From 38dccd1467de4f8dc034d189f12fd15869bb9d94 Mon Sep 17 00:00:00 2001 From: juhyun10 Date: Sun, 13 Sep 2020 18:29:57 +0900 Subject: [PATCH] =?UTF-8?q?OAuth2=20=ED=8C=A8=EC=8A=A4=EC=9B=8C=EB=93=9C?= =?UTF-8?q?=20=EA=B7=B8=EB=9E=9C=ED=8A=B8=20=ED=83=80=EC=9E=85=EC=9D=84=20?= =?UTF-8?q?=EC=82=AC=EC=9A=A9=ED=95=98=EC=97=AC=20=EC=82=AC=EC=9A=A9?= =?UTF-8?q?=EC=9E=90=20=EC=9D=B8=EC=A6=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 10 +++++++ .../authservice/AuthServiceApplication.java | 5 +++- .../authservice/security/OAuth2Config.java | 3 ++- .../security/WebSecurityConfigurer.java | 26 ++++++++++++++++++- .../src/main/resources/application.properties | 1 - .../src/main/resources/application.yaml | 4 +++ .../src/main/resources/bootstrap.yaml | 8 ++++++ 7 files changed, 53 insertions(+), 4 deletions(-) delete mode 100644 auth-service/src/main/resources/application.properties create mode 100644 auth-service/src/main/resources/application.yaml create mode 100644 auth-service/src/main/resources/bootstrap.yaml diff --git a/README.md b/README.md index 6c863bf..0189f5b 100644 --- a/README.md +++ b/README.md @@ -164,7 +164,17 @@ http://localhost:5555/api/mb/member/name/hyori --- ***- OAuth2, JWT (Security)***
+자세한 설명은 [여기](https://assu10.github.io/dev/2020/09/12/spring-cloud-oauth2.0/) 를 참고 +```shell script +HOW TO RUN + +-- 액세스 토큰 획득 +[POST] http://localhost:8901/auth/oauth/token + +-- 액세스 토큰으로 사용자 정보 조회 +[GET] http://localhost:8901/auth/user +``` --- ***- Sleath, Papertrail, Zipkin (Logging Tracker)***
diff --git a/auth-service/src/main/java/com/assu/cloud/authservice/AuthServiceApplication.java b/auth-service/src/main/java/com/assu/cloud/authservice/AuthServiceApplication.java index d857384..0c98a99 100644 --- a/auth-service/src/main/java/com/assu/cloud/authservice/AuthServiceApplication.java +++ b/auth-service/src/main/java/com/assu/cloud/authservice/AuthServiceApplication.java @@ -2,6 +2,7 @@ package com.assu.cloud.authservice; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.cloud.netflix.eureka.EnableEurekaClient; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; @@ -14,6 +15,7 @@ import java.util.Map; @SpringBootApplication @RestController +@EnableEurekaClient @EnableResourceServer @EnableAuthorizationServer // 이 서비스가 OAuth2 인증 서버가 될 것이라고 스프링 클라우드에 알림 public class AuthServiceApplication { @@ -22,7 +24,8 @@ public class AuthServiceApplication { * OAuth2 로 보호되는 서비스에 접근하려고 할 때 사용 * 보호 서비스로 호출되어 OAuth2 액세스 토큰의 유효성을 검증하고 보호 서비스에 접근하는 사용자 역할 조회 */ - @RequestMapping(value = { "/user" }, produces = "application/json") // /auth/user 로 매핑 + //@RequestMapping(value = { "/user" }, produces = "application/json") // /auth/user 로 매핑 + @RequestMapping(value = "/user") // /auth/user 로 매핑 public Map user(OAuth2Authentication user) { Map userInfo = new HashMap<>(); userInfo.put("user", user.getUserAuthentication().getPrincipal()); diff --git a/auth-service/src/main/java/com/assu/cloud/authservice/security/OAuth2Config.java b/auth-service/src/main/java/com/assu/cloud/authservice/security/OAuth2Config.java index 893630b..99ac358 100644 --- a/auth-service/src/main/java/com/assu/cloud/authservice/security/OAuth2Config.java +++ b/auth-service/src/main/java/com/assu/cloud/authservice/security/OAuth2Config.java @@ -1,5 +1,6 @@ package com.assu.cloud.authservice.security; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.core.userdetails.UserDetailsService; @@ -18,7 +19,7 @@ public class OAuth2Config extends AuthorizationServerConfigurerAdapter { private final AuthenticationManager authenticationManager; private final UserDetailsService userDetailsService; - public OAuth2Config(AuthenticationManager authenticationManager, UserDetailsService userDetailsService) { + public OAuth2Config(AuthenticationManager authenticationManager, @Qualifier("userDetailsServiceBean") UserDetailsService userDetailsService) { this.authenticationManager = authenticationManager; this.userDetailsService = userDetailsService; } diff --git a/auth-service/src/main/java/com/assu/cloud/authservice/security/WebSecurityConfigurer.java b/auth-service/src/main/java/com/assu/cloud/authservice/security/WebSecurityConfigurer.java index afb1861..e00f458 100644 --- a/auth-service/src/main/java/com/assu/cloud/authservice/security/WebSecurityConfigurer.java +++ b/auth-service/src/main/java/com/assu/cloud/authservice/security/WebSecurityConfigurer.java @@ -3,13 +3,37 @@ package com.assu.cloud.authservice.security; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.crypto.factory.PasswordEncoderFactories; +import org.springframework.security.crypto.password.PasswordEncoder; +/** + * 사용자 ID, 패스워드, 역할 정의 + */ @Configuration public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter { - @Bean + @Override + @Bean // 스프링 시큐리티가 인증 처리하는데 사용 public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } + + @Override + @Bean // 스프링 시큐리티에서 반환될 사용자 정보 저장 + public UserDetailsService userDetailsServiceBean() throws Exception { + return super.userDetailsServiceBean(); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); + auth.inMemoryAuthentication() + .passwordEncoder(passwordEncoder) + .withUser("assuUser").password(passwordEncoder.encode("user1234")).roles("USER") + .and() + .withUser("assuAdmin").password(passwordEncoder.encode("admin1234")).roles("USER", "ADMIN"); + } } diff --git a/auth-service/src/main/resources/application.properties b/auth-service/src/main/resources/application.properties deleted file mode 100644 index 8b13789..0000000 --- a/auth-service/src/main/resources/application.properties +++ /dev/null @@ -1 +0,0 @@ - diff --git a/auth-service/src/main/resources/application.yaml b/auth-service/src/main/resources/application.yaml new file mode 100644 index 0000000..dfccd9d --- /dev/null +++ b/auth-service/src/main/resources/application.yaml @@ -0,0 +1,4 @@ +server: + port: 8901 + servlet: + contextPath: /auth \ No newline at end of file diff --git a/auth-service/src/main/resources/bootstrap.yaml b/auth-service/src/main/resources/bootstrap.yaml new file mode 100644 index 0000000..795876d --- /dev/null +++ b/auth-service/src/main/resources/bootstrap.yaml @@ -0,0 +1,8 @@ +spring: + application: + name: auth-service # 서비스 ID (컨피그 클라이언트가 어떤 서비스를 조회하는지 매핑) + profiles: + active: default # 서비스가 실행할 기본 프로파일 + cloud: + config: + uri: http://localhost:8889 # 컨피그 서버 위치