🐛 fix

wafflestudio · Jan 22, 2025 · ce59c19 · ce59c19
1 parent b501a8b
commit ce59c19
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/src/main/kotlin/com/toyProject7/karrot/SecurityConfig.kt b/src/main/kotlin/com/toyProject7/karrot/SecurityConfig.kt
@@ -10,6 +10,7 @@ import org.springframework.context.annotation.Configuration
 import org.springframework.http.HttpStatus
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.HttpStatusEntryPoint
 import org.springframework.web.cors.CorsConfiguration
@@ -22,6 +23,7 @@ class SecurityConfig(
     private val socialLoginUserService: SocialLoginUserService,
     private val customAuthenticationSuccessHandler: CustomAuthenticationSuccessHandler,
     private val jwtAuthenticationFilter: JwtAuthenticationFilter,
+    private val oAuth2AuthenticationClearingFilter: OAuth2AuthenticationClearingFilter,
 ) {
     @Bean
     fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
@@ -38,9 +40,7 @@ class SecurityConfig(
                     ).permitAll()
                     .anyRequest().authenticated()
             }
-            // Disable form login
             .formLogin { formLogin -> formLogin.disable() }
-            // Configure exception handling
             .exceptionHandling { exceptionHandling ->
                 exceptionHandling.authenticationEntryPoint(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
             }
@@ -51,7 +51,9 @@ class SecurityConfig(
                     }
                     .successHandler(customAuthenticationSuccessHandler)
             }
-            .addFilterBefore(OAuth2AuthenticationClearingFilter(), JwtAuthenticationFilter::class.java)
+            // Add filters in correct order
+            .addFilterBefore(oAuth2AuthenticationClearingFilter, JwtAuthenticationFilter::class.java)
+            .addFilterBefore(jwtAuthenticationFilter, OAuth2LoginAuthenticationFilter::class.java)
             .build()
     }
 

diff --git a/src/main/kotlin/com/toyProject7/karrot/security/OAuth2AuthenticationClearingFilter.kt b/src/main/kotlin/com/toyProject7/karrot/security/OAuth2AuthenticationClearingFilter.kt
@@ -4,17 +4,18 @@ import jakarta.servlet.FilterChain
 import jakarta.servlet.http.HttpServletRequest
 import jakarta.servlet.http.HttpServletResponse
 import org.springframework.security.core.context.SecurityContextHolder
-import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken
+import org.springframework.stereotype.Component
 import org.springframework.web.filter.OncePerRequestFilter
 
+@Component
 class OAuth2AuthenticationClearingFilter : OncePerRequestFilter() {
     override fun doFilterInternal(
         request: HttpServletRequest,
         response: HttpServletResponse,
         filterChain: FilterChain,
     ) {
         val existingAuth = SecurityContextHolder.getContext().authentication
-        if (existingAuth is OAuth2AuthenticationToken) {
+        if (existingAuth != null && existingAuth is org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken) {
             logger.debug("Clearing OAuth2AuthenticationToken for request: ${request.requestURI}")
             SecurityContextHolder.clearContext()
         }