diff --git a/src/main/java/com/kamco/cd/kamcoback/auth/CustomUserDetails.java b/src/main/java/com/kamco/cd/kamcoback/auth/CustomUserDetails.java index 8efb073a..54802e13 100644 --- a/src/main/java/com/kamco/cd/kamcoback/auth/CustomUserDetails.java +++ b/src/main/java/com/kamco/cd/kamcoback/auth/CustomUserDetails.java @@ -2,8 +2,9 @@ package com.kamco.cd.kamcoback.auth; import com.kamco.cd.kamcoback.postgres.entity.MemberEntity; import java.util.Collection; -import java.util.Collections; +import java.util.List; import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; public class CustomUserDetails implements UserDetails { @@ -16,7 +17,7 @@ public class CustomUserDetails implements UserDetails { @Override public Collection getAuthorities() { - return Collections.emptyList(); + return List.of(new SimpleGrantedAuthority("ROLE_" + member.getUserRole())); } @Override diff --git a/src/main/java/com/kamco/cd/kamcoback/common/enums/RoleType.java b/src/main/java/com/kamco/cd/kamcoback/common/enums/RoleType.java index 58d0c15e..1aeb0269 100644 --- a/src/main/java/com/kamco/cd/kamcoback/common/enums/RoleType.java +++ b/src/main/java/com/kamco/cd/kamcoback/common/enums/RoleType.java @@ -7,9 +7,9 @@ import lombok.Getter; @Getter @AllArgsConstructor public enum RoleType implements EnumType { - ROLE_ADMIN("관리자"), - ROLE_LABELER("라벨러"), - ROLE_REVIEWER("검수자"); + ADMIN("관리자"), + LABELER("라벨러"), + REVIEWER("검수자"); private final String desc; diff --git a/src/main/java/com/kamco/cd/kamcoback/config/GlobalExceptionHandler.java b/src/main/java/com/kamco/cd/kamcoback/config/GlobalExceptionHandler.java index 409e8ca4..bc7cdb74 100644 --- a/src/main/java/com/kamco/cd/kamcoback/config/GlobalExceptionHandler.java +++ b/src/main/java/com/kamco/cd/kamcoback/config/GlobalExceptionHandler.java @@ -45,197 +45,197 @@ public class GlobalExceptionHandler { @ResponseStatus(HttpStatus.UNPROCESSABLE_ENTITY) @ExceptionHandler(EntityNotFoundException.class) public ApiResponseDto handlerEntityNotFoundException( - EntityNotFoundException e, HttpServletRequest request) { + EntityNotFoundException e, HttpServletRequest request) { log.warn("[EntityNotFoundException] resource :{} ", e.getMessage()); String codeName = "NOT_FOUND_DATA"; ErrorLogEntity errorLog = - saveErrorLogData( - request, - ApiResponseCode.getCode(codeName), - HttpStatus.valueOf("UNPROCESSABLE_ENTITY"), - ErrorLogDto.LogErrorLevel.WARNING, - e.getStackTrace()); + saveErrorLogData( + request, + ApiResponseCode.getCode(codeName), + HttpStatus.valueOf("UNPROCESSABLE_ENTITY"), + ErrorLogDto.LogErrorLevel.WARNING, + e.getStackTrace()); return ApiResponseDto.createException( - ApiResponseCode.getCode(codeName), - ApiResponseCode.getMessage(codeName), - HttpStatus.valueOf("UNPROCESSABLE_ENTITY"), - errorLog.getId()); + ApiResponseCode.getCode(codeName), + ApiResponseCode.getMessage(codeName), + HttpStatus.valueOf("UNPROCESSABLE_ENTITY"), + errorLog.getId()); } @ResponseStatus(HttpStatus.BAD_REQUEST) @ExceptionHandler(HttpMessageNotReadableException.class) public ApiResponseDto handleUnreadable( - HttpMessageNotReadableException e, HttpServletRequest request) { + HttpMessageNotReadableException e, HttpServletRequest request) { log.warn("[HttpMessageNotReadableException] resource :{} ", e.getMessage()); String codeName = "BAD_REQUEST"; ErrorLogEntity errorLog = - saveErrorLogData( - request, - ApiResponseCode.getCode(codeName), - HttpStatus.valueOf(codeName), - ErrorLogDto.LogErrorLevel.WARNING, - e.getStackTrace()); + saveErrorLogData( + request, + ApiResponseCode.getCode(codeName), + HttpStatus.valueOf(codeName), + ErrorLogDto.LogErrorLevel.WARNING, + e.getStackTrace()); return