ssu-B1G4 · bingseok · Dec 9, 2024 · Dec 9, 2024
diff --git a/src/main/java/B1G4/bookmark/config/SecurityConfig.java b/src/main/java/B1G4/bookmark/config/SecurityConfig.java
@@ -35,6 +35,7 @@ public class SecurityConfig {
             "/refresh",
             "/actuator/prometheus",
             "/ws/**",
+            "/topic/**"
     };
 
     @Bean

diff --git a/src/main/java/B1G4/bookmark/config/WebSocketConfig.java b/src/main/java/B1G4/bookmark/config/WebSocketConfig.java
@@ -42,7 +42,29 @@ public void registerStompEndpoints(StompEndpointRegistry registry) {
 
     @Override
     public void configureClientInboundChannel(ChannelRegistration registration) {
-        registration.interceptors(stompHandler); // StompHandler 추가
+        registration.interceptors(new ChannelInterceptor() {
+            @Override
+            public Message<?> preSend(Message<?> message, MessageChannel channel) {
+                StompHeaderAccessor accessor = StompHeaderAccessor.wrap(message);
+
+                if (StompCommand.CONNECT.equals(accessor.getCommand()) ||
+                        StompCommand.SUBSCRIBE.equals(accessor.getCommand()) ||
+                        StompCommand.SEND.equals(accessor.getCommand())) {
+
+                    String token = accessor.getFirstNativeHeader("Authorization");
+
+                    if (Objects.nonNull(token) && token.startsWith("Bearer ")) {
+                        token = token.substring(7); // "Bearer " 제거
+                        try {
+                            Authentication authentication = jwtTokenProvider.getAuthentication(token);
+                            accessor.setUser(authentication); // 사용자 정보 추가
+                        } catch (Exception e) {
+                            System.out.println("WebSocket Authentication failed: " + e.getMessage());
+                        }
+                    }
+                }
+                return message;
+            }
+        });
     }
 }
-
diff --git a/src/main/java/B1G4/bookmark/security/provider/JwtTokenProvider.java b/src/main/java/B1G4/bookmark/security/provider/JwtTokenProvider.java
@@ -90,15 +90,13 @@ private Jws<Claims> getClaims(String token) {
     }
 
     public Authentication getAuthentication(String token) {
-        Claims claims = Jwts.parserBuilder()
-                .setSigningKey(secretKey)
-                .build()
-                .parseClaimsJws(token)
-                .getBody();
-
-        String userId = claims.get("id", String.class);
-        User user = new User(userId, "", Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER")));
-        return new UsernamePasswordAuthenticationToken(user, token, user.getAuthorities());
+        try {
+            Long memberId = getId(token); // Extract member ID from JWT
+            User principal = new User(memberId.toString(), "", Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER")));
+            return new UsernamePasswordAuthenticationToken(principal, token, principal.getAuthorities());
+        } catch (Exception e) {
+            throw new AuthException(ErrorStatus.AUTH_INVALID_TOKEN);
+        }
     }
 
     public void validateToken(String token) {