3단계 - 즐겨찾기 기능 구현

src/main/java/nextstep/auth/AuthConfig.java

@@ -18,15 +18,15 @@
 @RequiredArgsConstructor
 @Configuration
 public class AuthConfig implements WebMvcConfigurer {
-    private final UserDetailService loginMemberService;
+    private final UserDetailService userDetailService;
     private final JwtTokenProvider jwtTokenProvider;
 
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(new SecurityContextPersistenceFilter());
-        registry.addInterceptor(new UsernamePasswordAuthFilter(loginMemberService)).addPathPatterns("/login/form");
-        registry.addInterceptor(new TokenAuthInterceptor(loginMemberService, jwtTokenProvider)).addPathPatterns("/login/token");
-        registry.addInterceptor(new BasicAuthFilter(loginMemberService));
+        registry.addInterceptor(new UsernamePasswordAuthFilter(userDetailService)).addPathPatterns("/login/form");
+        registry.addInterceptor(new TokenAuthInterceptor(userDetailService, jwtTokenProvider)).addPathPatterns("/login/token");
+        registry.addInterceptor(new BasicAuthFilter(userDetailService));
         registry.addInterceptor(new BearerTokenAuthFilter(jwtTokenProvider));
     }
 

src/main/java/nextstep/auth/authentication/BasicAuthFilter.java

@@ -2,19 +2,19 @@
 
 import lombok.RequiredArgsConstructor;
 import nextstep.auth.context.Authentication;
-import nextstep.auth.context.SecurityContextHolder;
+import nextstep.auth.user.User;
 import nextstep.auth.user.UserDetail;
 import nextstep.auth.user.UserDetailService;
-import nextstep.auth.interceptor.AuthChainInterceptor;
+import nextstep.auth.interceptor.AuthContextChainInterceptor;
 import org.apache.tomcat.util.codec.binary.Base64;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 
 @RequiredArgsConstructor
-public class BasicAuthFilter extends AuthChainInterceptor {
+public class BasicAuthFilter extends AuthContextChainInterceptor {
     private final UserDetailService userDetailService;
 
+    @Override
     protected void checkValidAuth(final AuthenticationToken token) {
         UserDetail loginMember = userDetailService.loadUserByUsername(token.getPrincipal());
         if (loginMember == null) {
@@ -25,12 +25,14 @@ protected void checkValidAuth(final AuthenticationToken token) {
         }
     }
 
+    @Override
     protected Authentication getAuthentication(final AuthenticationToken token) {
         UserDetail loginMember = userDetailService.loadUserByUsername(token.getPrincipal());
         return new Authentication(loginMember.getEmail(), loginMember.getAuthorities());
     }
 
-    protected AuthenticationToken getAuthenticationToken(final HttpServletRequest request) {
+    @Override
+    protected AuthenticationToken createAuthToken(final HttpServletRequest request) {
         String authCredentials = AuthorizationExtractor.extract(request, AuthorizationType.BASIC);
         String authHeader = new String(Base64.decodeBase64(authCredentials));
 

src/main/java/nextstep/auth/authentication/BearerTokenAuthFilter.java

@@ -3,21 +3,23 @@
 import lombok.RequiredArgsConstructor;
 import nextstep.auth.context.Authentication;
 import nextstep.auth.token.JwtTokenProvider;
-import nextstep.auth.interceptor.AuthChainInterceptor;
+import nextstep.auth.interceptor.AuthContextChainInterceptor;
 
 import javax.servlet.http.HttpServletRequest;
 import java.util.List;
 
 @RequiredArgsConstructor
-public class BearerTokenAuthFilter extends AuthChainInterceptor {
+public class BearerTokenAuthFilter extends AuthContextChainInterceptor {
     private final JwtTokenProvider jwtTokenProvider;
 
+    @Override
     protected void checkValidAuth(final AuthenticationToken token) {
         if (!jwtTokenProvider.validateToken(token.getPrincipal())) {
             throw new AuthenticationException();
         }
     }
 
+    @Override
     protected Authentication getAuthentication(final AuthenticationToken token) {
         String principal = jwtTokenProvider.getPrincipal(token.getPrincipal());
         List<String> roles = jwtTokenProvider.getRoles(token.getPrincipal());
@@ -26,7 +28,8 @@ protected Authentication getAuthentication(final AuthenticationToken token) {
         return authentication;
     }
 