ApiResponseDto.createException( - ApiResponseCode.getCode(codeName), - ApiResponseCode.getMessage(codeName), - HttpStatus.valueOf(codeName), - errorLog.getId()); + ApiResponseCode.getCode(codeName), + ApiResponseCode.getMessage(codeName), + HttpStatus.valueOf(codeName), + errorLog.getId()); } @ResponseStatus(HttpStatus.NOT_FOUND) @ExceptionHandler(NoSuchElementException.class) public ApiResponseDto handlerNoSuchElementException( - NoSuchElementException e, HttpServletRequest request) { + NoSuchElementException e, HttpServletRequest request) { log.warn("[NoSuchElementException] resource :{} ", e.getMessage()); String codeName = "NOT_FOUND_DATA"; ErrorLogEntity errorLog = - saveErrorLogData( - request, - ApiResponseCode.getCode(codeName), - HttpStatus.valueOf(codeName), - ErrorLogDto.LogErrorLevel.WARNING, - e.getStackTrace()); + saveErrorLogData( + request, + ApiResponseCode.getCode(codeName), + HttpStatus.valueOf(codeName), + ErrorLogDto.LogErrorLevel.WARNING, + e.getStackTrace()); return ApiResponseDto.createException( - ApiResponseCode.getCode(codeName), - ApiResponseCode.getMessage(codeName), - HttpStatus.valueOf("NOT_FOUND"), - errorLog.getId()); + ApiResponseCode.getCode(codeName), + ApiResponseCode.getMessage(codeName), + HttpStatus.valueOf("NOT_FOUND"), + errorLog.getId()); } @ResponseStatus(HttpStatus.BAD_REQUEST) @ExceptionHandler(IllegalArgumentException.class) public ApiResponseDto handlerIllegalArgumentException( - IllegalArgumentException e, HttpServletRequest request) { + IllegalArgumentException e, HttpServletRequest request) { log.warn("[handlerIllegalArgumentException] resource :{} ", e.getMessage()); String codeName = "BAD_REQUEST"; ErrorLogEntity errorLog = - saveErrorLogData( - request, - ApiResponseCode.getCode(codeName), - HttpStatus.valueOf(codeName), - ErrorLogDto.LogErrorLevel.WARNING, - e.getStackTrace()); + saveErrorLogData( + request, + ApiResponseCode.getCode(codeName), + HttpStatus.valueOf(codeName), + ErrorLogDto.LogErrorLevel.WARNING, + e.getStackTrace()); return ApiResponseDto.createException( - ApiResponseCode.getCode(codeName), - ApiResponseCode.getMessage(codeName), - HttpStatus.valueOf(codeName), - errorLog.getId()); + ApiResponseCode.getCode(codeName), + ApiResponseCode.getMessage(codeName), + HttpStatus.valueOf(codeName), + errorLog.getId()); } @ResponseStatus(HttpStatus.UNPROCESSABLE_ENTITY) @ExceptionHandler(DataIntegrityViolationException.class) public ApiResponseDto handlerDataIntegrityViolationException( - DataIntegrityViolationException e, HttpServletRequest request) { + DataIntegrityViolationException e, HttpServletRequest request) { log.warn("[DataIntegrityViolationException] resource :{} ", e.getMessage()); String codeName = "DATA_INTEGRITY_ERROR"; ErrorLogEntity errorLog = - saveErrorLogData( - request, - ApiResponseCode.getCode(codeName), - HttpStatus.valueOf("UNPROCESSABLE_ENTITY"), - ErrorLogDto.LogErrorLevel.CRITICAL, - e.getStackTrace()); + saveErrorLogData( + request, + ApiResponseCode.getCode(codeName), + HttpStatus.valueOf("UNPROCESSABLE_ENTITY"), + ErrorLogDto.LogErrorLevel.CRITICAL, + e.getStackTrace()); return ApiResponseDto.createException( - ApiResponseCode.getCode(codeName), - ApiResponseCode.getMessage(codeName), - HttpStatus.valueOf("UNPROCESSABLE_ENTITY"), - errorLog.getId()); + ApiResponseCode.getCode(codeName), + ApiResponseCode.getMessage(codeName), + HttpStatus.valueOf("UNPROCESSABLE_ENTITY"), + errorLog.getId()); } @ResponseStatus(HttpStatus.BAD_REQUEST) @ExceptionHandler(MethodArgumentNotValidException.class) public