diff --git a/spring-security/pom.xml b/spring-security/pom.xml
index c2ee600e..fd684c28 100644
--- a/spring-security/pom.xml
+++ b/spring-security/pom.xml
@@ -35,6 +35,10 @@
org.springframework.boot
spring-boot-starter-web
+
+ org.springframework.boot
+ spring-boot-starter-oauth2-client
+
org.springframework.boot
diff --git a/spring-security/src/main/java/com/spring/security1/config/SecurityConfig.java b/spring-security/src/main/java/com/spring/security1/config/SecurityConfig.java
index 00facf70..c6eba483 100644
--- a/spring-security/src/main/java/com/spring/security1/config/SecurityConfig.java
+++ b/spring-security/src/main/java/com/spring/security1/config/SecurityConfig.java
@@ -1,5 +1,7 @@
package com.spring.security1.config;
+import com.spring.security1.config.oauth.PrincipalOauth2UserService;
+import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@@ -9,10 +11,13 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
+@RequiredArgsConstructor
@EnableWebSecurity // 스프링 시큐리티 필터(SecurityConfig)가 스프링 필터 체인에 등록
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) // secured 어노테이션 활성화 , preAuthorized 활성화
public class SecurityConfig extends WebSecurityConfigurerAdapter {
+ private final PrincipalOauth2UserService principalOauth2UserService;
+
@Bean
public BCryptPasswordEncoder encodePwd() {
return new BCryptPasswordEncoder();
@@ -31,7 +36,17 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
.formLogin()
.loginPage("/loginForm")
.loginProcessingUrl("/login") // /login 주소가 호출이 되면 시큐리티가 대신 로그인을 진행해 준다.
- .defaultSuccessUrl("/");
+ .defaultSuccessUrl("/")
+ .and()
+ .oauth2Login()
+ .loginPage("/loginForm")
+ // 구글 로그인이 완료 된 뒤 후처리 필요함.
+ // 1.코드받기(인증), 2. 엑세스토큰(권한), 3 사용자 프로필 정보를 가져온다.
+ // 4-1. 그 정보를 가지고 회원가입을 자동으로 진행가능
+ // 4-2. 추가적인 정보가 필요하면 추가적인 로그인 폼 필요
+ // oauth-client 라이브러리는 엑세스토큰 + 사용자 프로필 정보를 받는다.
+ .userInfoEndpoint()
+ .userService(principalOauth2UserService);
}
}
diff --git a/spring-security/src/main/java/com/spring/security1/config/oauth/PrincipalOauth2UserService.java b/spring-security/src/main/java/com/spring/security1/config/oauth/PrincipalOauth2UserService.java
new file mode 100644
index 00000000..5946bc20
--- /dev/null
+++ b/spring-security/src/main/java/com/spring/security1/config/oauth/PrincipalOauth2UserService.java
@@ -0,0 +1,21 @@
+package com.spring.security1.config.oauth;
+
+import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
+import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.stereotype.Service;
+
+@Service
+public class PrincipalOauth2UserService extends DefaultOAuth2UserService {
+
+ // 구글로부터 받은 userRequest 데이터에 대한 후처리 되는 함수
+ @Override
+ public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
+ System.out.println("userRequest: "+ userRequest.getClientRegistration());
+ System.out.println("userRequest: "+ userRequest.getAccessToken().getTokenValue());
+ System.out.println("userRequest: "+ super.loadUser(userRequest).getAttributes());
+
+ return super.loadUser(userRequest);
+ }
+}
diff --git a/spring-security/src/main/java/com/spring/security1/model/User.java b/spring-security/src/main/java/com/spring/security1/model/User.java
index 97faffee..0931c6c3 100644
--- a/spring-security/src/main/java/com/spring/security1/model/User.java
+++ b/spring-security/src/main/java/com/spring/security1/model/User.java
@@ -25,6 +25,9 @@ public class User {
private String email;
private String role; // ROLE_USER, ROLE_ADMIN
+ private String provider;
+ private String providerId;
+
@CreationTimestamp
private Timestamp createDate;
}
diff --git a/spring-security/src/main/resources/application.yml b/spring-security/src/main/resources/application.yml
index 574d6baa..24f2f3a9 100644
--- a/spring-security/src/main/resources/application.yml
+++ b/spring-security/src/main/resources/application.yml
@@ -19,4 +19,15 @@ spring:
ddl-auto: update #create update none
naming:
physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
- show-sql: true
\ No newline at end of file
+ show-sql: true
+
+ security:
+ oauth2:
+ client:
+ registration:
+ google:
+ client-id: 979804919076-je9jdjt8p4nufvv0vglp9c31prvrm002.apps.googleusercontent.com
+ client-secret: lN0pS5NRVS8BVYdvTbWW5VZI
+ scope:
+ - email
+ - profile
diff --git a/spring-security/src/main/resources/templates/loginForm.html b/spring-security/src/main/resources/templates/loginForm.html
index a013732f..2bd90d27 100644
--- a/spring-security/src/main/resources/templates/loginForm.html
+++ b/spring-security/src/main/resources/templates/loginForm.html
@@ -12,6 +12,7 @@
+ 구글 로그인
회원가입을 아직 하지 않으셨나요?