-    protected AuthenticationToken getAuthenticationToken(final HttpServletRequest request) {
+    @Override
+    protected AuthenticationToken createAuthToken(final HttpServletRequest request) {
         String authCredentials = AuthorizationExtractor.extract(request, AuthorizationType.BEARER);
         return new AuthenticationToken(authCredentials, authCredentials);
     }

src/main/java/nextstep/auth/authentication/UsernamePasswordAuthFilter.java

@@ -2,8 +2,9 @@
 
 import nextstep.auth.context.Authentication;
 import nextstep.auth.context.SecurityContextHolder;
-import nextstep.auth.user.UserDetail;
 import nextstep.auth.interceptor.AuthNotChainInterceptor;
+import nextstep.auth.user.User;
+import nextstep.auth.user.UserDetail;
 import nextstep.auth.user.UserDetailService;
 
 import javax.servlet.http.HttpServletRequest;
@@ -27,8 +28,8 @@ protected AuthenticationToken createAuthToken(final HttpServletRequest request)
     }
 
     @Override
-    protected void afterSuccessUserCheck(final HttpServletRequest request, final HttpServletResponse response, UserDetail userDetail) {
-        Authentication authentication = new Authentication(userDetail.getEmail(), userDetail.getAuthorities());
+    protected void afterSuccessUserCheck(final HttpServletRequest request, final HttpServletResponse response, UserDetail user) {
+        Authentication authentication = new Authentication(user.getEmail(), user.getAuthorities());
         SecurityContextHolder.getContext().setAuthentication(authentication);
     }
 }

src/main/java/nextstep/auth/authorization/AuthenticationPrincipalArgumentResolver.java

@@ -2,7 +2,8 @@
 
 import nextstep.auth.context.Authentication;
 import nextstep.auth.context.SecurityContextHolder;
-import nextstep.member.domain.LoginMember;
+import nextstep.auth.user.User;
+import nextstep.auth.user.UserDetail;
 import org.springframework.core.MethodParameter;
 import org.springframework.web.bind.support.WebDataBinderFactory;
 import org.springframework.web.context.request.NativeWebRequest;
@@ -16,12 +17,12 @@ public boolean supportsParameter(MethodParameter parameter) {
     }
 
     @Override
-    public LoginMember resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
+    public UserDetail resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
         if (authentication == null) {
-            return LoginMember.guest();
+            return User.guest();
         }
 
-        return LoginMember.of(authentication.getPrincipal().toString(), authentication.getAuthorities());
+        return User.of(authentication.getPrincipal().toString(), authentication.getAuthorities());
     }
 }

src/main/java/nextstep/auth/interceptor/AuthChainInterceptor.java → src/main/java/nextstep/auth/interceptor/AuthContextChainInterceptor.java

@@ -8,12 +8,12 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-public abstract class AuthChainInterceptor implements HandlerInterceptor {
+public abstract class AuthContextChainInterceptor implements HandlerInterceptor {
 
     @Override
     public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler){
         try {
-            AuthenticationToken token = getAuthenticationToken(request);
+            AuthenticationToken token = createAuthToken(request);
             checkValidAuth(token);
             saveAuthContext(token);
             return true;
@@ -26,7 +26,7 @@ public boolean preHandle(final HttpServletRequest request, final HttpServletResp
 
     protected abstract Authentication getAuthentication(final AuthenticationToken token);
 
-    protected abstract AuthenticationToken getAuthenticationToken(final HttpServletRequest request);
+    protected abstract AuthenticationToken createAuthToken(final HttpServletRequest request);
 
     private void saveAuthContext(final AuthenticationToken token) {
         Authentication authentication = getAuthentication(token);

