OAuth2 패스워드 그랜트 타입을 사용하여 사용자 인증

2020-09-13 18:29:57 +09:00
parent 4a0c04c99f
commit 38dccd1467
7 changed files with 53 additions and 4 deletions
--- a/README.md
+++ b/README.md
@@ -164,7 +164,17 @@ http://localhost:5555/api/mb/member/name/hyori
 ---
 
 ***- OAuth2, JWT (Security)***<br />
+자세한 설명은 [여기](https://assu10.github.io/dev/2020/09/12/spring-cloud-oauth2.0/) 를 참고

+```shell script
+HOW TO RUN
+
+-- 액세스 토큰 획득
+[POST] http://localhost:8901/auth/oauth/token
+
+-- 액세스 토큰으로 사용자 정보 조회
+[GET] http://localhost:8901/auth/user 
+```
 ---
 
 ***- Sleath, Papertrail, Zipkin (Logging Tracker)***<br />
--- a/auth-service/src/main/java/com/assu/cloud/authservice/AuthServiceApplication.java
+++ b/auth-service/src/main/java/com/assu/cloud/authservice/AuthServiceApplication.java
@@ -2,6 +2,7 @@ package com.assu.cloud.authservice;

 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.netflix.eureka.EnableEurekaClient;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
@@ -14,6 +15,7 @@ import java.util.Map;

@SpringBootApplication
@RestController
+@EnableEurekaClient
@EnableResourceServer
@EnableAuthorizationServer      // 이 서비스가 OAuth2 인증 서버가 될 것이라고 스프링 클라우드에 알림
 public class AuthServiceApplication {
@@ -22,7 +24,8 @@ public class AuthServiceApplication {
     *      OAuth2 로 보호되는 서비스에 접근하려고 할 때 사용
     *      보호 서비스로 호출되어 OAuth2 액세스 토큰의 유효성을 검증하고 보호 서비스에 접근하는 사용자 역할 조회
     */
-    @RequestMapping(value = { "/user" }, produces = "application/json")     // /auth/user 로 매핑
+    //@RequestMapping(value = { "/user" }, produces = "application/json")     // /auth/user 로 매핑
+    @RequestMapping(value = "/user")     // /auth/user 로 매핑
    public Map<String, Object> user(OAuth2Authentication user) {
        Map<String, Object> userInfo = new HashMap<>();
        userInfo.put("user", user.getUserAuthentication().getPrincipal());
--- a/auth-service/src/main/java/com/assu/cloud/authservice/security/OAuth2Config.java
+++ b/auth-service/src/main/java/com/assu/cloud/authservice/security/OAuth2Config.java
@@ -1,5 +1,6 @@
 package com.assu.cloud.authservice.security;

+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -18,7 +19,7 @@ public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
    private final AuthenticationManager authenticationManager;
    private final UserDetailsService userDetailsService;

-    public OAuth2Config(AuthenticationManager authenticationManager, UserDetailsService userDetailsService) {
+    public OAuth2Config(AuthenticationManager authenticationManager, @Qualifier("userDetailsServiceBean") UserDetailsService userDetailsService) {
        this.authenticationManager = authenticationManager;
        this.userDetailsService = userDetailsService;
    }
--- a/auth-service/src/main/java/com/assu/cloud/authservice/security/WebSecurityConfigurer.java
+++ b/auth-service/src/main/java/com/assu/cloud/authservice/security/WebSecurityConfigurer.java
@@ -3,13 +3,37 @@ package com.assu.cloud.authservice.security;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
+import org.springframework.security.crypto.password.PasswordEncoder;

+/**
+ * 사용자 ID, 패스워드, 역할 정의
+ */
@Configuration
 public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
-    @Bean
+
    @Override
+    @Bean       // 스프링 시큐리티가 인증 처리하는데 사용
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
+
+    @Override
+    @Bean       // 스프링 시큐리티에서 반환될 사용자 정보 저장
+    public UserDetailsService userDetailsServiceBean() throws Exception {
+        return super.userDetailsServiceBean();
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
+        auth.inMemoryAuthentication()
+                .passwordEncoder(passwordEncoder)
+                .withUser("assuUser").password(passwordEncoder.encode("user1234")).roles("USER")
+                .and()
+                .withUser("assuAdmin").password(passwordEncoder.encode("admin1234")).roles("USER", "ADMIN");
+    }
 }
--- a/auth-service/src/main/resources/application.properties
+++ b/auth-service/src/main/resources/application.properties
@@ -1 +0,0 @@
-
--- a/auth-service/src/main/resources/application.yaml
+++ b/auth-service/src/main/resources/application.yaml
@@ -0,0 +1,4 @@
+server:
+  port: 8901
+  servlet:
+    contextPath:   /auth
--- a/auth-service/src/main/resources/bootstrap.yaml
+++ b/auth-service/src/main/resources/bootstrap.yaml
@@ -0,0 +1,8 @@
+spring:
+  application:
+    name: auth-service    # 서비스 ID (컨피그 클라이언트가 어떤 서비스를 조회하는지 매핑)
+  profiles:
+    active: default         # 서비스가 실행할 기본 프로파일
+  cloud:
+    config:
+      uri: http://localhost:8889  # 컨피그 서버 위치