Merge pull request #72 from Nexters/feature/token-filter-entry-point

fix: 인증 예외처리 방식 변경

Author: 1117mg

src/main/java/com/climbup/climbup/auth/filter/JwtAuthenticationFilter.java

@@ -39,29 +39,20 @@ protected void doFilterInternal(HttpServletRequest request,
                                     HttpServletResponse response,
                                     FilterChain filterChain) throws ServletException, IOException {
 
-        try {
-            String token = extractTokenFromRequest(request);
-
-            if (StringUtils.hasText(token) && jwtUtil.isTokenValid(token)) {
-                if (!jwtUtil.isAccessToken(token)) {
-                    log.debug("Access Token이 아닌 토큰으로 인증 시도: {}", jwtUtil.getTokenType(token));
-                    SecurityContextHolder.clearContext();
-                } else {
+        String token = extractTokenFromRequest(request);
+
+        if (StringUtils.hasText(token)) {
+            try {
+                if (jwtUtil.isTokenValid(token) && jwtUtil.isAccessToken(token)) {
                     authenticateUser(request, token);
                 }
+            } catch (TokenExpiredException | InvalidTokenException e) {
+                log.debug("토큰 검증 실패: {}", e.getMessage());
+            } catch (UserNotFoundException e) {
+                log.warn("토큰은 유효하지만 사용자를 찾을 수 없음: {}", e.getMessage());
+            } catch (Exception e) {
+                log.error("JWT 인증 처리 중 예상치 못한 오류 발생: {}", e.getClass().getSimpleName(), e);
             }
-        } catch (InvalidTokenException e) {
-            log.debug("유효하지 않은 토큰으로 인한 인증 실패: {}", e.getMessage());
-            SecurityContextHolder.clearContext();
-        } catch (TokenExpiredException e) {
-            log.debug("만료된 토큰으로 인한 인증 실패: {}", e.getMessage());
-            SecurityContextHolder.clearContext();
-        } catch (UserNotFoundException e) {
-            log.warn("토큰은 유효하지만 사용자를 찾을 수 없음: {}", e.getMessage());
-            SecurityContextHolder.clearContext();
-        } catch (Exception e) {
-            log.error("JWT 인증 처리 중 예상치 못한 오류 발생: {}", e.getClass().getSimpleName(), e);
-            SecurityContextHolder.clearContext();
         }
 
         filterChain.doFilter(request, response);
@@ -116,7 +107,6 @@ private String extractTokenFromRequest(HttpServletRequest request) {
     protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
         String path = request.getRequestURI();
 
-        // 정적 리소스나 공개 API는 검증하지 않음
         return path.startsWith("/css/") ||
                 path.startsWith("/js/") ||
                 path.startsWith("/images/") ||

src/main/java/com/climbup/climbup/auth/handler/CustomAuthenticationEntryPoint.java

@@ -0,0 +1,36 @@
+package com.climbup.climbup.auth.handler;
+
+import com.climbup.climbup.common.dto.ErrorResponse;
+import com.climbup.climbup.common.exception.ErrorCode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.MediaType;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+@RequiredArgsConstructor
+public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+    private final ObjectMapper objectMapper;
+
+    @Override
+    public void commence(HttpServletRequest request,
+                         HttpServletResponse response,
+                         AuthenticationException authException) throws IOException {
+
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
+        response.setCharacterEncoding("UTF-8");
+
+        ErrorResponse errorResponse = ErrorResponse.of(ErrorCode.INVALID_TOKEN, request.getRequestURI());
+
+        response.getWriter().write(objectMapper.writeValueAsString(errorResponse));
+    }
+}

src/main/java/com/climbup/climbup/common/dto/ApiResult.java

@@ -9,36 +9,53 @@
 @Schema(description = "Api 응답 정보")
 public class ApiResult<T> {
 
+    @Schema(description = "성공 여부", example = "true")
+    private Boolean success;
+
     @Schema(description = "응답 메시지", example = "요청이 성공적으로 처리되었습니다.")
     private String message;
 
     @Schema(description = "응답 데이터")
     private T data;
 
+    @Schema(description = "에러 코드", example = "AUTH_001")
+    private String errorCode;
+
     public static <T> ApiResult<T> success(T data) {
         return ApiResult.<T>builder()
+                .success(true)
                 .message("요청이 성공적으로 처리되었습니다.")
                 .data(data)
                 .build();
     }
 
     public static <T> ApiResult<T> success(String message, T data) {
         return ApiResult.<T>builder()
+                .success(true)
                 .message(message)
                 .data(data)
                 .build();
     }
 
     public static ApiResult<Void> success() {
         return ApiResult.<Void>builder()
+                .success(true)
                 .message("요청이 성공적으로 처리되었습니다.")
                 .build();
     }
 
     public static ApiResult<Void> success(String message) {
         return ApiResult.<Void>builder()
+                .success(true)
                 .message(message)
                 .build();
     }
 
-}
+    public static <T> ApiResult<T> error(String errorCode, String message) {
+        return ApiResult.<T>builder()
+                .success(false)
+                .errorCode(errorCode)
+                .message(message)
+                .build();
+    }
+}

src/main/java/com/climbup/climbup/global/config/SecurityConfig.java

@@ -1,6 +1,7 @@
 package com.climbup.climbup.global.config;
 
 import com.climbup.climbup.auth.filter.JwtAuthenticationFilter;
+import com.climbup.climbup.auth.handler.CustomAuthenticationEntryPoint;
 import com.climbup.climbup.auth.handler.OAuth2SuccessHandler;
 import com.climbup.climbup.auth.service.CustomOAuth2UserService;
 import io.swagger.v3.oas.models.Components;
@@ -26,6 +27,7 @@ public class SecurityConfig {
     private final CustomOAuth2UserService customOAuth2UserService;
     private final OAuth2SuccessHandler oAuth2SuccessHandler;
     private final JwtAuthenticationFilter jwtAuthenticationFilter;
+    private final CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
 
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
@@ -56,6 +58,9 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                         .successHandler(oAuth2SuccessHandler)
                         .failureUrl("/login?error")
                 )
+                .exceptionHandling(exceptions -> exceptions
+                        .authenticationEntryPoint(customAuthenticationEntryPoint)
+                )
                 .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
 
         return http.build();