src/main/java/nextstep/auth/interceptor/AuthNotChainInterceptor.java

@@ -3,6 +3,7 @@
 import lombok.RequiredArgsConstructor;
 import nextstep.auth.authentication.AuthenticationException;
 import nextstep.auth.authentication.AuthenticationToken;
+import nextstep.auth.user.User;
 import nextstep.auth.user.UserDetail;
 import nextstep.auth.user.UserDetailService;
 import org.springframework.web.servlet.HandlerInterceptor;
@@ -19,9 +20,9 @@ public abstract class AuthNotChainInterceptor implements HandlerInterceptor {
     public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler){
         try {
             AuthenticationToken authToken = createAuthToken(request);
-            checkValidUser(authToken);
-            UserDetail userDetail = getUserDetail(authToken);
-            afterSuccessUserCheck(request, response, userDetail);
+            checkValidAuth(authToken);
+            UserDetail user = getUserDetail(authToken);
+            afterSuccessUserCheck(request, response, user);
             return false;
         } catch (Exception e) {
             return true;
@@ -30,10 +31,10 @@ public boolean preHandle(final HttpServletRequest request, final HttpServletResp
 
     protected abstract AuthenticationToken createAuthToken(final HttpServletRequest request) throws IOException;
 
-    protected abstract void afterSuccessUserCheck(final HttpServletRequest request, final HttpServletResponse response, UserDetail userDetail)
+    protected abstract void afterSuccessUserCheck(final HttpServletRequest request, final HttpServletResponse response, UserDetail user)
         throws IOException;
 
-    protected void checkValidUser(AuthenticationToken authToken){
+    protected void checkValidAuth(AuthenticationToken authToken){
         UserDetail loginMember = getUserDetail(authToken);
 
         if (loginMember == null) {

src/main/java/nextstep/auth/secured/SecuredAnnotationChecker.java

@@ -2,8 +2,8 @@
 
 import nextstep.auth.context.Authentication;
 import nextstep.auth.context.SecurityContextHolder;
-import nextstep.common.exception.CustomException;
-import nextstep.common.exception.code.CommonCode;
+import nextstep.common.exception.AuthException;
+import nextstep.common.exception.code.AuthCode;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Before;
@@ -27,11 +27,11 @@ public void checkAuthorities(JoinPoint joinPoint) {
         List<String> values = Arrays.stream(secured.value()).map(Enum::name).collect(Collectors.toList());
 
         Authentication authentication = Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication())
-                                                .orElseThrow(() -> new CustomException(CommonCode.AUTH_INVALID));
+                                                .orElseThrow(() -> new AuthException(AuthCode.AUTH_INVALID));
 
         authentication.getAuthorities().stream()
                       .filter(values::contains)
                       .findFirst()
-                      .orElseThrow(() -> new CustomException(CommonCode.AUTH_INVALID));
+                      .orElseThrow(() -> new AuthException(AuthCode.AUTH_INVALID));
     }
 }

src/main/java/nextstep/auth/token/TokenAuthInterceptor.java

@@ -2,8 +2,9 @@
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import nextstep.auth.authentication.AuthenticationToken;
-import nextstep.auth.user.UserDetail;
+import nextstep.auth.user.User;
 import nextstep.auth.interceptor.AuthNotChainInterceptor;
+import nextstep.auth.user.UserDetail;
 import nextstep.auth.user.UserDetailService;
 import org.springframework.http.MediaType;
 
@@ -30,8 +31,8 @@ protected AuthenticationToken createAuthToken(final HttpServletRequest request)
     @Override
     protected void afterSuccessUserCheck(final HttpServletRequest request,
                                          final HttpServletResponse response,
-                                         final UserDetail userDetail) throws IOException {
-        String token = jwtTokenProvider.createToken(userDetail.getEmail(), userDetail.getAuthorities());
+                                         final UserDetail user) throws IOException {
+        String token = jwtTokenProvider.createToken(user.getEmail(), user.getAuthorities());
         TokenResponse tokenResponse = new TokenResponse(token);
 
         String responseToClient = new ObjectMapper().writeValueAsString(tokenResponse);

src/main/java/nextstep/auth/user/User.java

@@ -0,0 +1,34 @@
+package nextstep.auth.user;
+
+import lombok.AccessLevel;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+import java.util.List;
+
+@NoArgsConstructor(access = AccessLevel.PRIVATE)
+@AllArgsConstructor(access = AccessLevel.PRIVATE)
+@Getter
+public class User implements UserDetail{
+    private String email;
+    private String password;
+    private List<String> authorities;
+
+    public static User of(String email, List<String> authorities) {
+        return new User(email, null, authorities);
+    }
+
+    public static User of(String email, String password, List<String> authorities) {
+        return new User(email, password, authorities);
+    }
+
+    public static UserDetail guest() {
+        return new User();
+    }
+
+    @Override
+    public boolean checkPassword(final String password) {
+        return this.password.equals(password);
+    }
+}

src/main/java/nextstep/auth/user/UserDetail.java

@@ -3,11 +3,11 @@
 import java.util.List;
 
 public interface UserDetail {
+    boolean checkPassword(final String password);
+
     String getEmail();
 