ApiResponseDto handlerMethodArgumentNotValidException( - MethodArgumentNotValidException e, HttpServletRequest request) { + MethodArgumentNotValidException e, HttpServletRequest request) { log.warn("[MethodArgumentNotValidException] resource :{} ", e.getMessage()); String codeName = "BAD_REQUEST"; ErrorLogEntity errorLog = - saveErrorLogData( - request, - ApiResponseCode.getCode(codeName), - HttpStatus.valueOf(codeName), - ErrorLogDto.LogErrorLevel.WARNING, - e.getStackTrace()); + saveErrorLogData( + request, + ApiResponseCode.getCode(codeName), + HttpStatus.valueOf(codeName), + ErrorLogDto.LogErrorLevel.WARNING, + e.getStackTrace()); return ApiResponseDto.createException( - ApiResponseCode.getCode(codeName), - ApiResponseCode.getMessage(codeName), - HttpStatus.valueOf(codeName), - errorLog.getId()); + ApiResponseCode.getCode(codeName), + ApiResponseCode.getMessage(codeName), + HttpStatus.valueOf(codeName), + errorLog.getId()); } @ResponseStatus(HttpStatus.FORBIDDEN) @ExceptionHandler(AccessDeniedException.class) public ApiResponseDto handlerAccessDeniedException( - AccessDeniedException e, HttpServletRequest request) { + AccessDeniedException e, HttpServletRequest request) { log.warn("[AccessDeniedException] resource :{} ", e.getMessage()); String codeName = "FORBIDDEN"; ErrorLogEntity errorLog = - saveErrorLogData( - request, - ApiResponseCode.getCode(codeName), - HttpStatus.valueOf(codeName), - ErrorLogDto.LogErrorLevel.ERROR, - e.getStackTrace()); + saveErrorLogData( + request, + ApiResponseCode.getCode(codeName), + HttpStatus.valueOf(codeName), + ErrorLogDto.LogErrorLevel.ERROR, + e.getStackTrace()); return ApiResponseDto.createException( - ApiResponseCode.getCode(codeName), - ApiResponseCode.getMessage(codeName), - HttpStatus.valueOf(codeName), - errorLog.getId()); + ApiResponseCode.getCode(codeName), + ApiResponseCode.getMessage(codeName), + HttpStatus.valueOf(codeName), + errorLog.getId()); } @ResponseStatus(HttpStatus.BAD_GATEWAY) @ExceptionHandler(HttpServerErrorException.BadGateway.class) public ApiResponseDto handlerHttpServerErrorException( - HttpServerErrorException e, HttpServletRequest request) { + HttpServerErrorException e, HttpServletRequest request) { log.warn("[HttpServerErrorException] resource :{} ", e.getMessage()); String codeName = "BAD_GATEWAY"; ErrorLogEntity errorLog = - saveErrorLogData( - request, - ApiResponseCode.getCode(codeName), - HttpStatus.valueOf(codeName), - ErrorLogDto.LogErrorLevel.CRITICAL, - e.getStackTrace()); + saveErrorLogData( + request, + ApiResponseCode.getCode(codeName), + HttpStatus.valueOf(codeName), + ErrorLogDto.LogErrorLevel.CRITICAL, + e.getStackTrace()); return ApiResponseDto.createException( - ApiResponseCode.getCode(codeName), - ApiResponseCode.getMessage(codeName), - HttpStatus.valueOf(codeName), - errorLog.getId()); + ApiResponseCode.getCode(codeName), + ApiResponseCode.getMessage(codeName), + HttpStatus.valueOf(codeName), + errorLog.getId()); } @ResponseStatus(HttpStatus.UNPROCESSABLE_ENTITY) @ExceptionHandler(IllegalStateException.class) public ApiResponseDto handlerIllegalStateException( - IllegalStateException e, HttpServletRequest request) { + IllegalStateException e, HttpServletRequest request) { log.warn("[IllegalStateException] resource :{} ", e.getMessage()); String codeName = "UNPROCESSABLE_ENTITY"; ErrorLogEntity errorLog = - saveErrorLogData( - request, - ApiResponseCode.getCode(codeName), - HttpStatus.valueOf(codeName), - ErrorLogDto.LogErrorLevel.WARNING, - e.getStackTrace()); + saveErrorLogData( + request, + ApiResponseCode.getCode(codeName), + HttpStatus.valueOf(codeName), + ErrorLogDto.LogErrorLevel.WARNING, + e.getStackTrace()); return