M0IM · yewonahn · Dec 1, 2024 · Nov 30, 2024
diff --git a/...a/com/dev/moim/global/security/annotation/resolver/AuthUserMoimAdminArgumentResolver.java b/...a/com/dev/moim/global/security/annotation/resolver/AuthUserMoimAdminArgumentResolver.java
@@ -7,6 +7,7 @@
 import com.dev.moim.global.error.handler.AuthException;
 import com.dev.moim.global.redis.util.RedisUtil;
 import com.dev.moim.global.security.annotation.annotation.AuthUserMoimAdmin;
+import com.dev.moim.global.security.principal.MoimAuthentication;
 import com.dev.moim.global.security.util.JwtUtil;
 import jakarta.annotation.Nonnull;
 import jakarta.servlet.http.HttpServletRequest;
@@ -58,11 +59,14 @@ public Object resolveArgument(
                 .map(authentication -> {
                     String userId = authentication.getName();
                     Long moimId = extractMoimIdFromUri(httpServletRequest.getRequestURI());
-                    List<MoimRole> moimRoleList = new ArrayList<>(Arrays.asList(MoimRole.OWNER, MoimRole.ADMIN));
+
                     UserMoim userMoimAdmin = userMoimQueryService.findByUserIdAndMoimIdAndJoinStatusInMoimRoleListWithUserAndMoim(
-                                    Long.valueOf(userId), moimId, JoinStatus.COMPLETE, moimRoleList)
+                                    Long.valueOf(userId), moimId, JoinStatus.COMPLETE, Arrays.asList(MoimRole.OWNER, MoimRole.ADMIN))
                             .orElseThrow(() -> new AuthException(USER_NOT_MOIM_ADMIN));
 
+                    SecurityContextHolder.getContext().setAuthentication(
+                            new MoimAuthentication(authentication, moimId, userMoimAdmin.getMoimRole(), userMoimAdmin.getId()));
+
                     if (userMoimAdmin.getUser().getDeviceId() == null) {
                         Long now = new Date().getTime();
                         Long expiration = jwtUtil.getExpiration(accessToken) - now;

diff --git a/...n/java/com/dev/moim/global/security/annotation/resolver/AuthUserMoimArgumentResolver.java b/...n/java/com/dev/moim/global/security/annotation/resolver/AuthUserMoimArgumentResolver.java
@@ -6,6 +6,7 @@
 import com.dev.moim.global.error.handler.AuthException;
 import com.dev.moim.global.redis.util.RedisUtil;
 import com.dev.moim.global.security.annotation.annotation.AuthUserMoim;
+import com.dev.moim.global.security.principal.MoimAuthentication;
 import com.dev.moim.global.security.util.JwtUtil;
 import jakarta.annotation.Nonnull;
 import jakarta.servlet.http.HttpServletRequest;
@@ -60,10 +61,14 @@ public Object resolveArgument(
                 .map(authentication -> {
                     String userId = authentication.getName();
                     Long moimId = extractMoimIdFromUri(httpServletRequest.getRequestURI());
+
                     UserMoim userMoim = userMoimQueryService.findByUserIdAndMoimIdAndJoinStatusWithUserAndMoim(
                             Long.valueOf(userId), moimId, JoinStatus.COMPLETE)
                             .orElseThrow(() -> new AuthException(USER_NOT_MOIM_JOIN));
 
+                    SecurityContextHolder.getContext().setAuthentication(
+                            new MoimAuthentication(authentication, moimId, userMoim.getMoimRole(), userMoim.getId()));
+
                     if (userMoim.getUser().getDeviceId() == null) {
                         Long now = new Date().getTime();
                         Long expiration = jwtUtil.getExpiration(accessToken) - now;

diff --git a/...a/com/dev/moim/global/security/annotation/resolver/AuthUserMoimOwnerArgumentResolver.java b/...a/com/dev/moim/global/security/annotation/resolver/AuthUserMoimOwnerArgumentResolver.java
@@ -7,6 +7,7 @@
 import com.dev.moim.global.error.handler.AuthException;
 import com.dev.moim.global.redis.util.RedisUtil;
 import com.dev.moim.global.security.annotation.annotation.AuthUserMoimAdmin;
+import com.dev.moim.global.security.principal.MoimAuthentication;
 import com.dev.moim.global.security.util.JwtUtil;
 import jakarta.annotation.Nonnull;
 import jakarta.servlet.http.HttpServletRequest;
@@ -61,19 +62,23 @@ public Object resolveArgument(
                 .map(authentication -> {
                     String userId = authentication.getName();
                     Long moimId = extractMoimIdFromUri(httpServletRequest.getRequestURI());
-                    UserMoim userMoim = userMoimQueryService.findByUserIdAndMoimIdAndJoinStatusAndMoimRoleWithUserAndMoim(
+
+                    UserMoim userMoimOwner = userMoimQueryService.findByUserIdAndMoimIdAndJoinStatusAndMoimRoleWithUserAndMoim(
                                     Long.valueOf(userId), moimId, JoinStatus.COMPLETE, MoimRole.OWNER)
                             .orElseThrow(() -> new AuthException(USER_NOT_MOIM_OWNER));
 
-                    if (userMoim.getUser().getDeviceId() == null) {
+                    SecurityContextHolder.getContext().setAuthentication(
+                            new MoimAuthentication(authentication, moimId, userMoimOwner.getMoimRole(), userMoimOwner.getId()));
+
+                    if (userMoimOwner.getUser().getDeviceId() == null) {
                         Long now = new Date().getTime();
                         Long expiration = jwtUtil.getExpiration(accessToken) - now;
                         redisUtil.setValue(accessToken, "deviceId_missing", expiration);
 
                         throw new AuthException(FCM_TOKEN_REQUIRED);
                     }
 
-                    return userMoim;
+                    return userMoimOwner;
                 }).orElseThrow(() -> new AuthException(AUTH_INVALID_TOKEN));
     }
 

diff --git a/src/main/java/com/dev/moim/global/security/principal/MoimAuthentication.java b/src/main/java/com/dev/moim/global/security/principal/MoimAuthentication.java
@@ -0,0 +1,49 @@
+package com.dev.moim.global.security.principal;
+
+import com.dev.moim.domain.moim.entity.enums.MoimRole;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+
+import java.util.Collection;
+
+public record MoimAuthentication(
+        Authentication originalAuthentication,
+        Long moimId,
+        MoimRole moimRole,
+        Long userMoimId) implements Authentication {
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return originalAuthentication.getAuthorities();
+    }
+
+    @Override
+    public Object getCredentials() {
+        return originalAuthentication.getCredentials();
+    }
+
+    @Override
+    public Object getDetails() {
+        return originalAuthentication.getDetails();
+    }
+
+    @Override
+    public Object getPrincipal() {
+        return originalAuthentication.getPrincipal();
+    }
+
+    @Override
+    public boolean isAuthenticated() {
+        return originalAuthentication.isAuthenticated();
+    }
+
+    @Override
+    public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
+        originalAuthentication.setAuthenticated(isAuthenticated);
+    }
+
+    @Override
+    public String getName() {
+        return originalAuthentication.getName();
+    }
+}