Package com.jerocaller.libs.spoonsuits.web.jwt

Class DefaultJwtAuthenticationFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
com.jerocaller.libs.spoonsuits.web.jwt.DefaultJwtAuthenticationFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware
@Component public class DefaultJwtAuthenticationFilter extends org.springframework.web.filter.OncePerRequestFilter

JWT Authentication Filter 구현체

내부적으로 JwtAuthenticationProvider (기본적으로는 DefaultJwtAuthenticationProviderImpl 을 사용함. 해당 인터페이스를 구현하면 그 구현체를 사용함)를 의존성 주입받아 사용하며, HTTP request의 header로부터 access token을 추출, 유효성 검사 후, 유효하면 JWT에 담긴 사용자 정보를 추출, SecurityContextHolderAuthentication 타입으로 사용자 정보를 저장함.

Refresh token에 대해선 다루지 않으며, 만약 HTTP request의 header 내에 JWT가 없거나 유효하지 않은 경우 미인증으로 처리됨.

이 filter를 SecurityFilterChain에 등록하려면 Spring Security 설정 클래스에 다음과 같이 적용하면 된다. 


 @Configuration
 @EnableWebSecurity
 @RequiredArgsConstructor
 public class SecurityConfig {

     // ...
     private final DefaultJwtAuthenticationFilter defaultJwtAuthenticationFilter;

     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity)
         throws Exception
     {
         httpSecurity

             // ...

             .addFilterBefore(
                 defaultJwtAuthenticationFilter,
                 UsernamePasswordAuthenticationFilter.class
             )

             // ...

         return httpSecurity.build();
     }

     // ...
 }

  • Field Summary

    Fields inherited from class org.springframework.web.filter.OncePerRequestFilter

    ALREADY_FILTERED_SUFFIX

    Fields inherited from class org.springframework.web.filter.GenericFilterBean

    logger

  • Constructor Summary

    Constructors
    Constructor
    Description
    DefaultJwtAuthenticationFilter()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain)
     

    Methods inherited from class org.springframework.web.filter.OncePerRequestFilter

    doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatch

    Methods inherited from class org.springframework.web.filter.GenericFilterBean

    addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • DefaultJwtAuthenticationFilter

      public DefaultJwtAuthenticationFilter()

  • Method Details

    • doFilterInternal

      protected void doFilterInternal(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, jakarta.servlet.FilterChain filterChain) throws jakarta.servlet.ServletException, IOException
      Specified by:
      doFilterInternal in class org.springframework.web.filter.OncePerRequestFilter
      Throws:
      jakarta.servlet.ServletException
      IOException