From 319ad587bb671595e3e17005a562a3a82af60977 Mon Sep 17 00:00:00 2001 From: liquidjoo Date: Fri, 24 May 2019 18:29:00 +0900 Subject: [PATCH] social + base login --- authorization-server/build.gradle | 3 +- .../config/WebMvcConfig.java | 14 ++-- .../config/WebSecurityConfig.java | 64 ++++++++++--------- .../controller/sso/SsoController.java | 4 +- .../domain/social/UserArgumentResolver.java | 4 +- .../authorizationserver/domain/user/User.java | 6 +- .../domain/user/UserDetail.java | 3 +- .../user/CustomUserDetailsServiceImpl.java | 13 ++-- .../src/main/resources/application.properties | 2 +- .../src/main/resources/templates/login.ftl | 4 +- .../gatewayzuul/config/SecurityConfig.java | 19 ++---- .../src/main/resources/application.properties | 16 +++-- 12 files changed, 79 insertions(+), 73 deletions(-) diff --git a/authorization-server/build.gradle b/authorization-server/build.gradle index ff55428..a8e83d4 100644 --- a/authorization-server/build.gradle +++ b/authorization-server/build.gradle @@ -25,12 +25,13 @@ ext { dependencies { compile('org.springframework.security:spring-security-oauth2-client') - compile('org.springframework.security:spring-security-oauth2-jose') +// compile('org.springframework.security:spring-security-oauth2-jose') implementation 'org.springframework.boot:spring-boot-starter-actuator' implementation 'org.springframework.boot:spring-boot-starter-freemarker' implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'org.springframework.cloud:spring-cloud-starter-oauth2' +// implementation 'org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:2.1.5.RELEASE' implementation 'org.springframework.cloud:spring-cloud-starter-security' implementation 'org.springframework.boot:spring-boot-starter-data-jpa' compileOnly 'org.projectlombok:lombok' diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebMvcConfig.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebMvcConfig.java index a658dd6..ca973e3 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebMvcConfig.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebMvcConfig.java @@ -16,13 +16,13 @@ import java.util.List; @EnableWebSecurity public class WebMvcConfig implements WebMvcConfigurer { - @Autowired - private UserArgumentResolver userArgumentResolver; - - @Override - public void addArgumentResolvers(List resolvers) { - resolvers.add(userArgumentResolver); - } +// @Autowired +// private UserArgumentResolver userArgumentResolver; +// +// @Override +// public void addArgumentResolvers(List resolvers) { +// resolvers.add(userArgumentResolver); +// } @Bean FilterRegistrationBean forwardedHeaderFilter() { diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java index 7f2b20b..b9695de 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java @@ -11,12 +11,13 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.password.NoOpPasswordEncoder; +//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client; import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; import org.springframework.security.web.csrf.CsrfFilter; import org.springframework.web.filter.CharacterEncodingFilter; @Configuration -@EnableWebSecurity +//@EnableOAuth2Client //@Order(SecurityProperties.BASIC_AUTH_ORDER - 6) @Order(-1) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @@ -45,35 +46,40 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { CharacterEncodingFilter filter = new CharacterEncodingFilter(); - http - .authorizeRequests() - .antMatchers("/", "/login/**", "/css/**", "/images/**", "/js/**", - "/console/**", "/oauth2/**").permitAll() - .anyRequest().authenticated() - .and() - .oauth2Login() - .defaultSuccessUrl("/loginSuccess") - .failureUrl("/loginFailure") - .and() - .headers().frameOptions().disable() - .and() - .exceptionHandling() - .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")) - .and() - .formLogin().loginPage("/login") - .and() - .logout() - .logoutUrl("/logout") - .deleteCookies("JSESSSIONID") - .invalidateHttpSession(true) - .and() - .addFilterBefore(filter, CsrfFilter.class); +// http +// .formLogin().loginPage("/login").permitAll() +// .and() +// .authorizeRequests() +// .antMatchers("/", "/login/**", "/css/**", "/images/**", "/js/**", "/oauth/authorize", "/oauth/confirm_access", +// "/console/**", "/oauth2/**").permitAll() +// .anyRequest().authenticated(); +// .and() +// .oauth2Login(); +// .loginPage("/login").permitAll() +//// .defaultSuccessUrl("http://localhost:8765/login") +// .failureUrl("/loginFailure") +// .and() +// .headers().frameOptions().disable() +// .and() +// .exceptionHandling() +// .