📝 added oauth2clearingfilter

wafflestudio · Jan 22, 2025 · b501a8b · b501a8b
1 parent 3414498
commit b501a8b
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/src/main/kotlin/com/toyProject7/karrot/SecurityConfig.kt b/src/main/kotlin/com/toyProject7/karrot/SecurityConfig.kt
@@ -1,6 +1,7 @@
 package com.toyProject7.karrot
 
 import com.toyProject7.karrot.security.JwtAuthenticationFilter
+import com.toyProject7.karrot.security.OAuth2AuthenticationClearingFilter
 import com.toyProject7.karrot.security.SecurityConstants
 import com.toyProject7.karrot.socialLogin.handler.CustomAuthenticationSuccessHandler
 import com.toyProject7.karrot.socialLogin.service.SocialLoginUserService
@@ -9,7 +10,6 @@ import org.springframework.context.annotation.Configuration
 import org.springframework.http.HttpStatus
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.HttpStatusEntryPoint
 import org.springframework.web.cors.CorsConfiguration
@@ -51,7 +51,7 @@ class SecurityConfig(
                     }
                     .successHandler(customAuthenticationSuccessHandler)
             }
-            .addFilterBefore(jwtAuthenticationFilter, OAuth2LoginAuthenticationFilter::class.java)
+            .addFilterBefore(OAuth2AuthenticationClearingFilter(), JwtAuthenticationFilter::class.java)
             .build()
     }
 

diff --git a/src/main/kotlin/com/toyProject7/karrot/security/OAuth2AuthenticationClearingFilter.kt b/src/main/kotlin/com/toyProject7/karrot/security/OAuth2AuthenticationClearingFilter.kt
@@ -0,0 +1,23 @@
+package com.toyProject7.karrot.security
+
+import jakarta.servlet.FilterChain
+import jakarta.servlet.http.HttpServletRequest
+import jakarta.servlet.http.HttpServletResponse
+import org.springframework.security.core.context.SecurityContextHolder
+import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken
+import org.springframework.web.filter.OncePerRequestFilter
+
+class OAuth2AuthenticationClearingFilter : OncePerRequestFilter() {
+    override fun doFilterInternal(
+        request: HttpServletRequest,
+        response: HttpServletResponse,
+        filterChain: FilterChain,
+    ) {
+        val existingAuth = SecurityContextHolder.getContext().authentication
+        if (existingAuth is OAuth2AuthenticationToken) {
+            logger.debug("Clearing OAuth2AuthenticationToken for request: ${request.requestURI}")
+            SecurityContextHolder.clearContext()
+        }
+        filterChain.doFilter(request, response)
+    }
+}