Konkuk-KUIT · cyLee1111 · Nov 20, 2024
diff --git a/src/main/java/com/kuit/kuit4serverauth/config/WebConfig.java b/src/main/java/com/kuit/kuit4serverauth/config/WebConfig.java
@@ -15,6 +15,8 @@ public WebConfig(AuthInterceptor authInterceptor) {
 
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
-        // TODO /profile, /admin 앞에 붙이기
+        registry.addInterceptor(authInterceptor)
+                .addPathPatterns("/profile", "/admin")
+                .excludePathPatterns("/login");
     }
 }
diff --git a/src/main/java/com/kuit/kuit4serverauth/controller/UserController.java b/src/main/java/com/kuit/kuit4serverauth/controller/UserController.java
@@ -1,23 +1,41 @@
 package com.kuit.kuit4serverauth.controller;
 
+import com.kuit.kuit4serverauth.repository.UserRepository;
+import com.kuit.kuit4serverauth.service.JwtUtil;
+import io.jsonwebtoken.Claims;
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import java.util.Objects;
+
 @RestController
 public class UserController {
+    private final UserRepository userRepository;
+    private final JwtUtil jwtUtil;
+
+    public UserController(UserRepository userRepository, JwtUtil jwtUtil) {
+        this.userRepository = userRepository;
+        this.jwtUtil = jwtUtil;
+    }
 
     @GetMapping("/profile")
     public ResponseEntity<String> getProfile(HttpServletRequest request) {
-        // TODO : 로그인 한 사용자면 username 이용해 "Hello, {username}" 반환하기
+        String username = (String) request.getAttribute("username"); // 인터셉터에서 저장한 username
+        if (username != null) {
+            return ResponseEntity.ok("Hello, " + username);
+        }
         return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Unauthorized");
     }
 
     @GetMapping("/admin")
     public ResponseEntity<String> getAdmin(HttpServletRequest request) {
-        // TODO: role이 admin이면 "Hello, admin" 반환하기
+        String role = (String) request.getAttribute("role");
+        if (Objects.equals(role, "ROLE_ADMIN")) {
+            return ResponseEntity.ok("Hello, admin");
+        }
         return ResponseEntity.status(HttpStatus.FORBIDDEN).body("Forbidden");
     }
 }
diff --git a/src/main/java/com/kuit/kuit4serverauth/service/JwtUtil.java b/src/main/java/com/kuit/kuit4serverauth/service/JwtUtil.java
@@ -5,13 +5,16 @@
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
 import org.springframework.stereotype.Component;
 
+import java.security.Key;
 import java.util.Date;
 
 @Component
 public class JwtUtil {
-    private final String secret = "mysecretkey";
+    //    private final String secret = "mysecretkey";
+    private final Key secret = Keys.secretKeyFor(SignatureAlgorithm.HS256);
     private final long expirationMs = 3600000; // 1 hour
 
     public String generateToken(String username, String role) {