Feat: 좋아요 권한 분기처리

src/main/java/project/backend/domain/culturalevent/controller/CulturalEventController.java

@@ -5,6 +5,7 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import project.backend.domain.culturalevent.dto.CulturalEventListDto;
 import project.backend.domain.culturalevent.dto.CulturalEventRetrieveDto;
@@ -77,13 +78,15 @@ public ResponseEntity getCulturalEvent(@Positive @PathVariable Long id) {
 
     @ApiOperation(value = "문화생활 좋아요")
     @PostMapping("/{id}/like")
+    @PreAuthorize("isAuthenticated()")
     public ResponseEntity likeCulturalEvent(@Positive @PathVariable Long id) {
         culturalEventService.like(id);
         return ResponseEntity.status(HttpStatus.OK).body(null);
     }
 
     @ApiOperation(value = "문화생활 좋아요 취소")
     @PostMapping("/{id}/unlike")
+    @PreAuthorize("isAuthenticated()")
     public ResponseEntity unLikeCulturalEvent(@Positive @PathVariable Long id) {
         culturalEventService.unLike(id);
         return ResponseEntity.status(HttpStatus.OK).body(null);

src/main/java/project/backend/global/config/AuthenticationConfig.java

@@ -5,21 +5,37 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.access.AccessDeniedHandlerImpl;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import project.backend.domain.jwt.filter.JwtExceptionFilter;
 import project.backend.domain.jwt.filter.JwtFilter;
 
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.AuthenticationEntryPoint;
+
+import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+
 @Configuration
 @EnableWebSecurity
 @RequiredArgsConstructor
+@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class AuthenticationConfig {
 
-
     @Value("${jwt.secret}")
     private String secretKey;
 
@@ -42,12 +58,38 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws
                 .sessionManagement()
                 .sessionCreationPolicy(SessionCreationPolicy.STATELESS) // jwt 사용하는 경우 사용
                 .and()
-                //.authorizeRequests(authorize -> authorize.antMatchers("/api/auth/login", "/swagger-ui/**", "/v3/api-docs", "/swagger-resources/**", "/backoffice/**", "/v3/api-docs/", "/api/tickets", "/api/tickets/**", "/api/categorys", "/api/members").permitAll())
                 .authorizeRequests(authorize -> authorize.anyRequest().permitAll())
-                //.authorizeRequests(authorize -> authorize.anyRequest().authenticated())
+                .exceptionHandling()
+                .accessDeniedHandler(accessDeniedHandler())
+                .authenticationEntryPoint(authenticationEntryPoint())
+                .and()
                 .addFilterBefore(new JwtFilter(secretKey), UsernamePasswordAuthenticationFilter.class)
                 .addFilterBefore(new JwtExceptionFilter(), JwtFilter.class)
-                .build()
-                ;
+                .build();
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    public AccessDeniedHandler accessDeniedHandler() {
+        return new AccessDeniedHandlerImpl() {
+            @Override
+            public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException {
+                response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
+            }
+        };
+    }
+
+    @Bean
+    public AuthenticationEntryPoint authenticationEntryPoint() {
+        return new Http403ForbiddenEntryPoint() {
+            @Override
+            public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException {
+                response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
+            }
+        };
     }
 }

src/main/java/project/backend/global/error/GlobalExceptionHandler.java

@@ -80,10 +80,10 @@ protected ResponseEntity<ErrorResponse> handleBusinessException(final BusinessEx
     }
 
 
-    @ExceptionHandler(Exception.class)
-    protected ResponseEntity<ErrorResponse> handleException(Exception e) {
-        log.error("handleEntityNotFoundException", e);
-        final ErrorResponse response = ErrorResponse.of(ErrorCode.INTERNAL_SERVER_ERROR);
-        return new ResponseEntity<>(response, HttpStatus.INTERNAL_SERVER_ERROR);
-    }
+//    @ExceptionHandler(Exception.class)
+//    protected ResponseEntity<ErrorResponse> handleException(Exception e) {
+//        log.error("handleEntityNotFoundException", e);
+//        final ErrorResponse response = ErrorResponse.of(ErrorCode.INTERNAL_SERVER_ERROR);
+//        return new ResponseEntity<>(response, HttpStatus.INTERNAL_SERVER_ERROR);
+//    }
 }