fix: swagger 토큰 삽입 문제 수정 (#58)

Author: kimday0326

src/main/java/com/sponus/sponusbe/auth/annotation/AuthOrganizationArgumentResolver.java

@@ -9,6 +9,8 @@
 import org.springframework.web.method.support.HandlerMethodArgumentResolver;
 import org.springframework.web.method.support.ModelAndViewContainer;
 
+import com.sponus.sponusbe.auth.jwt.exception.SecurityCustomException;
+import com.sponus.sponusbe.auth.jwt.exception.SecurityErrorCode;
 import com.sponus.sponusbe.auth.user.CustomUserDetails;
 import com.sponus.sponusbe.domain.organization.entity.Organization;
 import com.sponus.sponusbe.domain.organization.exception.OrganizationErrorCode;
@@ -36,12 +38,16 @@ public boolean supportsParameter(MethodParameter parameter) {
 	@Override
 	public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
 		NativeWebRequest webRequest, WebDataBinderFactory binderFactory) {
-		// TODO : Access Token 없는 경우 처리
-		CustomUserDetails userDetails = (CustomUserDetails)SecurityContextHolder.getContext()
+		Object userDetails = SecurityContextHolder.getContext()
 			.getAuthentication()
 			.getPrincipal();
 
-		return organizationRepository.findById(userDetails.getId())
+		if (userDetails instanceof String) {
+			log.error("userDetails is String");
+			throw new SecurityCustomException(SecurityErrorCode.TOKEN_NOT_FOUND);
+		}
+
+		return organizationRepository.findById(((CustomUserDetails)userDetails).getId())
 			.orElseThrow(() -> new OrganizationException(OrganizationErrorCode.ORGANIZATION_NOT_FOUND));
 	}
 }

src/main/java/com/sponus/sponusbe/global/config/SecurityConfig.java

@@ -78,8 +78,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		http
 			.authorizeHttpRequests(auth -> auth
 				.requestMatchers(allowedUrls).permitAll()
-				.requestMatchers("/**").permitAll()
-				.anyRequest().authenticated()
+				.requestMatchers("/**").authenticated()
+				.anyRequest().permitAll()
 			);
 
 		// Jwt Filter (with login)

src/main/java/com/sponus/sponusbe/global/config/SwaggerConfig.java

@@ -7,19 +7,23 @@
 import io.swagger.v3.oas.models.OpenAPI;
 import io.swagger.v3.oas.models.info.Info;
 import io.swagger.v3.oas.models.info.License;
+import io.swagger.v3.oas.models.security.SecurityRequirement;
 import io.swagger.v3.oas.models.security.SecurityScheme;
 import io.swagger.v3.oas.models.servers.Server;
 
 @Configuration
 public class SwaggerConfig {
 	// url : http://localhost:8080/swagger-ui/index.html#/
+	private static final String SECURITY_SCHEME_NAME = "bearerAuth";
+
 	@Bean
-	public OpenAPI getOpenApi() {
+	public OpenAPI api() {
 		Server server = new Server().url("/");
 
 		return new OpenAPI()
-			.info(getSwaggerInfo())
+			.addSecurityItem(new SecurityRequirement().addList(SECURITY_SCHEME_NAME))
 			.components(authSetting())
+			.info(getSwaggerInfo())
 			.addServersItem(server);
 	}
 
@@ -35,23 +39,31 @@ private Info getSwaggerInfo() {
 	}
 
 	private Components authSetting() {
+
 		return new Components()
-			.addSecuritySchemes(
-				"access-token",
-				new SecurityScheme()
-					.type(SecurityScheme.Type.HTTP)
-					.scheme("bearer")
-					.bearerFormat("JWT")
-					.in(SecurityScheme.In.HEADER)
-					.name("Authorization"))
-			.addSecuritySchemes(
-				"refresh-token",
+			.addSecuritySchemes(SECURITY_SCHEME_NAME,
 				new SecurityScheme()
+					.name(SECURITY_SCHEME_NAME)
 					.type(SecurityScheme.Type.HTTP)
 					.scheme("bearer")
-					.bearerFormat("JWT")
-					.in(SecurityScheme.In.HEADER)
-					.name("refreshToken"));
+					.bearerFormat("JWT"));
+		// return new Components()
+		// 	.addSecuritySchemes(
+		// 		"access-token",
+		// 		new SecurityScheme()
+		// 			.type(SecurityScheme.Type.HTTP)
+		// 			.scheme("Bearer")
+		// 			.bearerFormat("JWT")
+		// 			.in(SecurityScheme.In.HEADER)
+		// 			.name("Authorization"))
+		// 	.addSecuritySchemes(
+		// 		"refresh-token",
+		// 		new SecurityScheme()
+		// 			.type(SecurityScheme.Type.HTTP)
+		// 			.scheme("Bearer")
+		// 			.bearerFormat("JWT")
+		// 			.in(SecurityScheme.In.HEADER)
+		// 			.name("refreshToken"));
 	}
 }