Skip to content

Commit

Permalink
refact: token refresh logic
Browse files Browse the repository at this point in the history
  • Loading branch information
@windeer9
windeer9 committed Oct 26, 2023
1 parent 4f419d8 commit bc5fcbd
Showing 1 changed file with 10 additions and 6 deletions.
16 changes: 10 additions & 6 deletions server/src/main/java/com/green/greenearthforus/login/util/UserAuthenticationEntryPoint.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,15 +25,19 @@ public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authenticationException) throws IOException{
Exception exception = (Exception) request.getAttribute("exception");


String jws = "";
String refresh = "";

if(request.getHeader("Authorization") != null && !request.getHeader("Authorization").isEmpty()) {
String jws = request.getHeader("Authorization").replace("Bearer ", "");
jws = request.getHeader("Authorization").replace("Bearer ", "");
String base64EncodedSecretKey = jwtTokenizer.encodeBase64SecretKey(jwtTokenizer.getSecretKey());
if (isAccessTokenExpired(request)) {
if (request.getHeader("Refresh") != null && !request.getHeader("Refresh").isEmpty()) {
if (isRefreshTokenExpired(request)) {
Claims accessClaims = jwtTokenizer.getClaims(jws, base64EncodedSecretKey).getBody();
jws = jwtTokenizer.generateAccessToken(accessClaims, accessClaims.getSubject(), jwtTokenizer.getTokenExpiration(jwtTokenizer.getAccessTokenExpirationMinutes()), base64EncodedSecretKey);
String refresh = jwtTokenizer.generateRefreshToken(accessClaims.getSubject(), jwtTokenizer.getTokenExpiration(jwtTokenizer.getRefreshTokenExpirationMinutes()), base64EncodedSecretKey);
refresh = jwtTokenizer.generateRefreshToken(accessClaims.getSubject(), jwtTokenizer.getTokenExpiration(jwtTokenizer.getRefreshTokenExpirationMinutes()), base64EncodedSecretKey);
response.setHeader("Authorization", "Bearer " + jws);
response.setHeader("Refresh", refresh);
} else {
Expand All @@ -47,7 +51,7 @@ public void commence(HttpServletRequest request, HttpServletResponse response,
} else {
Claims accessClaims = jwtTokenizer.getClaims(jws, base64EncodedSecretKey).getBody();
jws = jwtTokenizer.generateAccessToken(accessClaims, accessClaims.getSubject(), jwtTokenizer.getTokenExpiration(jwtTokenizer.getAccessTokenExpirationMinutes()), base64EncodedSecretKey);
String refresh = jwtTokenizer.generateRefreshToken(accessClaims.getSubject(), jwtTokenizer.getTokenExpiration(jwtTokenizer.getRefreshTokenExpirationMinutes()), base64EncodedSecretKey);
refresh = jwtTokenizer.generateRefreshToken(accessClaims.getSubject(), jwtTokenizer.getTokenExpiration(jwtTokenizer.getRefreshTokenExpirationMinutes()), base64EncodedSecretKey);
response.setHeader("Authorization", "Bearer " + jws);
response.setHeader("Refresh", refresh);
}
Expand All @@ -56,12 +60,12 @@ public void commence(HttpServletRequest request, HttpServletResponse response,


ErrorResponder.sendErrorResponse(response, HttpStatus.UNAUTHORIZED);
logExceptionMessage(authenticationException, exception);
logExceptionMessage(authenticationException, exception, jws, refresh);
}

private void logExceptionMessage(AuthenticationException authException, Exception exception){
private void logExceptionMessage(AuthenticationException authException, Exception exception, String access, String refresh){
String message = exception != null ? exception.getMessage() : authException.getMessage();
log.warn("Unauthorized error happend: {}", message + " contain new token.");
log.warn("Unauthorized error happend: {}", message + "\""+ access + "\"" + refresh);
}

public boolean isAccessTokenExpired(HttpServletRequest request){
Expand Down

0 comments on commit bc5fcbd

Please sign in to comment.