From 0558392291292b58170ccfce20fb8223e80f5b03 Mon Sep 17 00:00:00 2001
From: kim <haerong22@naver.com>
Date: Sun, 13 Dec 2020 20:18:09 +0900
Subject: [PATCH] jwt security setting

---
 .../com/security/jwt/config/CorsConfig.java   | 23 ++++++++++++
 .../security/jwt/config/SecurityConfig.java   | 36 +++++++++++++++++++
 .../jwt/controller/RestApiController.java     | 13 +++++++
 .../java/com/security/jwt/model/User.java     | 35 ++++++++++++++++++
 .../src/main/resources/application.yml        | 23 +++++++++++-
 5 files changed, 129 insertions(+), 1 deletion(-)
 create mode 100644 spring-security-jwt/src/main/java/com/security/jwt/config/CorsConfig.java
 create mode 100644 spring-security-jwt/src/main/java/com/security/jwt/config/SecurityConfig.java
 create mode 100644 spring-security-jwt/src/main/java/com/security/jwt/controller/RestApiController.java
 create mode 100644 spring-security-jwt/src/main/java/com/security/jwt/model/User.java

diff --git a/spring-security-jwt/src/main/java/com/security/jwt/config/CorsConfig.java b/spring-security-jwt/src/main/java/com/security/jwt/config/CorsConfig.java
new file mode 100644
index 00000000..4234bc0d
--- /dev/null
+++ b/spring-security-jwt/src/main/java/com/security/jwt/config/CorsConfig.java
@@ -0,0 +1,23 @@
+package com.security.jwt.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+
+@Configuration
+public class CorsConfig {
+
+    @Bean
+    public CorsFilter corsFilter() {
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        CorsConfiguration config = new CorsConfiguration();
+        config.setAllowCredentials(true); // 내 서버가 응답을 할 때 json을 자바스크립트에서 처리할 수 있게 할지를 설정 하는 것
+        config.addAllowedOrigin("*"); // 모든 ip에 응답을 허용
+        config.addAllowedHeader("*"); // 모든 header에 응답을 허용
+        config.addAllowedMethod("*"); // 모든 메소드에 대해 요청을 허용(get, post, put, delete, patch)
+        source.registerCorsConfiguration("/api/**", config);
+        return new CorsFilter(source);
+    }
+}
diff --git a/spring-security-jwt/src/main/java/com/security/jwt/config/SecurityConfig.java b/spring-security-jwt/src/main/java/com/security/jwt/config/SecurityConfig.java
new file mode 100644
index 00000000..68970b53
--- /dev/null
+++ b/spring-security-jwt/src/main/java/com/security/jwt/config/SecurityConfig.java
@@ -0,0 +1,36 @@
+package com.security.jwt.config;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.web.filter.CorsFilter;
+
+@Configuration
+@EnableWebSecurity
+@RequiredArgsConstructor
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    private final CorsFilter corsFilter;
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.csrf().disable();
+        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 세션 사용 X
+                .and()
+                .addFilter(corsFilter) // @CrossOrigin(인증X), 시큐리티 필터에 등록(인증O) 모든 요청이 corsFilter를 거친다.
+                .formLogin().disable()
+                .httpBasic().disable()
+                .authorizeRequests()
+                .antMatchers("/api/v1/user/**")
+                .access("hasRole('ROLE_USER') or hasRole('ROLE_MANAGER') or hasRole('ROLE_ADMIN')")
+                .antMatchers("/api/v1/manager/**")
+                .access("hasRole('ROLE_MANAGER') or hasRole('ROLE_ADMIN')")
+                .antMatchers("/api/v1/admin/**")
+                .access("hasRole('ROLE_ADMIN')")
+                .anyRequest().permitAll();
+
+    }
+}
diff --git a/spring-security-jwt/src/main/java/com/security/jwt/controller/RestApiController.java b/spring-security-jwt/src/main/java/com/security/jwt/controller/RestApiController.java
new file mode 100644
index 00000000..98c310ed
--- /dev/null
+++ b/spring-security-jwt/src/main/java/com/security/jwt/controller/RestApiController.java
@@ -0,0 +1,13 @@
+package com.security.jwt.controller;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class RestApiController {
+
+    @GetMapping("home")
+    public String home() {
+        return "<h1>home</h1>";
+    }
+}
diff --git a/spring-security-jwt/src/main/java/com/security/jwt/model/User.java b/spring-security-jwt/src/main/java/com/security/jwt/model/User.java
new file mode 100644
index 00000000..880ea690
--- /dev/null
+++ b/spring-security-jwt/src/main/java/com/security/jwt/model/User.java
@@ -0,0 +1,35 @@
+package com.security.jwt.model;
+
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+@Entity
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+public class User {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private long id;
+    private String username;
+    private String password;
+    private String roles; // USER, ADMIN
+
+    public List<String> getRoleList() {
+        if(this.roles.length() > 0) {
+            return Arrays.asList(this.roles.split(","));
+        }
+        return new ArrayList<>();
+    }
+}
diff --git a/spring-security-jwt/src/main/resources/application.yml b/spring-security-jwt/src/main/resources/application.yml
index 0519ecba..3aa441f1 100644
--- a/spring-security-jwt/src/main/resources/application.yml
+++ b/spring-security-jwt/src/main/resources/application.yml
@@ -1 +1,22 @@
- 
\ No newline at end of file
+server:
+  port: 8080
+  servlet:
+    context-path: /
+    encoding:
+      charset: UTF-8
+      enabled: true
+      force: true
+
+spring:
+  datasource:
+    driver-class-name: com.mysql.cj.jdbc.Driver
+    url: jdbc:mysql://localhost:3306/security?serverTimezone=Asia/Seoul
+    username: cos
+    password: cos1234
+
+  jpa:
+    hibernate:
+      ddl-auto: create #create update none
+      naming:
+        physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+    show-sql: true
\ No newline at end of file