From 1cbacde795f761a0535c9330eca05bd4b685ba6a Mon Sep 17 00:00:00 2001 From: JianChoi-Kor Date: Sun, 17 Jul 2022 23:06:44 +0900 Subject: [PATCH] Security --- .../basic/persistence/model/Privilege.java | 8 ++--- .../basic/persistence/model/Role.java | 15 ++++----- .../basic/persistence/model/User.java | 12 +++---- .../security/CustomUserDetailsService.java | 1 + .../basic/security/WebSecurityConfigure.java | 31 +++++++++++++++---- 5 files changed, 44 insertions(+), 23 deletions(-) diff --git a/src/main/java/com/security/basic/persistence/model/Privilege.java b/src/main/java/com/security/basic/persistence/model/Privilege.java index 547c464..7221554 100644 --- a/src/main/java/com/security/basic/persistence/model/Privilege.java +++ b/src/main/java/com/security/basic/persistence/model/Privilege.java @@ -1,6 +1,5 @@ package com.security.basic.persistence.model; -import lombok.AllArgsConstructor; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; @@ -9,20 +8,21 @@ import javax.persistence.*; import java.util.Collection; @Entity -@NoArgsConstructor @Getter @Setter +@NoArgsConstructor @Table(name = "privileges") public class Privilege { + //고유값 @Id - @Column(unique = true, nullable = false) @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id", nullable = false) private Long id; private String name; - @ManyToMany(mappedBy = "privileges", fetch = FetchType.EAGER) + @ManyToMany(mappedBy = "privileges") private Collection roles; public Privilege(final String name) { diff --git a/src/main/java/com/security/basic/persistence/model/Role.java b/src/main/java/com/security/basic/persistence/model/Role.java index 14312c3..02de9a8 100644 --- a/src/main/java/com/security/basic/persistence/model/Role.java +++ b/src/main/java/com/security/basic/persistence/model/Role.java @@ -1,8 +1,6 @@ package com.security.basic.persistence.model; -import lombok.AllArgsConstructor; import lombok.Getter; -import lombok.NoArgsConstructor; import lombok.Setter; import javax.persistence.*; @@ -14,21 +12,24 @@ import java.util.Collection; @Table(name = "roles") public class Role { + //고유값 @Id - @Column(unique = true, nullable = false) @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id", nullable = false) private Long id; private String name; - @ManyToMany(mappedBy = "roles", fetch = FetchType.EAGER) + @ManyToMany(mappedBy = "roles") private Collection users; - @ManyToMany + @ManyToMany(fetch = FetchType.EAGER) @JoinTable( name = "roles_privileges", - joinColumns = @JoinColumn(name = "role_id", referencedColumnName = "id"), - inverseJoinColumns = @JoinColumn(name = "privilege_id", referencedColumnName = "id") + joinColumns = @JoinColumn( + name = "role_id", referencedColumnName = "id"), + inverseJoinColumns = @JoinColumn( + name = "privilege_id", referencedColumnName = "id") ) private Collection privileges; diff --git a/src/main/java/com/security/basic/persistence/model/User.java b/src/main/java/com/security/basic/persistence/model/User.java index da018a5..f1fb739 100644 --- a/src/main/java/com/security/basic/persistence/model/User.java +++ b/src/main/java/com/security/basic/persistence/model/User.java @@ -5,19 +5,19 @@ import lombok.*; import javax.persistence.*; import java.util.Collection; - @Entity @Builder -@AllArgsConstructor -@NoArgsConstructor @Getter @Setter +@AllArgsConstructor +@NoArgsConstructor @Table(name = "users") public class User { + //고유값 @Id - @Column(unique = true, nullable = false) @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id", unique = true, nullable = false) private Long id; private String email; @@ -27,8 +27,8 @@ public class User { @ManyToMany(fetch = FetchType.EAGER) @JoinTable( name = "users_roles", - joinColumns = @JoinColumn(name = "user_id", referencedColumnName = "id"), - inverseJoinColumns = @JoinColumn(name = "role_id", referencedColumnName = "id") + joinColumns = {@JoinColumn(name = "user_id", referencedColumnName = "id")}, + inverseJoinColumns = {@JoinColumn(name = "role_id", referencedColumnName = "id")} ) private Collection roles; } diff --git a/src/main/java/com/security/basic/security/CustomUserDetailsService.java b/src/main/java/com/security/basic/security/CustomUserDetailsService.java index 70954d2..0b2bf3f 100644 --- a/src/main/java/com/security/basic/security/CustomUserDetailsService.java +++ b/src/main/java/com/security/basic/security/CustomUserDetailsService.java @@ -13,6 +13,7 @@ import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Component; +import javax.transaction.Transactional; import java.util.ArrayList; import java.util.Collection; import java.util.List; diff --git a/src/main/java/com/security/basic/security/WebSecurityConfigure.java b/src/main/java/com/security/basic/security/WebSecurityConfigure.java index 235406c..a360701 100644 --- a/src/main/java/com/security/basic/security/WebSecurityConfigure.java +++ b/src/main/java/com/security/basic/security/WebSecurityConfigure.java @@ -6,10 +6,13 @@ import org.springframework.boot.autoconfigure.security.servlet.PathRequest; import org.springframework.boot.web.servlet.ServletListenerRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.security.access.hierarchicalroles.RoleHierarchy; +import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler; import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.session.HttpSessionEventPublisher; @@ -39,12 +42,12 @@ public class WebSecurityConfigure { //permitAll시 해당 url에 대한 인증 정보를 요구하지 않는다. //authenticated시 해당 url에는 인증 정보를 요구한다.(로그인 필요) //hasAnyRole시 해당 url에는 특정 권한 정보를 요구한다. - http - .authorizeRequests() - .antMatchers("/home").permitAll() -// .antMatchers("/user").hasAnyRole("USER", "ADMIN") -// .antMatchers("/admin").hasAnyRole("ADMIN") - .anyRequest().authenticated(); +// http +// .authorizeRequests() +// .antMatchers("/home").permitAll() +// .antMatchers("/user").hasAnyRole("USER", "ADMIN") +// .antMatchers("/admin").hasAnyRole("ADMIN") +// .anyRequest().authenticated(); http .authorizeHttpRequests() @@ -90,6 +93,22 @@ public class WebSecurityConfigure { return new ServletListenerRegistrationBean(new HttpSessionEventPublisher()); } + @Bean + public RoleHierarchy roleHierarchy() { + RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl(); + String hierarchy = "ROLE_ADMIN > ROLE_USER"; + roleHierarchy.setHierarchy(hierarchy); + + return roleHierarchy; + } + + @Bean + public DefaultWebSecurityExpressionHandler webSecurityExpressionHandler() { + DefaultWebSecurityExpressionHandler expressionHandler = new DefaultWebSecurityExpressionHandler(); + expressionHandler.setRoleHierarchy(roleHierarchy()); + return expressionHandler; + } + @Bean public AuthenticationSuccessHandler successHandler() { return new CustomAuthSuccessHandler();