Compare commits
2 Commits
feature/re
...
feature/Ro
| Author | SHA1 | Date | |
|---|---|---|---|
|
e7fabb7c03 | ||
|
|
7af5249116 |
@@ -5,23 +5,19 @@ import java.util.Properties;
|
||||
import org.springframework.beans.factory.config.YamlPropertiesFactoryBean;
|
||||
import org.springframework.core.env.PropertiesPropertySource;
|
||||
import org.springframework.core.env.PropertySource;
|
||||
import org.springframework.core.io.Resource;
|
||||
import org.springframework.core.io.support.EncodedResource;
|
||||
import org.springframework.core.io.support.PropertySourceFactory;
|
||||
import org.springframework.lang.Nullable;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
public class YamlPropertySourceFactory implements PropertySourceFactory {
|
||||
|
||||
@Override
|
||||
public PropertySource<?> createPropertySource(@Nullable String name, EncodedResource resource) {
|
||||
Properties yamlProperties = loadYamlProperties(resource);
|
||||
String sourceName = StringUtils.hasText(name) ? name : resource.getResource().getFilename();
|
||||
return new PropertiesPropertySource(Objects.requireNonNull(sourceName), Objects.requireNonNull(yamlProperties));
|
||||
}
|
||||
public PropertySource<?> createPropertySource(String name, EncodedResource encodedResource) {
|
||||
Resource resource = encodedResource.getResource();
|
||||
YamlPropertiesFactoryBean factoryBean = new YamlPropertiesFactoryBean();
|
||||
factoryBean.setResources(resource);
|
||||
|
||||
private Properties loadYamlProperties(EncodedResource resource) {
|
||||
YamlPropertiesFactoryBean factory = new YamlPropertiesFactoryBean();
|
||||
factory.setResources(resource.getResource());
|
||||
return factory.getObject();
|
||||
Properties properties = factoryBean.getObject();
|
||||
return new PropertiesPropertySource(Objects.requireNonNull(resource.getFilename()), Objects.requireNonNull(properties));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,56 @@
|
||||
package com.ticketing.server.global.security;
|
||||
|
||||
import com.ticketing.server.user.domain.UserGrade;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.access.AccessDecisionManager;
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.annotation.Jsr250Voter;
|
||||
import org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice;
|
||||
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
|
||||
import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
|
||||
import org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter;
|
||||
import org.springframework.security.access.vote.AffirmativeBased;
|
||||
import org.springframework.security.access.vote.AuthenticatedVoter;
|
||||
import org.springframework.security.access.vote.RoleHierarchyVoter;
|
||||
import org.springframework.security.access.vote.RoleVoter;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
|
||||
|
||||
@EnableGlobalMethodSecurity(
|
||||
securedEnabled = true,
|
||||
jsr250Enabled = true,
|
||||
prePostEnabled = true
|
||||
)
|
||||
@Configuration
|
||||
public class RoleConfig extends GlobalMethodSecurityConfiguration {
|
||||
|
||||
@Override
|
||||
protected AccessDecisionManager accessDecisionManager() {
|
||||
List<AccessDecisionVoter<?>> decisionVoters = new ArrayList<>();
|
||||
ExpressionBasedPreInvocationAdvice expressionAdvice = new ExpressionBasedPreInvocationAdvice();
|
||||
expressionAdvice.setExpressionHandler(getExpressionHandler());
|
||||
decisionVoters.add(new PreInvocationAuthorizationAdviceVoter(expressionAdvice));
|
||||
decisionVoters.add(new Jsr250Voter());
|
||||
|
||||
decisionVoters.add(new RoleVoter());
|
||||
decisionVoters.add(roleHierarchyVoter());
|
||||
decisionVoters.add(new AuthenticatedVoter());
|
||||
return new AffirmativeBased(decisionVoters);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public RoleHierarchyVoter roleHierarchyVoter() {
|
||||
return new RoleHierarchyVoter(roleHierarchy());
|
||||
}
|
||||
|
||||
@Bean
|
||||
public RoleHierarchy roleHierarchy() {
|
||||
RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();
|
||||
roleHierarchy.setHierarchy(UserGrade.getRoleHierarchy());
|
||||
return roleHierarchy;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -8,7 +8,6 @@ import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