     String getPassword();
 
     List<String> getAuthorities();
-
-    boolean checkPassword(String password);
 }

src/main/java/nextstep/common/CommonResponse.java

@@ -13,7 +13,7 @@
 public class CommonResponse<T> {
     private int code;
     private String message;
-    T data;
+    private T data;
 
     public CommonResponse(ResponseCode responseCode) {
         this.code = responseCode.getCode();

src/main/java/nextstep/common/exception/AuthException.java

@@ -0,0 +1,9 @@
+package nextstep.common.exception;
+
+import nextstep.common.exception.code.AuthCode;
+
+public class AuthException extends CustomException{
+    public AuthException(final AuthCode authCode) {
+        super(authCode);
+    }
+}

src/main/java/nextstep/common/exception/GlobalExceptionHandler.java

@@ -2,6 +2,7 @@
 
 import lombok.extern.slf4j.Slf4j;
 import nextstep.common.CommonResponse;
+import nextstep.common.exception.code.AuthCode;
 import nextstep.common.exception.code.CommonCode;
 import nextstep.common.exception.code.ResponseCode;
 import org.springframework.dao.DataIntegrityViolationException;
@@ -28,6 +29,16 @@ public ResponseEntity<Object> handleCustomException(CustomException ex) {
         return ResponseEntity.status(HttpStatus.OK).body(response);
     }
 
+    /**
+     * 인증 exception 처리
+     */
+    @ExceptionHandler(value = {AuthException.class})
+    public ResponseEntity<Object> handleAuthException(AuthException ex) {
+        ResponseCode responseCode = ex.getResponseCode();
+        CommonResponse<Object> response = new CommonResponse<>(responseCode);
+        return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(response);
+    }
+
     /**
      * 파라미터 유효성관련 exception 처리
      */

src/main/java/nextstep/common/exception/code/AuthCode.java

@@ -0,0 +1,17 @@
+package nextstep.common.exception.code;
+
+import lombok.Getter;
+
+@Getter
+public enum AuthCode implements ResponseCode {
+    AUTH_INVALID(1002, "올바르지 않는 사용자입니다.");
+
+    private final int code;
+
+    private final String message;
+
+    AuthCode(int code, String message) {
+        this.code = code;
+        this.message = message;
+    }
+}

src/main/java/nextstep/common/exception/code/CommonCode.java

@@ -5,8 +5,7 @@
 @Getter
 public enum CommonCode implements ResponseCode {
     ETC(1000, "알 수 없는 오류입니다."),
-    PARAM_INVALID(1001, "올바르지 않은 파라미터입니다."),
-    AUTH_INVALID(1002, "올바르지 않는 사용자입니다.");
+    PARAM_INVALID(1001, "올바르지 않은 파라미터입니다.");
 
     private final int code;
 

src/main/java/nextstep/member/application/LoginMemberService.java

@@ -1,7 +1,8 @@
 package nextstep.member.application;
 
+import nextstep.auth.user.User;
+import nextstep.auth.user.UserDetail;
 import nextstep.auth.user.UserDetailService;
-import nextstep.member.domain.LoginMember;
 import nextstep.member.domain.Member;
 import nextstep.member.domain.MemberRepository;
 import org.springframework.stereotype.Service;
@@ -14,8 +15,8 @@ public LoginMemberService(MemberRepository memberRepository) {
         this.memberRepository = memberRepository;
     }
 
-    public LoginMember loadUserByUsername(String email) {
+    public UserDetail loadUserByUsername(String email) {
         Member member = memberRepository.findByEmail(email).orElseThrow(RuntimeException::new);
-        return LoginMember.of(member);
+        return User.of(member.getEmail(), member.getPassword(), member.getRoles());
     }
 }