ApiResponseDto.createException( - ApiResponseCode.getCode(codeName), - ApiResponseCode.getMessage(codeName), - HttpStatus.valueOf(codeName), - errorLog.getId()); + ApiResponseCode.getCode(codeName), + ApiResponseCode.getMessage(codeName), + HttpStatus.valueOf(codeName), + errorLog.getId()); } @ResponseStatus(HttpStatus.BAD_REQUEST) @ExceptionHandler(MemberException.DuplicateMemberException.class) public ApiResponseDto handlerDuplicateMemberException( - MemberException.DuplicateMemberException e, HttpServletRequest request) { + MemberException.DuplicateMemberException e, HttpServletRequest request) { log.warn("[DuplicateMemberException] resource :{} ", e.getMessage()); String codeName = ""; @@ -250,112 +250,112 @@ public class GlobalExceptionHandler { } ErrorLogEntity errorLog = - saveErrorLogData( - request, - ApiResponseCode.getCode(codeName), - HttpStatus.valueOf("BAD_REQUEST"), - ErrorLogDto.LogErrorLevel.WARNING, - e.getStackTrace()); + saveErrorLogData( + request, + ApiResponseCode.getCode(codeName), + HttpStatus.valueOf("BAD_REQUEST"), + ErrorLogDto.LogErrorLevel.WARNING, + e.getStackTrace()); return ApiResponseDto.createException( - ApiResponseCode.getCode(codeName), - ApiResponseCode.getMessage(codeName), - HttpStatus.valueOf("BAD_REQUEST"), - errorLog.getId()); + ApiResponseCode.getCode(codeName), + ApiResponseCode.getMessage(codeName), + HttpStatus.valueOf("BAD_REQUEST"), + errorLog.getId()); } @ResponseStatus(HttpStatus.BAD_REQUEST) @ExceptionHandler(MemberException.MemberNotFoundException.class) public ApiResponseDto handlerMemberNotFoundException( - MemberException.MemberNotFoundException e, HttpServletRequest request) { + MemberException.MemberNotFoundException e, HttpServletRequest request) { log.warn("[MemberNotFoundException] resource :{} ", e.getMessage()); String codeName = "NOT_FOUND_USER"; ErrorLogEntity errorLog = - saveErrorLogData( - request, - ApiResponseCode.getCode(codeName), - HttpStatus.valueOf("BAD_REQUEST"), - ErrorLogDto.LogErrorLevel.WARNING, - e.getStackTrace()); + saveErrorLogData( + request, + ApiResponseCode.getCode(codeName), + HttpStatus.valueOf("BAD_REQUEST"), + ErrorLogDto.LogErrorLevel.WARNING, + e.getStackTrace()); return ApiResponseDto.createException( - ApiResponseCode.getCode(codeName), - ApiResponseCode.getMessage(codeName), - HttpStatus.valueOf("BAD_REQUEST"), - errorLog.getId()); + ApiResponseCode.getCode(codeName), + ApiResponseCode.getMessage(codeName), + HttpStatus.valueOf("BAD_REQUEST"), + errorLog.getId()); } @ResponseStatus(HttpStatus.CONFLICT) @ExceptionHandler(DuplicateKeyException.class) public ApiResponseDto handlerDuplicateKeyException( - DuplicateKeyException e, HttpServletRequest request) { + DuplicateKeyException e, HttpServletRequest request) { log.warn("[DuplicateKeyException] resource :{} ", e.getMessage()); String codeName = "DUPLICATE_DATA"; ErrorLogEntity errorLog = - saveErrorLogData( - request, - ApiResponseCode.getCode(codeName), - HttpStatus.valueOf("CONFLICT"), - ErrorLogDto.LogErrorLevel.WARNING, - e.getStackTrace()); + saveErrorLogData( + request, + ApiResponseCode.getCode(codeName), + HttpStatus.valueOf("CONFLICT"), + ErrorLogDto.LogErrorLevel.WARNING, + e.getStackTrace()); return ApiResponseDto.createException( - ApiResponseCode.getCode(codeName), - ApiResponseCode.getMessage(codeName), - HttpStatus.valueOf("CONFLICT"), - errorLog.getId()); + ApiResponseCode.getCode(codeName), + ApiResponseCode.getMessage(codeName), + HttpStatus.valueOf("CONFLICT"), + errorLog.getId()); } @ExceptionHandler(BadCredentialsException.class) public