From e9e22bb76e292d66e44526e15d8b58debca0579c Mon Sep 17 00:00:00 2001
From: JianChoi-Kor <wldks79@gmail.com>
Date: Sun, 17 Jul 2022 21:38:43 +0900
Subject: [PATCH] Security

---
 pom.xml                                       | 14 +++++++
 .../basic/configure/JpaConfiguration.java     | 22 ++++++++++
 ...onfigure.java => WebMvcConfiguration.java} |  2 +-
 .../basic/persistence/model/Privilege.java    |  5 ++-
 .../basic/persistence/model/Role.java         |  4 +-
 .../basic/persistence/model/User.java         |  6 +--
 .../basic/security/WebSecurityConfigure.java  |  8 ++--
 .../basic/spring/SetupDataLoader.java         |  2 +
 .../basic/web/controller/UserController.java  | 40 +++++++++++++++++++
 .../resources/application-local.properties    |  3 ++
 src/main/resources/application.properties     | 12 ++++--
 src/main/resources/templates/admin.html       | 17 ++++++++
 src/main/resources/templates/expired.html     | 17 ++++++++
 src/main/resources/templates/home.html        | 17 ++++++++
 src/main/resources/templates/read.html        | 17 ++++++++
 src/main/resources/templates/user.html        | 17 ++++++++
 src/main/resources/templates/write.html       | 17 ++++++++
 17 files changed, 206 insertions(+), 14 deletions(-)
 create mode 100644 src/main/java/com/security/basic/configure/JpaConfiguration.java
 rename src/main/java/com/security/basic/configure/{WebMvcConfigure.java => WebMvcConfiguration.java} (91%)
 create mode 100644 src/main/java/com/security/basic/web/controller/UserController.java
 create mode 100644 src/main/resources/templates/admin.html
 create mode 100644 src/main/resources/templates/expired.html
 create mode 100644 src/main/resources/templates/home.html
 create mode 100644 src/main/resources/templates/read.html
 create mode 100644 src/main/resources/templates/user.html
 create mode 100644 src/main/resources/templates/write.html

diff --git a/pom.xml b/pom.xml
index d3391e4..5ec9ed2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -50,6 +50,20 @@
 			<artifactId>spring-security-test</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-thymeleaf</artifactId>
+		</dependency>
+		<!-- https://mvnrepository.com/artifact/com.querydsl/querydsl-apt -->
+		<dependency>
+			<groupId>com.querydsl</groupId>
+			<artifactId>querydsl-apt</artifactId>
+		</dependency>
+		<!-- https://mvnrepository.com/artifact/com.querydsl/querydsl-jpa -->
+		<dependency>
+			<groupId>com.querydsl</groupId>
+			<artifactId>querydsl-jpa</artifactId>
+		</dependency>
 	</dependencies>
 
 	<build>
diff --git a/src/main/java/com/security/basic/configure/JpaConfiguration.java b/src/main/java/com/security/basic/configure/JpaConfiguration.java
new file mode 100644
index 0000000..14f8ce3
--- /dev/null
+++ b/src/main/java/com/security/basic/configure/JpaConfiguration.java
@@ -0,0 +1,22 @@
+package com.security.basic.configure;
+
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+
+import com.querydsl.jpa.impl.JPAQueryFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
+
+@Configuration
+@EnableJpaAuditing
+public class JpaConfiguration {
+
+  @PersistenceContext
+  private EntityManager em;
+
+  @Bean
+  public JPAQueryFactory jpaQueryFactory () {
+    return new JPAQueryFactory(em);
+  }
+}
diff --git a/src/main/java/com/security/basic/configure/WebMvcConfigure.java b/src/main/java/com/security/basic/configure/WebMvcConfiguration.java
similarity index 91%
rename from src/main/java/com/security/basic/configure/WebMvcConfigure.java
rename to src/main/java/com/security/basic/configure/WebMvcConfiguration.java
index 8ec786e..c5bfe16 100644
--- a/src/main/java/com/security/basic/configure/WebMvcConfigure.java
+++ b/src/main/java/com/security/basic/configure/WebMvcConfiguration.java
@@ -5,7 +5,7 @@ import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @Configuration
-public class WebMvcConfigure implements WebMvcConfigurer {
+public class WebMvcConfiguration implements WebMvcConfigurer {
 