@@ -18,7 +17,6 @@ import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@EnableGlobalMethodSecurity(securedEnabled = true)
|
||||
@RequiredArgsConstructor
|
||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ import org.springframework.context.annotation.PropertySource;
|
||||
@Getter
|
||||
@RequiredArgsConstructor
|
||||
@ConstructorBinding
|
||||
@ConfigurationProperties(value = "jwt")
|
||||
@ConfigurationProperties("jwt")
|
||||
@PropertySource(value = "classpath:application.yml", factory = YamlPropertySourceFactory.class)
|
||||
public class JwtProperties {
|
||||
|
||||
|
||||
@@ -10,6 +10,7 @@ import com.ticketing.server.user.application.response.TokenDto;
|
||||
import com.ticketing.server.user.application.response.UserChangePasswordResponse;
|
||||
import com.ticketing.server.user.application.response.UserDeleteResponse;
|
||||
import com.ticketing.server.user.domain.User;
|
||||
import com.ticketing.server.user.domain.UserGrade;
|
||||
import com.ticketing.server.user.service.UserServiceImpl;
|
||||
import com.ticketing.server.user.service.interfaces.AuthenticationService;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
@@ -32,7 +33,6 @@ import org.springframework.web.bind.annotation.RestController;
|
||||
@RequiredArgsConstructor
|
||||
@RequestMapping("/api/user")
|
||||
@Slf4j
|
||||
|
||||
public class UserController {
|
||||
|
||||
private final UserServiceImpl userService;
|
||||
@@ -47,14 +47,14 @@ public class UserController {
|
||||
}
|
||||
|
||||
@DeleteMapping
|
||||
@Secured("ROLE_GUEST")
|
||||
@Secured(UserGrade.ROLES.GUEST)
|
||||
public ResponseEntity<UserDeleteResponse> deleteUser(@RequestBody @Valid UserDeleteRequest request) {
|
||||
User user = userService.delete(request.toDeleteUserDto(passwordEncoder));
|
||||
return ResponseEntity.status(HttpStatus.OK).body(UserDeleteResponse.from(user));
|
||||
}
|
||||
|
||||
@PutMapping("/password")
|
||||
@Secured("ROLE_GUEST")
|
||||
@Secured(UserGrade.ROLES.GUEST)
|
||||
public ResponseEntity<UserChangePasswordResponse> changePassword(@RequestBody @Valid UserModifyPasswordRequest request) {
|
||||
if (request.oldEqualNew()) {
|
||||
log.error("기존 패스워드와 동일한 패스워드로 변경할 수 없습니다.");
|
||||
|
||||
@@ -23,14 +23,6 @@ import lombok.NoArgsConstructor;
|
||||
@NoArgsConstructor
|
||||
public class User extends AbstractEntity {
|
||||
|
||||
public User(String name, String email, String password, UserGrade grade, String phone) {
|
||||
this.name = name;
|
||||
this.email = email;
|
||||
this.password = password;
|
||||
this.grade = grade;
|
||||
this.phone = phone;
|
||||
}
|
||||
|
||||
@Column(name = "name")
|
||||
@NotEmpty(message = "{validation.not.empty.name}")
|
||||
private String name;
|
||||
@@ -58,6 +50,14 @@ public class User extends AbstractEntity {
|
||||
|
||||
private LocalDateTime deletedAt;
|
||||
|
||||
public User(String name, String email, String password, UserGrade grade, String phone) {
|
||||
this.name = name;
|
||||
this.email = email;
|
||||
this.password = password;
|
||||
this.grade = grade;
|
||||
this.phone = phone;
|
||||
}
|
||||
|
||||
public User delete(DeleteUserDTO deleteUser) {
|
||||
if (isDeleted) {
|
||||
throw new AlreadyDeletedException("이미 탈퇴된 회원 입니다.");
|
||||
|
||||
@@ -1,5 +1,38 @@
|
||||
package com.ticketing.server.user.domain;
|
||||
|
||||
import lombok.RequiredArgsConstructor;
|
||||
|
||||
@RequiredArgsConstructor
|
||||
public enum UserGrade {
|
||||
GUEST, STAFF
|
||||
ADMIN(ROLES.ADMIN, null),
|
||||
STAFF(ROLES.STAFF, ROLES.ADMIN),
|
||||
GUEST(ROLES.GUEST, ROLES.STAFF);
|
||||
|
||||
private final String roleName;
|
||||
private final String parentName;
|
||||
|
||||
public static class ROLES {
|
||||
|
||||
public static final String ADMIN = "ROLE_ADMIN";
|
||||
public static final String STAFF = "ROLE_STAFF";
|
||||
public static final String GUEST = "ROLE_GUEST";
|
||||
|
||||
private ROLES() {
|
||||
}
|
||||
}
|
||||
|
||||
public static String getRoleHierarchy() {
|
||||
StringBuilder sb = new StringBuilder();
|
||||
|
||||
for (UserGrade grade : UserGrade.values()) {
|
||||
if (grade.parentName != null) {
|
||||
sb.append(grade.parentName);
|
||||
sb.append(" > ");
|
||||
sb.append(grade.roleName);
|
||||
sb.append("\n");
|
||||
}
|
||||
}
|
||||
|
||||
return sb.toString();
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user