feat: JwtAccessDeniedHandler, JwtAuthenticationEntryPoint 구현 및 적용 (#4)

src/main/java/com/project/mapdagu/config/SecurityConfig.java

@@ -9,6 +9,8 @@
 import com.project.mapdagu.domain.oauth2.handler.OAuth2LoginFailureHandler;
 import com.project.mapdagu.domain.oauth2.handler.OAuth2LoginSuccessHandler;
 import com.project.mapdagu.domain.oauth2.service.CustomOAuth2UserService;
+import com.project.mapdagu.jwt.JwtAccessDeniedHandler;
+import com.project.mapdagu.jwt.JwtAuthenticationEntryPoint;
 import com.project.mapdagu.jwt.filter.JwtAuthenticationProcessingFilter;
 import com.project.mapdagu.jwt.service.JwtService;
 import com.project.mapdagu.util.RedisUtil;
@@ -41,6 +43,8 @@ public class SecurityConfig {
     private final MemberRepository memberRepository;
     private final ObjectMapper objectMapper;
     private final LoginService loginService;
+    private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
+    private final JwtAccessDeniedHandler jwtAccessDeniedHandler;
     private final OAuth2LoginSuccessHandler oAuth2LoginSuccessHandler;
     private final OAuth2LoginFailureHandler oAuth2LoginFailureHandler;
     private final CustomOAuth2UserService customOauth2UserService;
@@ -76,7 +80,9 @@ public SecurityFilterChain filterChain(HttpSecurity http, HandlerMappingIntrospe
                         .failureHandler(oAuth2LoginFailureHandler)
                         .userInfoEndpoint(userInfoEndPoint -> userInfoEndPoint.userService(customOauth2UserService)))
                 .addFilterAfter(customJsonUsernamePasswordAuthenticationFilter(), LogoutFilter.class)
-                .addFilterBefore(jwtAuthenticationProcessingFilter(), CustomJsonAuthenticationFilter.class);
+                .addFilterBefore(jwtAuthenticationProcessingFilter(), CustomJsonAuthenticationFilter.class)
+                .exceptionHandling(exception -> exception.accessDeniedHandler(jwtAccessDeniedHandler)
+                        .authenticationEntryPoint(jwtAuthenticationEntryPoint));
 
         return http.build();
     }

src/main/java/com/project/mapdagu/jwt/JwtAccessDeniedHandler.java

@@ -0,0 +1,25 @@
+package com.project.mapdagu.jwt;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+/**
+ * 필요한 권한이 존재하지 않는 경우에 403 Forbidden 에러를 리턴
+ */
+@Slf4j
+@Component
+public class JwtAccessDeniedHandler implements AccessDeniedHandler {
+
+    @Override
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException {
+        //필요한 권한이 없이 접근하려 할때 403
+        log.info("허가 받지 않은 사용자의 접근입니다.");
+        response.sendError(HttpServletResponse.SC_FORBIDDEN);
+    }
+}

src/main/java/com/project/mapdagu/jwt/JwtAuthenticationEntryPoint.java

@@ -0,0 +1,26 @@
+package com.project.mapdagu.jwt;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+/**
+ * 유효한 자격 증명을 제공하지 않고 접근하려 할 때, 401 UnAuthorized 에러를 리턴
+ */
+@Slf4j
+@Component
+public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint {
+
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response,
+                         AuthenticationException authException) throws IOException, ServletException {
+        log.info("인증되지 않은 요청입니다.");
+        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+    }
+}