     private static final String[] CLASSPATH_RESOURCE_LOCATIONS = {
             "classpath:/static/", "classpath:/public/", "classpath:/", "classpath:/resources/", "classpath:/META-INF/resources/", "classpath:/META-INF/resources/webjars/"
diff --git a/src/main/java/com/security/basic/persistence/model/Privilege.java b/src/main/java/com/security/basic/persistence/model/Privilege.java
index dbad2db..547c464 100644
--- a/src/main/java/com/security/basic/persistence/model/Privilege.java
+++ b/src/main/java/com/security/basic/persistence/model/Privilege.java
@@ -1,12 +1,15 @@
 package com.security.basic.persistence.model;
 
+import lombok.AllArgsConstructor;
 import lombok.Getter;
+import lombok.NoArgsConstructor;
 import lombok.Setter;
 
 import javax.persistence.*;
 import java.util.Collection;
 
 @Entity
+@NoArgsConstructor
 @Getter
 @Setter
 @Table(name = "privileges")
@@ -19,7 +22,7 @@ public class Privilege {
 
     private String name;
 
-    @ManyToMany(mappedBy = "privileges")
+    @ManyToMany(mappedBy = "privileges", fetch = FetchType.EAGER)
     private Collection<Role> roles;
 
     public Privilege(final String name) {
diff --git a/src/main/java/com/security/basic/persistence/model/Role.java b/src/main/java/com/security/basic/persistence/model/Role.java
index d3c1901..14312c3 100644
--- a/src/main/java/com/security/basic/persistence/model/Role.java
+++ b/src/main/java/com/security/basic/persistence/model/Role.java
@@ -1,6 +1,8 @@
 package com.security.basic.persistence.model;
 
+import lombok.AllArgsConstructor;
 import lombok.Getter;
+import lombok.NoArgsConstructor;
 import lombok.Setter;
 
 import javax.persistence.*;
@@ -19,7 +21,7 @@ public class Role {
 
     private String name;
 
-    @ManyToMany(mappedBy = "roles")
+    @ManyToMany(mappedBy = "roles", fetch = FetchType.EAGER)
     private Collection<User> users;
 
     @ManyToMany
diff --git a/src/main/java/com/security/basic/persistence/model/User.java b/src/main/java/com/security/basic/persistence/model/User.java
index 8ff21b9..da018a5 100644
--- a/src/main/java/com/security/basic/persistence/model/User.java
+++ b/src/main/java/com/security/basic/persistence/model/User.java
@@ -1,8 +1,6 @@
 package com.security.basic.persistence.model;
 
-import lombok.Builder;
-import lombok.Getter;
-import lombok.Setter;
+import lombok.*;
 
 import javax.persistence.*;
 import java.util.Collection;
@@ -10,6 +8,8 @@ import java.util.Collection;
 
 @Entity
 @Builder
+@AllArgsConstructor
+@NoArgsConstructor
 @Getter
 @Setter
 @Table(name = "users")
diff --git a/src/main/java/com/security/basic/security/WebSecurityConfigure.java b/src/main/java/com/security/basic/security/WebSecurityConfigure.java
index 3d90cc0..235406c 100644
--- a/src/main/java/com/security/basic/security/WebSecurityConfigure.java
+++ b/src/main/java/com/security/basic/security/WebSecurityConfigure.java
@@ -39,12 +39,12 @@ public class WebSecurityConfigure {
         //permitAll시 해당 url에 대한 인증 정보를 요구하지 않는다.
         //authenticated시 해당 url에는 인증 정보를 요구한다.(로그인 필요)
         //hasAnyRole시 해당 url에는 특정 권한 정보를 요구한다.
-//    http
-//        .authorizeRequests()
-//        .antMatchers("/login", "/home").permitAll()
+    http
+        .authorizeRequests()
+        .antMatchers("/home").permitAll()
 //        .antMatchers("/user").hasAnyRole("USER", "ADMIN")
 //        .antMatchers("/admin").hasAnyRole("ADMIN")
-//        .anyRequest().authenticated();
+        .anyRequest().authenticated();
 
