src/main/kotlin/roomescape/auth/web/support/interceptors/UserInterceptor.kt

@@ -8,6 +8,7 @@ import org.slf4j.MDC
 import org.springframework.stereotype.Component
 import org.springframework.web.method.HandlerMethod
 import org.springframework.web.servlet.HandlerInterceptor
+import roomescape.auth.business.CLAIM_ADMIN_TYPE_KEY
 import roomescape.auth.exception.AuthErrorCode
 import roomescape.auth.exception.AuthException
 import roomescape.auth.infrastructure.jwt.JwtUtils
@@ -33,14 +34,26 @@ class UserInterceptor(
         val token: String? = request.accessToken()
 
         try {
-            jwtUtils.extractSubject(token).also {
-                MDC.put(MDC_PRINCIPAL_ID_KEY, it)
-                log.info { "[UserInterceptor] 인증 완료. userId=$it" }
+            val id: String = jwtUtils.extractSubject(token).also { MDC.put(MDC_PRINCIPAL_ID_KEY, it) }
+
+            /**
+             * CLAIM_ADMIN_TYPE_KEY 가 존재하면 관리자 토큰임
+             */
+            jwtUtils.extractClaim(token, key = CLAIM_ADMIN_TYPE_KEY)?.also {
+                log.warn { "[UserInterceptor] 관리자 토큰으로 접근 시도. userId=$id, adminType=$it" }
+                throw AuthException(AuthErrorCode.ACCESS_DENIED)
             }
+
+            log.info { "[UserInterceptor] 인증 완료. userId=$id" }
             return true
         } catch (e: Exception) {
-            log.warn { "[UserInterceptor] 예상치 못한 예외: message=${e.message}" }
-            throw AuthException(AuthErrorCode.TEMPORARY_AUTH_ERROR)
+            when (e) {
+                is AuthException -> { throw e }
+                else -> {
+                    log.warn { "[UserInterceptor] 예상치 못한 예외: message=${e.message}" }
+                    throw AuthException(AuthErrorCode.TEMPORARY_AUTH_ERROR)
+                }
+            }
         }
     }
 }