spring boot로 jwt인증관련 질문이요 ㅠㅠ
현재 개인프로젝트 간단하게 게시판 진행중인데 jwt인증 하고 있는데 chat-gpt도움받아가면서 하고
저도 jwt나름 공부하고 로직도 이해했는데 잘안되네요
백엔드쪽은 거이 작성하고 이제 프론트쪽에서 회원가입하고 이제 로그인 하려고
첫번째 ajax에서 jwt 로그인 인증 성공후 그다음 첫번쨰 ajax success안에 한번더 ajax를 작성해서
/api/dashboard로 보내려고 하는데 403뜨면서 권한오류가 발생하네요
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
근데 이부분을 제거하면 잘되더라구 아마 STATELESS 관해 처리를 잘못하는것 같아요
$(document).ready(function() {
$('#loginForm').submit(function(event) {
event.preventDefault();
var formData = {
email: $('#email').val(),
password: $('#password').val()
};
$.ajax({
type: "POST",
url: "/api/auth/login",
contentType: "application/json",
data: JSON.stringify(formData),
success: function(response) {
// Redirect or handle login success
console.log("Login successful:", response);
sessionStorage.setItem('jwt', response);
$.ajax({
type: "GET",
url: "/api/dashboard",
contentType: "application/json",
beforeSend: function(xhr) {
const token = sessionStorage.getItem('jwt');
if (token) {
xhr.setRequestHeader("Authorization", "Bearer " + token);
} else {
console.error("JWT 토큰이 없습니다!");
}
},
success: function(response) {
sessionStorage.setItem('jwt', response);
window.location.href = '/api/dashboard';
},
error: function(xhr, status, error) {
console.error("Access to dashboard failed:", xhr.responseText);
}
});
},
error: function(xhr, status, error) {
console.error("Login failed:", xhr.responseText);
}
});
});
});
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/js/**", "/css/**", "/images/**").permitAll()
.antMatchers("/api/auth/**").permitAll()
.antMatchers("/api/users/register").permitAll()
.antMatchers("/api/dashboard/**").hasAuthority("ROLE_USER")
.anyRequest().authenticated()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
return http.build();
}
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
try {
System.out.println("Authorization headeraaaaaaaa: " + request.getHeader("Authorization"));
String jwt = getJwtFromRequest(request);
if (jwt != null && tokenProvider.validateToken(jwt)) {
String email = tokenProvider.getUsernameFromJWT(jwt);
UserDetails userDetails = userDetailsService.loadUserByUsername(email);
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authentication);
}
} catch (Exception ex) {
logger.error("Could not set user authentication in security context", ex);
}
filterChain.doFilter(request, response);
}