         http
                 .authorizeHttpRequests()
diff --git a/src/main/java/com/security/basic/spring/SetupDataLoader.java b/src/main/java/com/security/basic/spring/SetupDataLoader.java
index 50c372a..f5c1b48 100644
--- a/src/main/java/com/security/basic/spring/SetupDataLoader.java
+++ b/src/main/java/com/security/basic/spring/SetupDataLoader.java
@@ -9,7 +9,9 @@ import com.security.basic.persistence.model.User;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.ApplicationListener;
 import org.springframework.context.event.ContextRefreshedEvent;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.context.SecurityContextPersistenceFilter;
 import org.springframework.stereotype.Component;
 
 import javax.transaction.Transactional;
diff --git a/src/main/java/com/security/basic/web/controller/UserController.java b/src/main/java/com/security/basic/web/controller/UserController.java
new file mode 100644
index 0000000..d2bc73d
--- /dev/null
+++ b/src/main/java/com/security/basic/web/controller/UserController.java
@@ -0,0 +1,40 @@
+package com.security.basic.web.controller;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+
+@Controller
+@RequiredArgsConstructor
+public class UserController {
+
+    @GetMapping("/home")
+    public String home() {
+        return "/home";
+    }
+
+    @PreAuthorize("hasRole('USER')")
+    @GetMapping("/user")
+    public String user() {
+        return "/user";
+    }
+
+    @PreAuthorize("hasRole('ADMIN')")
+    @GetMapping("/admin")
+    public String admin() {
+        return "/admin";
+    }
+
+    @PreAuthorize("hasAnyAuthority('READ','WRITE')")
+    @GetMapping("/read")
+    public String read() {
+        return "/read";
+    }
+
+    @PreAuthorize("hasAnyAuthority('WRITE')")
+    @GetMapping("/write")
+    public String write() {
+        return "/write";
+    }
+}
diff --git a/src/main/resources/application-local.properties b/src/main/resources/application-local.properties
index 7ea9978..74ef0df 100644
--- a/src/main/resources/application-local.properties
+++ b/src/main/resources/application-local.properties
@@ -1,3 +1,6 @@
+# Server Port
+server.port=8008
+
 # DataSource Setting
 spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
 spring.datasource.url=jdbc:mysql://localhost:3306/basic_security?autoReconnect=true
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 060eec1..3fd9f6a 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,15 +1,19 @@
-server.port=8008
-
 # JPA Setting
 spring.jpa.hibernate.ddl-auto=update
 spring.jpa.generate-ddl=false
 spring.jpa.show-sql=true
 spring.jpa.database-platform=org.hibernate.dialect.MySQL5InnoDBDialect
 spring.jpa.properties.hibernate.format_sql=true
+spring.jpa.properties.hibernate.id.new_generator_mappings=false
 
 # Logging
 spring.output.ansi.enabled=always
 
-# Redis
-spring.data.redis.repositories.enabled=false
+#Thymeleaf
+spring.thymeleaf.cache=false
+spring.thymeleaf.check-template-location=true
+spring.thymeleaf.prefix=classpath:/templates/
+spring.thymeleaf.suffix=.html
 
