게이트웨이 토큰 인증

2019-09-17 10:11:16 +09:00
parent 904d5d1780
commit 04b7ecd793
5 changed files with 142 additions and 96 deletions
--- a/src/main/java/com/example/template/JwkSetEndpointConfiguration.java
+++ b/src/main/java/com/example/template/JwkSetEndpointConfiguration.java
@@ -1,31 +1,31 @@
-//package com.example.template;
-//
-//import com.nimbusds.jose.jwk.JWKSet;
-//import com.nimbusds.jose.jwk.RSAKey;
-//import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpoint;
-//import org.springframework.web.bind.annotation.GetMapping;
-//import org.springframework.web.bind.annotation.ResponseBody;
-//import org.springframework.web.bind.annotation.RestController;
-//
-//import java.security.KeyPair;
-//import java.security.Principal;
-//import java.security.interfaces.RSAPublicKey;
-//import java.util.Map;
-//
-//@FrameworkEndpoint
-//@RestController
-//public class JwkSetEndpointConfiguration {
-//    KeyPair keyPair;
-//
-//    public JwkSetEndpointConfiguration(KeyPair keyPair) {
-//        this.keyPair = keyPair;
-//    }
-//
-//    @GetMapping("/.well-known/jwks.json")
-//    @ResponseBody
-//    public Map<String, Object> getKey(Principal principal) {
-//        RSAPublicKey publicKey = (RSAPublicKey) this.keyPair.getPublic();
-//        RSAKey key = new RSAKey.Builder(publicKey).build();
-//        return new JWKSet(key).toJSONObject();
-//    }
-//}
+package com.example.template;
+
+import com.nimbusds.jose.jwk.JWKSet;
+import com.nimbusds.jose.jwk.RSAKey;
+import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpoint;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.KeyPair;
+import java.security.Principal;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Map;
+
+@FrameworkEndpoint
+@RestController
+public class JwkSetEndpointConfiguration {
+    KeyPair keyPair;
+
+    public JwkSetEndpointConfiguration(KeyPair keyPair) {
+        this.keyPair = keyPair;
+    }
+
+    @GetMapping("/.well-known/jwks.json")
+    @ResponseBody
+    public Map<String, Object> getKey(Principal principal) {
+        RSAPublicKey publicKey = (RSAPublicKey) this.keyPair.getPublic();
+        RSAKey key = new RSAKey.Builder(publicKey).build();
+        return new JWKSet(key).toJSONObject();
+    }
+}
--- a/src/main/java/com/example/template/ResourceServerConfiguration.java
+++ b/src/main/java/com/example/template/ResourceServerConfiguration.java
@@ -1,42 +1,42 @@
-//package com.example.template;
-//import org.springframework.context.annotation.Bean;
-//import org.springframework.context.annotation.Configuration;
-//import org.springframework.core.io.ClassPathResource;
-//import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
-//import org.springframework.security.config.web.server.ServerHttpSecurity;
-//import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;
-//import org.springframework.security.web.server.SecurityWebFilterChain;
-//
-//import java.security.KeyPair;
-//
-//@Configuration
-//@EnableWebFluxSecurity
-//public class ResourceServerConfiguration {
-//
-//    @Bean
-//    SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
-//
-//        http
-//                .cors().and()
-//                .csrf().disable()
-//                .authorizeExchange()
-//                .pathMatchers("/oauth/**","/login/**","/.well-known/jwks.json").permitAll()
-//                .anyExchange().authenticated()
-//                .and()
-//                .oauth2ResourceServer()
-//                .jwt()
-//                ;
-//
-//        return http.build();
-//    }
-//
-//    @Bean
-//    public KeyPair makeKeyPair(){
-//        KeyPair keyPair = new KeyStoreKeyFactory(
-//                new ClassPathResource("server.jks"), "qweqwe".toCharArray())
-//                .getKeyPair("uengine", "qweqwe".toCharArray());
-//        return keyPair;
-//    }
-//
-//
-//}
+package com.example.template;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;
+import org.springframework.security.web.server.SecurityWebFilterChain;
+
+import java.security.KeyPair;
+
+@Configuration
+@EnableWebFluxSecurity
+public class ResourceServerConfiguration {
+
+    @Bean
+    SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
+
+        http
+                .cors().and()
+                .csrf().disable()
+                .authorizeExchange()
+                .pathMatchers("/oauth/**","/login/**","/.well-known/jwks.json").permitAll()
+                .anyExchange().authenticated()
+                .and()
+                .oauth2ResourceServer()
+                .jwt()
+                ;
+
+        return http.build();
+    }
+
+    @Bean
+    public KeyPair makeKeyPair(){
+        KeyPair keyPair = new KeyStoreKeyFactory(
+                new ClassPathResource("server.jks"), "qweqwe".toCharArray())
+                .getKeyPair("uengine", "qweqwe".toCharArray());
+        return keyPair;
+    }
+
+
+}
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -5,20 +5,20 @@ server:
 ---
 spring:
  profiles: default
-#  security:
-#    oauth2:
-#      resourceserver:
-#        jwt:
-#          jwk-set-uri: http://localhost:8080/.well-known/jwks.json
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          jwk-set-uri: http://localhost:8080/.well-known/jwks.json
  cloud:
    gateway:
      routes:
        - id: product
          uri: http://localhost:8085
          predicates:
-            - Path=/products/**
-        - id: goodsㄹ
-          uri: http://localhost:8085
+            - Path=/product/**
+        - id: goods
+          uri: http://product:8085
          predicates:
            - Path=/goods/**
        - id: order
@@ -66,15 +66,19 @@ spring:
        - id: product
          uri: http://product:8080
          predicates:
-            - Path=/product/**
+            - Path=/products/**
+        - id: goods
+          uri: http://product:8080
+          predicates:
+            - Path=/goods/**
        - id: order
          uri: http://order:8080
          predicates:
-            - Path=/order/**
+            - Path=/orders/**
        - id: delivery
          uri: http://delivery:8080
          predicates:
-            - Path=/deliveries/**
+            - Path=/deliveryies/**
        - id: marketing
          uri: http://marketing:8080
          predicates:
@@ -82,7 +86,15 @@ spring:
        - id: servicecenter
          uri: http://servicecenter:8080
          predicates:
-            - Path=/customers/**
+            - Path=/serveys/**
+        - id: mypage
+          uri: http://mypage:8080
+          predicates:
+            - Path=/users/**,/mypage/**
+        - id: oauth
+          uri: http://oauth:8080
+          predicates:
+            - Path=/oauth/**
      globalcors:
        corsConfigurations:
          '[/**]':
@@ -93,5 +105,6 @@ spring:
            allowedHeaders:
              - "*"
            allowCredentials: true
+
 server:
  port: 8080