From 807e649bbf6386e01d4af9b634855bb45fee0cff Mon Sep 17 00:00:00 2001 From: kimjooyoung Date: Wed, 5 Jun 2024 14:06:46 +0900 Subject: [PATCH] =?UTF-8?q?Fix.=20=EB=A1=9C=EA=B7=B8=EC=9D=B8=20=EC=84=B1?= =?UTF-8?q?=EA=B3=B5=EC=8B=9C=20=EB=A6=AC=EB=8B=A4=EC=9D=B4=EB=A0=89?= =?UTF-8?q?=EC=85=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fix. URI 사용하여 path 추출 fix. target url 경로 추출 fix. success handler custom fix. savedRequestAwareAuthenticationSuccessHandler사용 fix. redirect URI 경로 재수정 fix. security redirect uri 경로 수정 --- .../CustomAuthenticationSuccessHandler.java | 25 ---------- .../config/security/CustomSuccessHandler.java | 47 +++++++++++++++++++ .../config/security/SecurityConfig.java | 9 +++- 3 files changed, 54 insertions(+), 27 deletions(-) delete mode 100644 BE/src/main/java/team07/airbnb/config/security/CustomAuthenticationSuccessHandler.java create mode 100644 BE/src/main/java/team07/airbnb/config/security/CustomSuccessHandler.java diff --git a/BE/src/main/java/team07/airbnb/config/security/CustomAuthenticationSuccessHandler.java b/BE/src/main/java/team07/airbnb/config/security/CustomAuthenticationSuccessHandler.java deleted file mode 100644 index ce7cedd4..00000000 --- a/BE/src/main/java/team07/airbnb/config/security/CustomAuthenticationSuccessHandler.java +++ /dev/null @@ -1,25 +0,0 @@ -package team07.airbnb.config.security; - -import jakarta.servlet.ServletException; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; -import org.springframework.security.core.Authentication; -import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler; -import org.springframework.stereotype.Component; - -import java.io.IOException; - -@Component -public class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler { - - @Override - public void onAuthenticationSuccess(HttpServletRequest request, - HttpServletResponse response, - Authentication authentication) throws IOException, ServletException { - // 로그인 성공 시 리다이렉트할 URL 설정 - String requestURI = request.getRequestURI(); - - setDefaultTargetUrl("/api" + requestURI); - super.onAuthenticationSuccess(request, response, authentication); - } -} diff --git a/BE/src/main/java/team07/airbnb/config/security/CustomSuccessHandler.java b/BE/src/main/java/team07/airbnb/config/security/CustomSuccessHandler.java new file mode 100644 index 00000000..7a7e650d --- /dev/null +++ b/BE/src/main/java/team07/airbnb/config/security/CustomSuccessHandler.java @@ -0,0 +1,47 @@ +package team07.airbnb.config.security; + +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import org.springframework.security.core.Authentication; +import org.springframework.security.web.savedrequest.HttpSessionRequestCache; +import org.springframework.security.web.savedrequest.RequestCache; +import org.springframework.security.web.savedrequest.SavedRequest; +import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; +import org.springframework.stereotype.Component; + + +import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; + +@Component +public class CustomSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler { + + private final RequestCache requestCache = new HttpSessionRequestCache(); + + public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException { + SavedRequest savedRequest = requestCache.getRequest(request, response); + + if (savedRequest == null) { + super.onAuthenticationSuccess(request, response, authentication); + return; + } + + String targetUrl = savedRequest.getRedirectUrl(); + + try { + URI targetUri = new URI(targetUrl); + String path = targetUri.getPath(); + String query = targetUri.getQuery(); + String newTargetUrl = request.getContextPath() + "/api" + path; + if (query != null) { + newTargetUrl += "?" + query; + } + + getRedirectStrategy().sendRedirect(request, response, newTargetUrl); + } catch (URISyntaxException e) { + super.onAuthenticationSuccess(request, response, authentication); + } + } +} diff --git a/BE/src/main/java/team07/airbnb/config/security/SecurityConfig.java b/BE/src/main/java/team07/airbnb/config/security/SecurityConfig.java index 8f403988..ce8ab512 100644 --- a/BE/src/main/java/team07/airbnb/config/security/SecurityConfig.java +++ b/BE/src/main/java/team07/airbnb/config/security/SecurityConfig.java @@ -5,17 +5,21 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.oauth2.client.userinfo.OAuth2UserService; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.AuthenticationSuccessHandler; +import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; import team07.airbnb.domain.user.enums.Role; import team07.airbnb.domain.user.service.CustomOAuthUserService; @Configuration @RequiredArgsConstructor +@EnableWebSecurity public class SecurityConfig { private final CustomOAuthUserService oAuth2UserService; - private final CustomAuthenticationSuccessHandler authenticationSuccessHandler; + private final CustomSuccessHandler successHandler; @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { @@ -43,13 +47,14 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { .oauth2Login( oAuth -> { oAuth.userInfoEndpoint(userInfo -> userInfo.userService(oAuth2UserService)); - oAuth.successHandler(authenticationSuccessHandler); + oAuth.successHandler(successHandler); } ); return http.build(); } + // @Bean // protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception { // http.authorizeHttpRequests(auth -> auth