+# Security
+spring.main.allow-bean-definition-overriding=true
\ No newline at end of file
diff --git a/src/main/resources/templates/admin.html b/src/main/resources/templates/admin.html
new file mode 100644
index 0000000..385966d
--- /dev/null
+++ b/src/main/resources/templates/admin.html
@@ -0,0 +1,17 @@
+<!doctype html>
+<html lang="kr" xmlns="http://www.w3.org/1999/xhtml">
+<head>
+  <meta charset="utf-8">
+  <meta data-n-head="true" name="viewport"
+        content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <meta name="format-detection" content="telephone=no">
+  <title>SecurityExample</title>
+</head>
+<body>
+  <h1>ADMIN</h1>
+<script type="text/javascript">
+  // window.setTimeout(document.getElementById('loginForm').submit(), 1);
+</script>
+</body>
+</html>
diff --git a/src/main/resources/templates/expired.html b/src/main/resources/templates/expired.html
new file mode 100644
index 0000000..a6f2dd0
--- /dev/null
+++ b/src/main/resources/templates/expired.html
@@ -0,0 +1,17 @@
+<!doctype html>
+<html lang="kr" xmlns="http://www.w3.org/1999/xhtml">
+<head>
+  <meta charset="utf-8">
+  <meta data-n-head="true" name="viewport"
+        content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <meta name="format-detection" content="telephone=no">
+  <title>SecurityExample</title>
+</head>
+<body>
+  <h1>EXPIRED</h1>
+<script type="text/javascript">
+  // window.setTimeout(document.getElementById('loginForm').submit(), 1);
+</script>
+</body>
+</html>
diff --git a/src/main/resources/templates/home.html b/src/main/resources/templates/home.html
new file mode 100644
index 0000000..103e6d7
--- /dev/null
+++ b/src/main/resources/templates/home.html
@@ -0,0 +1,17 @@
+<!doctype html>
+<html lang="kr" xmlns="http://www.w3.org/1999/xhtml">
+<head>
+  <meta charset="utf-8">
+  <meta data-n-head="true" name="viewport"
+        content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <meta name="format-detection" content="telephone=no">
+  <title>SecurityExample</title>
+</head>
+<body>
+  <h1>HOME</h1>
+<script type="text/javascript">
+  // window.setTimeout(document.getElementById('loginForm').submit(), 1);
+</script>
+</body>
+</html>
diff --git a/src/main/resources/templates/read.html b/src/main/resources/templates/read.html
new file mode 100644
index 0000000..8a12e69
--- /dev/null
+++ b/src/main/resources/templates/read.html
@@ -0,0 +1,17 @@
+<!doctype html>
+<html lang="kr" xmlns="http://www.w3.org/1999/xhtml">
+<head>
+  <meta charset="utf-8">
+  <meta data-n-head="true" name="viewport"
+        content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <meta name="format-detection" content="telephone=no">
+  <title>SecurityExample</title>
+</head>
+<body>
+  <h1>READ</h1>
+<script type="text/javascript">
+  // window.setTimeout(document.getElementById('loginForm').submit(), 1);
+</script>
+</body>
+</html>
diff --git a/src/main/resources/templates/user.html b/src/main/resources/templates/user.html
new file mode 100644
index 0000000..d3604b8
--- /dev/null
+++ b/src/main/resources/templates/user.html
@@ -0,0 +1,17 @@
+<!doctype html>
+<html lang="kr" xmlns="http://www.w3.org/1999/xhtml">
+<head>
+  <meta charset="utf-8">
+  <meta data-n-head="true" name="viewport"
+        content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <meta name="format-detection" content="telephone=no">
+  <title>SecurityExample</title>
+</head>
+<body>
+  <h1>USER</h1>
+<script type="text/javascript">
+  // window.setTimeout(document.getElementById('loginForm').submit(), 1);
+</script>
+</body>
+</html>
diff --git a/src/main/resources/templates/write.html b/src/main/resources/templates/write.html
new file mode 100644
index 0000000..6a95794
--- /dev/null
+++ b/src/main/resources/templates/write.html
@@ -0,0 +1,17 @@
+<!doctype html>
+<html lang="kr" xmlns="http://www.w3.org/1999/xhtml">
+<head>
+  <meta charset="utf-8">
+  <meta data-n-head="true" name="viewport"
+        content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <meta name="format-detection" content="telephone=no">
+  <title>SecurityExample</title>
+</head>
+<body>
+  <h1>WRITE</h1>
+<script type="text/javascript">
+  // window.setTimeout(document.getElementById('loginForm').submit(), 1);
+</script>
+</body>
+</html>