@ +package com.bluedelivery.api.authentication; + +import com.bluedelivery.domain.authentication.Authentication; + +public class AuthenticationHolder { + private static ThreadLocal authentication = new ThreadLocal<>(); + + public static Authentication getAuthentication() { + return authentication.get(); + } + + public static void setAuthentication(Authentication auth) { + authentication.set(auth); + } +} diff --git a/src/main/java/com/bluedelivery/api/authentication/UserAuthInterceptor.java b/src/main/java/com/bluedelivery/api/authentication/UserAuthInterceptor.java index 2eb516ce..bdebcaf9 100644 --- a/src/main/java/com/bluedelivery/api/authentication/UserAuthInterceptor.java +++ b/src/main/java/com/bluedelivery/api/authentication/UserAuthInterceptor.java @@ -9,7 +9,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.springframework.core.annotation.AnnotationUtils; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.HandlerMapping; @@ -27,20 +26,13 @@ public class UserAuthInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) { - if (needToBeAuthenticated((HandlerMethod) handler)) { + if (Authentication.isAnnotated(((HandlerMethod) handler).getMethod())) { Authentication auth = authenticationService.getAuthentication(request.getHeader(AUTHORIZATION)) .orElseThrow(() -> new ApiException(INVALID_AUTHENTICATION)); if (!isSameUser(request, auth) || auth.isInvalidated()) { throw new ApiException(NOT_AUTHORIZED_ACCESS); } - } - return true; - } - - private boolean needToBeAuthenticated(HandlerMethod handler) { - if (AnnotationUtils.findAnnotation(handler.getMethod(), AuthenticationRequired.class) == null - && AnnotationUtils.findAnnotation(handler.getBeanType(), AuthenticationRequired.class) == null) { - return false; + AuthenticationHolder.setAuthentication(auth); } return true; } diff --git a/src/main/java/com/bluedelivery/domain/authentication/Authentication.java b/src/main/java/com/bluedelivery/domain/authentication/Authentication.java index 5e3a9f89..acf52b07 100644 --- a/src/main/java/com/bluedelivery/domain/authentication/Authentication.java +++ b/src/main/java/com/bluedelivery/domain/authentication/Authentication.java @@ -1,10 +1,15 @@ package com.bluedelivery.domain.authentication; import java.io.Serializable; +import java.lang.reflect.Method; import java.time.Duration; import java.time.Instant; import java.util.Objects; +import org.springframework.core.annotation.AnnotationUtils; + +import com.bluedelivery.api.authentication.AuthenticationRequired; + public class Authentication implements Serializable { public static String AUTH_STR = "auth"; private String token; @@ -21,6 +26,14 @@ public Authentication(String token, Long userId) { this.userId = userId; } + public static boolean isAnnotated(Method method) { + if (AnnotationUtils.findAnnotation(method, AuthenticationRequired.class) == null + && AnnotationUtils.findAnnotation(method.getDeclaringClass(), AuthenticationRequired.class) == null) { + return false; + } + return true; + } + public void invalidate() { this.invalidated = true; } From f049cf432b064a0a46c7dd92c887ac847dd4ca65 Mon Sep 17 00:00:00 2001 From: soongjamm Date: Tue, 27 Jul 2021 22:00:10 +0900 Subject: [PATCH 2/2] =?UTF-8?q?ThreadLocal=EC=9D=84=20=EA=B2=80=EC=82=AC?= =?UTF-8?q?=ED=95=98=EB=8F=84=EB=A1=9D=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../api/authentication/AuthenticatedUserArgumentResolver.java | 2 +- .../bluedelivery/api/authentication/AuthenticationHolder.java | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/bluedelivery/api/authentication/AuthenticatedUserArgumentResolver.java b/src/main/java/com/bluedelivery/api/authentication/AuthenticatedUserArgumentResolver.java index a84823d2..a80e174e 100644 --- a/src/main/java/com/bluedelivery/api/authentication/AuthenticatedUserArgumentResolver.java +++ b/src/main/java/com/bluedelivery/api/authentication/AuthenticatedUserArgumentResolver.java @@ -35,7 +35,7 @@ public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) { - if (Authentication.isAnnotated(parameter.getMethod())) { + if (AuthenticationHolder.hasAuthentication()) { return AuthenticationHolder.getAuthentication(); } HttpServletRequest req = (HttpServletRequest) webRequest.getNativeRequest(); diff --git a/src/main/java/com/bluedelivery/api/authentication/AuthenticationHolder.java b/src/main/java/com/bluedelivery/api/authentication/AuthenticationHolder.java index e2816ed0..5e5cb2ab 100644 --- a/src/main/java/com/bluedelivery/api/authentication/AuthenticationHolder.java +++ b/src/main/java/com/bluedelivery/api/authentication/AuthenticationHolder.java @@ -5,6 +5,10 @@ public class AuthenticationHolder { private static ThreadLocal authentication = new ThreadLocal<>(); + public static boolean hasAuthentication() { + return authentication.get() != null; + } + public static Authentication getAuthentication() { return authentication.get(); }