Skip to content

CLAP-329 토큰 재발급 엔드포인트에 대해 액세스 토큰 검증을 하지 않도록 수정 #414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
joowojr merged 2 commits into from
Feb 7, 2025
Merged

CLAP-329 토큰 재발급 엔드포인트에 대해 액세스 토큰 검증을 하지 않도록 수정 #414

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3981c5d
CLAP-329 Feat: 토큰 재발급 엔드포인트에 대해 액세스 토큰 검증을 하지 않도록 수정
joowojr Feb 7, 2025
3f153a7
CLAP-324 Feat: 토큰 재발급 엔드포인트에 대해 액세스 토큰 검증을 하지 않도록 수정
joowojr Feb 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions src/main/java/clap/server/adapter/inbound/security/filter/JwtAuthenticationFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
SWAGGER_ENDPOINTS
).flatMap(Arrays::stream).toArray(String[]::new);

public static final String[] ANONYMOUS_ENDPOINTS = {LOGIN_ENDPOINT, REISSUANCE_ENDPOINT, PASSWORD_EMAIL_ENDPOINT};
public static final String[] ANONYMOUS_ENDPOINTS = {LOGIN_ENDPOINT, PASSWORD_EMAIL_ENDPOINT};

@Override
protected void doFilterInternal(
Expand All @@ -58,7 +58,6 @@ protected void doFilterInternal(
@NotNull FilterChain filterChain
) throws ServletException, IOException {
try {

if (isAnonymousRequest(request)) {
filterChain.doFilter(request, response);
return;
Expand All @@ -76,10 +75,11 @@ protected void doFilterInternal(
}

private boolean isAnonymousRequest(HttpServletRequest request) {
String requestUri = request.getRequestURI();
boolean isAnonymousURI = Arrays.stream(ANONYMOUS_ENDPOINTS)
.anyMatch(endpoint -> new AntPathMatcher().match(endpoint, request.getRequestURI()));
.anyMatch(endpoint -> new AntPathMatcher().match(endpoint, requestUri));
boolean isAnonymous = request.getHeader(HttpHeaders.AUTHORIZATION) == null;
return isAnonymousURI && isAnonymous;
return (isAnonymousURI && isAnonymous) || requestUri.equals(REISSUANCE_ENDPOINT);
}

@Override
Expand Down