ResponseEntity> handleBadCredentials( - BadCredentialsException e, HttpServletRequest request) { + BadCredentialsException e, HttpServletRequest request) { log.warn("[BadCredentialsException] resource : {} ", e.getMessage()); String codeName = "UNAUTHORIZED"; ErrorLogEntity errorLog = - saveErrorLogData( - request, - ApiResponseCode.getCode(codeName), - HttpStatus.valueOf(codeName), - ErrorLogDto.LogErrorLevel.WARNING, - e.getStackTrace()); + saveErrorLogData( + request, + ApiResponseCode.getCode(codeName), + HttpStatus.valueOf(codeName), + ErrorLogDto.LogErrorLevel.WARNING, + e.getStackTrace()); ApiResponseDto body = - ApiResponseDto.createException( - ApiResponseCode.getCode(codeName), - ApiResponseCode.getMessage(codeName), - HttpStatus.valueOf(codeName), - errorLog.getId()); + ApiResponseDto.createException( + ApiResponseCode.getCode(codeName), + ApiResponseCode.getMessage(codeName), + HttpStatus.valueOf(codeName), + errorLog.getId()); return ResponseEntity.status(HttpStatus.UNAUTHORIZED) // 🔥 여기서 401 지정 - .body(body); + .body(body); } @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR) @ExceptionHandler(RuntimeException.class) public ApiResponseDto handlerRuntimeException( - RuntimeException e, HttpServletRequest request) { + RuntimeException e, HttpServletRequest request) { log.warn("[RuntimeException] resource :{} ", e.getMessage()); String codeName = "INTERNAL_SERVER_ERROR"; ErrorLogEntity errorLog = - saveErrorLogData( - request, - ApiResponseCode.getCode(codeName), - HttpStatus.valueOf(codeName), - ErrorLogDto.LogErrorLevel.CRITICAL, - e.getStackTrace()); + saveErrorLogData( + request, + ApiResponseCode.getCode(codeName), + HttpStatus.valueOf(codeName), + ErrorLogDto.LogErrorLevel.CRITICAL, + e.getStackTrace()); return ApiResponseDto.createException( - ApiResponseCode.getCode(codeName), - ApiResponseCode.getMessage(codeName), - HttpStatus.valueOf(codeName), - errorLog.getId()); + ApiResponseCode.getCode(codeName), + ApiResponseCode.getMessage(codeName), + HttpStatus.valueOf(codeName), + errorLog.getId()); } @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR) @@ -365,36 +365,36 @@ public class GlobalExceptionHandler { String codeName = "INTERNAL_SERVER_ERROR"; ErrorLogEntity errorLog = - saveErrorLogData( - request, - ApiResponseCode.getCode(codeName), - HttpStatus.valueOf(codeName), - ErrorLogDto.LogErrorLevel.CRITICAL, - e.getStackTrace()); + saveErrorLogData( + request, + ApiResponseCode.getCode(codeName), + HttpStatus.valueOf(codeName), + ErrorLogDto.LogErrorLevel.CRITICAL, + e.getStackTrace()); return ApiResponseDto.createException( - ApiResponseCode.getCode(codeName), - ApiResponseCode.getMessage(codeName), - HttpStatus.valueOf(codeName), - errorLog.getId()); + ApiResponseCode.getCode(codeName), + ApiResponseCode.getMessage(codeName), + HttpStatus.valueOf(codeName), + errorLog.getId()); } /** * 에러 로그 테이블 저장 로직 * - * @param request : request - * @param errorCode : 정의된 enum errorCode - * @param httpStatus : HttpStatus 값 + * @param request : request + * @param errorCode : 정의된 enum errorCode + * @param httpStatus : HttpStatus 값 * @param logErrorLevel : WARNING, ERROR, CRITICAL - * @param stackTrace : 에러 내용 + * @param stackTrace : 에러 내용 * @return : insert하고 결과로 받은 Entity */ private ErrorLogEntity saveErrorLogData( - HttpServletRequest request, - ApiResponseCode errorCode, - HttpStatus httpStatus, - ErrorLogDto.LogErrorLevel logErrorLevel, - StackTraceElement[] stackTrace) { + HttpServletRequest request, + ApiResponseCode errorCode, + HttpStatus httpStatus, + ErrorLogDto.LogErrorLevel logErrorLevel, + StackTraceElement[] stackTrace) { Long userid = null; @@ -408,35 +408,35 @@ public class GlobalExceptionHandler { * 만든 CustomUserDetails 타입인가? 