dto 추가
package shop.mtcoding.bank.dto;
import lombok.Getter;
import lombok.RequiredArgsConstructor;
@Getter
@RequiredArgsConstructor
public class ResponseDto<T> {
private final Integer code; // 1 성공 -1 실패
private final String msg;
private final T data; // 다양한 형태의 데이터가 오기 때문에
}
코드 수정
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
.
.
.
// Exception 가로채기(일관성을 위해서)
http.exceptionHandling().authenticationEntryPoint((request, response, authException) -> {
ObjectMapper om = new ObjectMapper();
ResponseDto<?> responseDto = new ResponseDto<>(-1, "권한없음", null);
String responseBody = om.writeValueAsString(responseDto);
response.setContentType("application/json; charset=utf-8");
response.setStatus(403);
response.getWriter().println(responseBody);
});
http.authorizeRequests()
.antMatchers("/api/s/**").authenticated()
.antMatchers("/api/admin/**").hasRole("" + UserEnum.ADMIN) // ROLE_
.anyRequest().permitAll();
return http.build();
}
하지만 코드를 해당위치에 두면 재사용성 낮음, util 패키지 생성후 코드 생성
package shop.mtcoding.bank.util;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.fasterxml.jackson.databind.ObjectMapper;
import shop.mtcoding.bank.dto.ResponseDto;
public class CustomResponseUtil {
private static final Logger log = LoggerFactory.getLogger(CustomResponseUtil.class); // static 때문에
public static void unAuthentication(HttpServletResponse response, String msg) {
try {
ObjectMapper om = new ObjectMapper();
ResponseDto<?> responseDto = new ResponseDto<>(-1, msg, null);
String responseBody = om.writeValueAsString(responseDto);
response.setContentType("application/json; charset=utf-8");
response.setStatus(401);
response.getWriter().println(responseBody);
} catch (Exception e) {
log.error("서버 파싱 에러");
}
}
}
try - catch 로 묶는 이유 : 파싱할 떄 에러 발생할 수 있어서
그리고 SecurityConfig 수정
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
.
.
.
// Exception 가로채기(일관성을 위해서)
http.exceptionHandling().authenticationEntryPoint((request, response, authException) -> {
CustomResponseUtil.unAuthentication(response, "로그인을 진행해 주세요");
});
http.authorizeRequests()
.antMatchers("/api/s/**").authenticated()
.antMatchers("/api/admin/**").hasRole("" + UserEnum.ADMIN) // ROLE_
.anyRequest().permitAll();
return http.build();
}
테스트를 통해
@Test
public void authentication_test() throws Exception {
// given
// when
ResultActions resultActions = mvc.perform(get("/api/s/hello"));
String responseBody = resultActions.andReturn().getResponse().getContentAsString();
int httpStatusCode = resultActions.andReturn().getResponse().getStatus();
System.out.println("테스트 : " + responseBody);
System.out.println("테스트 : " + httpStatusCode);
// then
assertThat(httpStatusCode).isEqualTo(401);
}
403으로 하면
@Test
public void authorization_test() throws Exception {
// given
// when
ResultActions resultActions = mvc.perform(get("/api/s/hello"));
String responseBody = resultActions.andReturn().getResponse().getContentAsString();
int httpStatusCode = resultActions.andReturn().getResponse().getStatus();
System.out.println("테스트 : " + responseBody);
System.out.println("테스트 : " + httpStatusCode);
// then
assertThat(httpStatusCode).isEqualTo(401);
}
마지막에는 항상 전체 테스트 돌리기