google oauth login with oauth2-client

2020-12-09 22:48:08 +09:00
parent c786d8bb08
commit e77ae79d04
6 changed files with 57 additions and 2 deletions
--- a/spring-security/pom.xml
+++ b/spring-security/pom.xml
@@ -35,6 +35,10 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-client</artifactId>
+        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
--- a/spring-security/src/main/java/com/spring/security1/config/SecurityConfig.java
+++ b/spring-security/src/main/java/com/spring/security1/config/SecurityConfig.java
@@ -1,5 +1,7 @@
 package com.spring.security1.config;

+import com.spring.security1.config.oauth.PrincipalOauth2UserService;
+import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@@ -9,10 +11,13 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
+@RequiredArgsConstructor
@EnableWebSecurity // 스프링 시큐리티 필터(SecurityConfig)가 스프링 필터 체인에 등록
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) // secured 어노테이션 활성화 , preAuthorized 활성화
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

+    private final PrincipalOauth2UserService principalOauth2UserService;
+
    @Bean
    public BCryptPasswordEncoder encodePwd() {
        return new BCryptPasswordEncoder();
@@ -31,7 +36,17 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                .formLogin()
                .loginPage("/loginForm")
                .loginProcessingUrl("/login") //  /login 주소가 호출이 되면 시큐리티가 대신 로그인을 진행해 준다.
-                .defaultSuccessUrl("/");
+                .defaultSuccessUrl("/")
+                .and()
+                .oauth2Login()
+                .loginPage("/loginForm")
+                // 구글 로그인이 완료 된 뒤 후처리 필요함.
+                // 1.코드받기(인증), 2. 엑세스토큰(권한), 3 사용자 프로필 정보를 가져온다.
+                // 4-1. 그 정보를 가지고 회원가입을 자동으로 진행가능
+                // 4-2. 추가적인 정보가 필요하면 추가적인 로그인 폼 필요
+                // oauth-client 라이브러리는 엑세스토큰 + 사용자 프로필 정보를 받는다.
+                .userInfoEndpoint()
+                .userService(principalOauth2UserService);
    }

 }
--- a/spring-security/src/main/java/com/spring/security1/config/oauth/PrincipalOauth2UserService.java
+++ b/spring-security/src/main/java/com/spring/security1/config/oauth/PrincipalOauth2UserService.java
@@ -0,0 +1,21 @@
+package com.spring.security1.config.oauth;
+
+import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
+import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.stereotype.Service;
+
+@Service
+public class PrincipalOauth2UserService extends DefaultOAuth2UserService {
+
+    // 구글로부터 받은 userRequest 데이터에 대한 후처리 되는 함수
+    @Override
+    public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
+        System.out.println("userRequest: "+ userRequest.getClientRegistration());
+        System.out.println("userRequest: "+ userRequest.getAccessToken().getTokenValue());
+        System.out.println("userRequest: "+ super.loadUser(userRequest).getAttributes());
+
+        return super.loadUser(userRequest);
+    }
+}
--- a/spring-security/src/main/java/com/spring/security1/model/User.java
+++ b/spring-security/src/main/java/com/spring/security1/model/User.java
@@ -25,6 +25,9 @@ public class User {
    private String email;
    private String role; // ROLE_USER, ROLE_ADMIN

+    private String provider;
+    private String providerId;
+
    @CreationTimestamp
    private Timestamp createDate;
 }
--- a/spring-security/src/main/resources/application.yml
+++ b/spring-security/src/main/resources/application.yml
@@ -20,3 +20,14 @@ spring:
      naming:
        physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
    show-sql: true
+
+  security:
+    oauth2:
+      client:
+        registration:
+          google:
+            client-id: 979804919076-je9jdjt8p4nufvv0vglp9c31prvrm002.apps.googleusercontent.com
+            client-secret: lN0pS5NRVS8BVYdvTbWW5VZI
+            scope:
+            - email
+            - profile
--- a/spring-security/src/main/resources/templates/loginForm.html
+++ b/spring-security/src/main/resources/templates/loginForm.html
@@ -12,6 +12,7 @@
        <input type="password" name="password" placeholder="Password"/> <br/>
        <button>로그인</button>
    </form>
+    <a href="/oauth2/authorization/google">구글 로그인</a>
    <a href="/joinForm">회원가입을 아직 하지 않으셨나요?</a>
 </body>
 </html>