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")) +// +// .and() +// .logout() +// .logoutUrl("/logout") +// .deleteCookies("JSESSSIONID") +// .invalidateHttpSession(true) +// .and() +// .addFilterBefore(filter, CsrfFilter.class); // .csrf().disable(); -// http.formLogin().loginPage("/login").permitAll() -// .and() -// .requestMatchers().antMatchers("/login", "/logout", "/oauth/authorize", "/oauth/confirm_access") -// .and() -// .authorizeRequests().anyRequest().authenticated(); + http.formLogin().loginPage("/login").permitAll() + .and() + .requestMatchers().antMatchers("/login/**", "/logout", "/oauth/authorize", "/oauth/confirm_access", "/oauth2/**") + .and() + .authorizeRequests().anyRequest().authenticated() + .and() + .oauth2Login() + .loginPage("/login").permitAll(); } diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/controller/sso/SsoController.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/controller/sso/SsoController.java index b7c781d..c326bb5 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/controller/sso/SsoController.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/controller/sso/SsoController.java @@ -82,8 +82,10 @@ public class SsoController { } @GetMapping(value = "/loginSuccess") + @ResponseBody public String loginComplete(@SocialUser User user) { - return "redirect:/login/success"; + System.out.println(user); + return "kkkkkkkkk"; } @GetMapping(value = "/login/success") diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/social/UserArgumentResolver.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/social/UserArgumentResolver.java index 05b95c7..5c37839 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/social/UserArgumentResolver.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/social/UserArgumentResolver.java @@ -98,8 +98,8 @@ public class UserArgumentResolver implements HandlerMethodArgumentResolver { */ private User getModernUser(SocialType socialType, Map map) { return User.builder() - .username(String.valueOf(map.get("name"))) - .email(String.valueOf(map.get("mail"))) + .name(String.valueOf(map.get("name"))) + .email(String.valueOf(map.get("email"))) .principal(String.valueOf(map.get("id"))) .socialType(socialType) .createdAt(LocalDateTime.now()) diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/User.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/User.java index 040deab..f50214d 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/User.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/User.java @@ -20,6 +20,9 @@ public class User { @Column private String username; + @Column + private String name; + @Column private String password; @@ -50,9 +53,10 @@ public class User { // private Date regDate = new Date(); @Builder - public User(String username, String password, String email, String principal, + public User(String username, String name, String password, String email, String principal, SocialType socialType, LocalDateTime createdAt, LocalDateTime updatedAt) { this.username = username; + this.name = name; this.password = password; this.email = email; this.principal = principal; diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/UserDetail.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/UserDetail.java index 9138c70..0c082a5 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/UserDetail.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/UserDetail.java @@ -1,5 +1,6 @@ package io.bluemoon.authorizationserver.domain.user; +import io.bluemoon.authorizationserver.domain.social.SocialType; import lombok.Data; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; @@ -16,14 +17,12 @@ public class UserDetail implements UserDetails { private Long id; private String username; private String password; - private String userType; private List roles; public UserDetail(User user) { this.id = user.getId(); this.username = user.getUsername(); this.password = user.getPassword(); -// this.userType = user.getSocialType(); } @Override diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/user/CustomUserDetailsServiceImpl.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/user/CustomUserDetailsServiceImpl.java index 560a63b..5b81d60 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/user/CustomUserDetailsServiceImpl.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/user/CustomUserDetailsServiceImpl.java @@ -25,12 +25,14 @@ public class CustomUserDetailsServiceImpl implements UserDetailsService { @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user = userRepository.findByUsername(username); + System.out.println(user); if (user == null) { throw new UsernameNotFoundException("UsernameNotFound[" + username + "]"); } UserDetail userDetail = createUser(user); + System.out.println(userDetail); return userDetail; } @@ -41,12 +43,13 @@ public class CustomUserDetailsServiceImpl implements UserDetailsService { */ private UserDetail createUser(User user) { UserDetail userDetail = new UserDetail(user); + userDetail.setRoles(Arrays.asList("ROLE_USER")); - if (userDetail.getUserType().equals("1")) { - userDetail.setRoles(Arrays.asList("ROLE_ADMIN")); - } else { - userDetail.setRoles(Arrays.asList("ROLE_USER")); - } +// if (userDetail.getSocial_type().getVaule().equals("FACEBOOK")) { +// userDetail.setRoles(Arrays.asList("ROLE_FACEBOOK")); +// } else { +// userDetail.setRoles(Arrays.asList("ROLE_USER")); +// } return userDetail; } } diff --git a/authorization-server/src/main/resources/application.properties b/authorization-server/src/main/resources/application.properties index 4a4e115..552bfb0 100644 --- a/authorization-server/src/main/resources/application.properties +++ b/authorization-server/src/main/resources/application.properties @@ -1,5 +1,5 @@ server.port=8081 -#server.servlet.context-path=/mk-auth +server.servlet.context-path=/mk-auth server.use-forward-headers=false security.oauth2.authorization.check-token-access=isAuthenticated() diff --git a/authorization-server/src/main/resources/templates/login.ftl b/authorization-server/src/main/resources/templates/login.ftl index 75bddfb..35ae2f0 100644 --- a/authorization-server/src/main/resources/templates/login.ftl +++ b/authorization-server/src/main/resources/templates/login.ftl @@ -18,7 +18,7 @@ - + \ No newline at end of file diff --git a/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/SecurityConfig.java b/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/SecurityConfig.java index c38e133..c86e874 100644 --- a/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/SecurityConfig.java +++ b/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/SecurityConfig.java @@ -1,23 +1,13 @@ package io.bluemoon.gatewayzuul.config; -import io.bluemoon.gatewayzuul.filter.DynamicOauth2ClientContextFilter; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso; -import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Primary; import org.springframework.core.annotation.Order; -import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; + import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; -import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; -import org.springframework.security.oauth2.provider.ClientDetailsService; -import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager; -import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter; -import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices; + import org.springframework.security.web.csrf.*; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; @@ -29,11 +19,10 @@ import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + import java.io.IOException; import java.util.regex.Pattern; - - @Configuration @EnableOAuth2Sso @EnableResourceServer @@ -49,7 +38,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests() - .antMatchers("/mk-auth/**", "/login").permitAll().anyRequest().authenticated() + .antMatchers("/**", "/mk-auth/**", "/login").permitAll().anyRequest().authenticated() .and() // .csrf().requireCsrfProtectionMatcher(csrfRequestMatcher()).csrfTokenRepository(csrfTokenRepository()) // .and() diff --git a/gateway-zuul/src/main/resources/application.properties b/gateway-zuul/src/main/resources/application.properties index d847e1b..a654138 100644 --- a/gateway-zuul/src/main/resources/application.properties +++ b/gateway-zuul/src/main/resources/application.properties @@ -1,14 +1,14 @@ server.port=8765 -zuul.sensitive-headers=Cookie,Set-Cookie +zuul.sensitive-headers= zuul.routes.mk2-service.path=/service/** zuul.routes.mk2-service.url=http://127.0.0.1:8082 -zuul.routes.mk2-service.sensitive-headers=Cookie,Set-Cookie +zuul.routes.mk2-service.sensitive-headers= zuul.routes.mk2-oauth.path=/mk-auth/** -zuul.routes.mk2-oauth.url=http://127.0.0.1:8081 -zuul.routes.mk2-oauth.sensitive-headers=Cookie,Set-Cookie +zuul.routes.mk2-oauth.url=https://6667b9ff.ngrok.io +zuul.routes.mk2-oauth.sensitive-headers= #zuul.routes.mk2-oauth.path=/mk2auth/** zuul.routes.mk2-oauth.strip-prefix=false @@ -18,13 +18,13 @@ security.oauth2.sso.login-path=/login -security.oauth2.client.access-token-uri=http://127.0.0.1:8081/mk-auth/oauth/token +security.oauth2.client.access-token-uri=https://6667b9ff.ngrok.io/mk-auth/oauth/token # /oauth/authorize 요청은 클라이언트가 리소스 서버의 api를 사용하기 위해 사용자(리소스 소유자)에게 # 권한 위임 동의를 받기 위한 페이지를 출력하는 기능을 수행 -security.oauth2.client.user-authorization-uri=http://127.0.0.1:8081/mk-auth/oauth/authorize +security.oauth2.client.user-authorization-uri=https://6667b9ff.ngrok.io/mk-auth/oauth/authorize -security.oauth2.resource.user-info-uri=http://127.0.0.1:8081/mk-auth/user +security.oauth2.resource.user-info-uri=https://6667b9ff.ngrok.io/mk-auth/user #security.oauth2.resource.prefer-token-info=false security.oauth2.client.client-id=system1 @@ -40,3 +40,5 @@ security.oauth2.client.client-secret=1234 #management.endpoints.web.exposure.include=routes, health, filter #management.endpoint.routes.enabled=true #management.endpoint.filters.enabled=true +logging.level.web=debug +spring.http.log-request-details=true \ No newline at end of file