체크 */ if (request.getUserPrincipal() instanceof UsernamePasswordAuthenticationToken auth - && auth.getPrincipal() instanceof CustomUserDetails customUserDetails) { + && auth.getPrincipal() instanceof CustomUserDetails customUserDetails) { // audit 에는 long 타입 user_id가 들어가지만 토큰 sub은 uuid여서 user_id 가져오기 userid = customUserDetails.getMember().getId(); } String stackTraceStr = - Arrays.stream(stackTrace) - .map(StackTraceElement::toString) - .collect(Collectors.joining("\n")) - .substring(0, Math.min(stackTrace.length, 255)); + Arrays.stream(stackTrace) + .map(StackTraceElement::toString) + .collect(Collectors.joining("\n")) + .substring(0, Math.min(stackTrace.length, 255)); ErrorLogEntity errorLogEntity = - new ErrorLogEntity( - request.getRequestURI(), - ApiLogFunction.getEventType(request), - logErrorLevel, - String.valueOf(httpStatus.value()), - errorCode.getText(), - stackTraceStr, - userid, - ZonedDateTime.now()); + new ErrorLogEntity( + request.getRequestURI(), + ApiLogFunction.getEventType(request), + logErrorLevel, + String.valueOf(httpStatus.value()), + errorCode.getText(), + stackTraceStr, + userid, + ZonedDateTime.now()); return errorLogRepository.save(errorLogEntity); } @ExceptionHandler(CustomApiException.class) public ResponseEntity> handleCustomApiException( - CustomApiException e, HttpServletRequest request) { + CustomApiException e, HttpServletRequest request) { log.warn("[CustomApiException] resource : {}", e.getMessage()); String codeName = e.getCodeName(); @@ -446,11 +446,11 @@ public class GlobalExceptionHandler { ApiResponseCode apiCode = ApiResponseCode.getCode(codeName); ErrorLogEntity errorLog = - saveErrorLogData( - request, apiCode, status, ErrorLogDto.LogErrorLevel.WARNING, e.getStackTrace()); + saveErrorLogData( + request, apiCode, status, ErrorLogDto.LogErrorLevel.WARNING, e.getStackTrace()); ApiResponseDto body = - ApiResponseDto.createException(apiCode, message, status, errorLog.getId()); + ApiResponseDto.createException(apiCode, message, status, errorLog.getId()); return new ResponseEntity<>(body, status); } diff --git a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java index 2fecb1cd..eca8fcf7 100644 --- a/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java +++ b/src/main/java/com/kamco/cd/kamcoback/config/SecurityConfig.java @@ -42,13 +42,25 @@ public class SecurityConfig { customAuthenticationProvider) // 로그인 패스워드 비교방식 스프링 기본 Provider 사용안함 커스텀 사용 .authorizeHttpRequests( auth -> - auth.requestMatchers(HttpMethod.OPTIONS, "/**") + auth + // ADMIN만 접근 + .requestMatchers("/api/test/admin") + .hasRole("ADMIN") + + // ADMIN, LABELER 접근 + .requestMatchers("/api/test/label") + .hasAnyRole("ADMIN", "LABELER") + + // ADMIN, REVIEWER 접근 + .requestMatchers("/api/test/review") + .hasAnyRole("ADMIN", "REVIEWER") + .requestMatchers(HttpMethod.OPTIONS, "/**") .permitAll() // preflight 허용 .requestMatchers( "/api/auth/signin", "/api/auth/refresh", "/swagger-ui/**", - "/api/members/{memberId}/password", + "/api/members/*/password", "/v3/api-docs/**") .permitAll() .anyRequest() diff --git a/src/main/java/com/kamco/cd/kamcoback/members/dto/MembersDto.java b/src/main/java/com/kamco/cd/kamcoback/members/dto/MembersDto.java index 1142fa6b..1c777896 100644 --- a/src/main/java/com/kamco/cd/kamcoback/members/dto/MembersDto.java +++ b/src/main/java/com/kamco/cd/kamcoback/members/dto/MembersDto.java @@ -32,28 +32,24 @@ public class MembersDto { private String