DRAW-392 fix: 401 에러 발생 처리 하기

app/api/src/main/kotlin/com/xorker/draw/exception/ApiExceptionHandler.kt

@@ -5,6 +5,7 @@ import org.springframework.core.Ordered
 import org.springframework.core.annotation.Order
 import org.springframework.http.HttpStatus
 import org.springframework.http.ResponseEntity
+import org.springframework.security.core.AuthenticationException
 import org.springframework.validation.BindException
 import org.springframework.web.HttpRequestMethodNotSupportedException
 import org.springframework.web.bind.MethodArgumentNotValidException
@@ -21,6 +22,16 @@ class ApiExceptionHandler(
 ) {
     private val log = logger()
 
+    @ExceptionHandler(AuthenticationException::class)
+    protected fun handleException(ex: AuthenticationException): ExceptionResponseEntity {
+        return handleException(UnAuthenticationException)
+    }
+
+    @ExceptionHandler(AccessDeniedException::class)
+    protected fun handleException(ex: AccessDeniedException): ExceptionResponseEntity {
+        return handleException(UnAuthorizedException)
+    }
+
     @ExceptionHandler(HttpRequestMethodNotSupportedException::class)
     protected fun handleException(ex: HttpRequestMethodNotSupportedException): ExceptionResponseEntity {
         log.warn(ex.message, ex)

app/api/src/main/kotlin/com/xorker/draw/room/RoomController.kt

@@ -6,6 +6,7 @@ import com.xorker.draw.support.auth.PrincipalUser
 import io.swagger.v3.oas.annotations.Operation
 import io.swagger.v3.oas.annotations.Parameter
 import io.swagger.v3.oas.annotations.tags.Tag
+import org.springframework.security.access.prepost.PreAuthorize
 import org.springframework.web.bind.annotation.GetMapping
 import org.springframework.web.bind.annotation.RestController
 
@@ -17,6 +18,7 @@ class RoomController(
 
     @Operation(summary = "현재 참여 중인 방 정보")
     @GetMapping("/api/v1/playing-room")
+    @PreAuthorize("isAuthenticated()")
     fun getPlayingRoom(
         @Parameter(hidden = true) user: PrincipalUser,
     ): PlayingRoomResponse {

app/support/auth/build.gradle.kts

@@ -8,7 +8,7 @@ dependencies {
     implementation(project(":core"))
 
     implementation("org.springframework.boot:spring-boot-starter-web:${Versions.SPRING_BOOT}")
-    implementation("org.springframework.boot:spring-boot-starter-security:${Versions.SPRING_BOOT}")
+    api("org.springframework.boot:spring-boot-starter-security:${Versions.SPRING_BOOT}")
 }
 
 tasks {

app/support/auth/src/main/kotlin/com/xorker/draw/support/auth/PrincipalUserArgumentResolver.kt

@@ -23,8 +23,8 @@ internal class PrincipalUserArgumentResolver : HandlerMethodArgumentResolver {
         @Nullable binderFactory: WebDataBinderFactory?,
     ): PrincipalUser? {
         val principal = SecurityContextHolder.getContext()
-            .authentication
-            .principal as? UserId
+            ?.authentication
+            ?.principal as? UserId
             ?: return null
         return PrincipalUser(principal)
     }

app/support/auth/src/main/kotlin/com/xorker/draw/support/auth/security/SecurityConfig.kt

@@ -9,9 +9,9 @@ import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
 
-@EnableMethodSecurity
 @EnableWebSecurity
 @Configuration
+@EnableMethodSecurity(prePostEnabled = true)
 internal class SecurityConfig {
     @Bean
     fun filterChain(

app/support/auth/src/main/kotlin/com/xorker/draw/support/auth/security/TokenAuthenticationFilter.kt

@@ -32,7 +32,7 @@ internal class TokenAuthenticationFilter(
 
     private fun getAccessToken(request: HttpServletRequest): String? {
         val accessToken = request.getHeader(HEADER_AUTHORIZATION)
-        if (accessToken.isNullOrBlank().not() && accessToken.startsWith(HEADER_BEARER)) {
+        if (accessToken.isNullOrBlank().not() && accessToken.lowercase().startsWith(HEADER_BEARER)) {
             return accessToken.substring(HEADER_BEARER.length)
         }
         return null