tempPassword; private String status; private String statusName; - @JsonFormatDttm - private ZonedDateTime createdDttm; - @JsonFormatDttm - private ZonedDateTime updatedDttm; - @JsonFormatDttm - private ZonedDateTime firstLoginDttm; - @JsonFormatDttm - private ZonedDateTime lastLoginDttm; + @JsonFormatDttm private ZonedDateTime createdDttm; + @JsonFormatDttm private ZonedDateTime updatedDttm; + @JsonFormatDttm private ZonedDateTime firstLoginDttm; + @JsonFormatDttm private ZonedDateTime lastLoginDttm; public Basic( - Long id, - UUID uuid, - String userRole, - String name, - String userId, - String employeeNo, - String tempPassword, - String status, - ZonedDateTime createdDttm, - ZonedDateTime updatedDttm, - ZonedDateTime firstLoginDttm, - ZonedDateTime lastLoginDttm) { + Long id, + UUID uuid, + String userRole, + String name, + String userId, + String employeeNo, + String tempPassword, + String status, + ZonedDateTime createdDttm, + ZonedDateTime updatedDttm, + ZonedDateTime firstLoginDttm, + ZonedDateTime lastLoginDttm) { this.id = id; this.uuid = uuid; this.userRole = userRole; @@ -87,9 +83,7 @@ public class MembersDto { @AllArgsConstructor public static class SearchReq { - @Schema( - description = "전체, 관리자(ROLE_ADMIN), 라벨러(ROLE_LABELER), 검수자(ROLE_REVIEWER)", - example = "") + @Schema(description = "전체, 관리자(ADMIN), 라벨러(LABELER), 검수자(REVIEWER)", example = "") private String userRole; @Schema(description = "키워드", example = "홍길동") @@ -111,7 +105,7 @@ public class MembersDto { @Setter public static class AddReq { - @Schema(description = "관리자 유형", example = "ROLE_ADMIN") + @Schema(description = "관리자 유형", example = "ADMIN") @NotBlank @Size(max = 50) private String userRole; @@ -133,7 +127,7 @@ public class MembersDto { private String employeeNo; public AddReq( - String userRole, String name, String userId, String tempPassword, String employeeNo) { + String userRole, String name, String userId, String tempPassword, String employeeNo) { this.userRole = userRole; this.name = name; this.userId = userId; diff --git a/src/main/java/com/kamco/cd/kamcoback/test/TestApiController.java b/src/main/java/com/kamco/cd/kamcoback/test/TestApiController.java index ca2dfe53..672bc5f1 100644 --- a/src/main/java/com/kamco/cd/kamcoback/test/TestApiController.java +++ b/src/main/java/com/kamco/cd/kamcoback/test/TestApiController.java @@ -1,5 +1,6 @@ package com.kamco.cd.kamcoback.test; +import com.kamco.cd.kamcoback.config.api.ApiResponseDto; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.media.Content; import io.swagger.v3.oas.annotations.media.Schema; @@ -30,8 +31,8 @@ public class TestApiController { content = @Content(schema = @Schema(implementation = ErrorResponse.class))) }) @GetMapping("/admin") - public String admin() { - return "I am administrator"; + public ApiResponseDto admin() { + return ApiResponseDto.ok("I am administrator"); } @Operation(summary = "label test", description = "label test api") @@ -46,8 +47,8 @@ public class TestApiController { content = @Content(schema = @Schema(implementation = ErrorResponse.class))) }) @GetMapping("/label") - public String label() { - return "Labeling is available."; + public ApiResponseDto label() { + return ApiResponseDto.ok("Labeling is available."); } @Operation(summary = "review test", description = "review test api") @@ -62,7 +63,7 @@ public class TestApiController { content = @Content(schema = @Schema(implementation = ErrorResponse.class))) }) @GetMapping("/review") - public String review() { - return "Review is available."; + public ApiResponseDto review() { + return ApiResponseDto.ok("Review is available."); } }