social + base login

2019-05-24 18:29:00 +09:00
parent 0fd06bc576
commit 319ad587bb
12 changed files with 79 additions and 73 deletions
--- a/authorization-server/build.gradle
+++ b/authorization-server/build.gradle
@@ -25,12 +25,13 @@ ext {

 dependencies {
    compile('org.springframework.security:spring-security-oauth2-client')
-    compile('org.springframework.security:spring-security-oauth2-jose')
+//    compile('org.springframework.security:spring-security-oauth2-jose')
    
    implementation 'org.springframework.boot:spring-boot-starter-actuator'
    implementation 'org.springframework.boot:spring-boot-starter-freemarker'
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.springframework.cloud:spring-cloud-starter-oauth2'
+//    implementation 'org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure:2.1.5.RELEASE'
    implementation 'org.springframework.cloud:spring-cloud-starter-security'
    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
    compileOnly 'org.projectlombok:lombok'
--- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebMvcConfig.java
+++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebMvcConfig.java
@@ -16,13 +16,13 @@ import java.util.List;
@EnableWebSecurity
 public class WebMvcConfig implements WebMvcConfigurer {

-    @Autowired
-    private UserArgumentResolver userArgumentResolver;
-
-    @Override
-    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
-        resolvers.add(userArgumentResolver);
-    }
+//    @Autowired
+//    private UserArgumentResolver userArgumentResolver;
+//
+//    @Override
+//    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
+//        resolvers.add(userArgumentResolver);
+//    }

    @Bean
    FilterRegistrationBean forwardedHeaderFilter() {
--- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java
+++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java
@@ -11,12 +11,13 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
+//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
 import org.springframework.security.web.csrf.CsrfFilter;
 import org.springframework.web.filter.CharacterEncodingFilter;

@Configuration
-@EnableWebSecurity
+//@EnableOAuth2Client
 //@Order(SecurityProperties.BASIC_AUTH_ORDER - 6)
@Order(-1)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@@ -45,35 +46,40 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        CharacterEncodingFilter filter = new CharacterEncodingFilter();
-        http
-            .authorizeRequests()
-                .antMatchers("/", "/login/**", "/css/**", "/images/**", "/js/**",
-                        "/console/**", "/oauth2/**").permitAll()
-                .anyRequest().authenticated()
-            .and()
-                .oauth2Login()
-                .defaultSuccessUrl("/loginSuccess")
-                .failureUrl("/loginFailure")
-            .and()
-                .headers().frameOptions().disable()
-            .and()
-                .exceptionHandling()
-                .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
-            .and()
-                .formLogin().loginPage("/login")
-            .and()
-                .logout()
-                .logoutUrl("/logout")
-                .deleteCookies("JSESSSIONID")
-                .invalidateHttpSession(true)
-            .and()
-                .addFilterBefore(filter, CsrfFilter.class);
+//        http
+//            .formLogin().loginPage("/login").permitAll()
+//            .and()
+//            .authorizeRequests()
+//                .antMatchers("/", "/login/**", "/css/**", "/images/**", "/js/**", "/oauth/authorize", "/oauth/confirm_access",
+//                        "/console/**", "/oauth2/**").permitAll()
+//                .anyRequest().authenticated();
+//            .and()
+//                .oauth2Login();
+//                .loginPage("/login").permitAll()
+////                .defaultSuccessUrl("http://localhost:8765/login")
+//                .failureUrl("/loginFailure")
+//            .and()
+//                .headers().frameOptions().disable()
+//            .and()
+//                .exceptionHandling()
+//                .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
+//
+//            .and()
+//                .logout()
+//                .logoutUrl("/logout")
+//                .deleteCookies("JSESSSIONID")
+//                .invalidateHttpSession(true)
+//            .and()
+//                .addFilterBefore(filter, CsrfFilter.class);
 //                .csrf().disable();
-//        http.formLogin().loginPage("/login").permitAll()
-//                .and()
-//                .requestMatchers().antMatchers("/login", "/logout", "/oauth/authorize", "/oauth/confirm_access")
-//                .and()
-//                .authorizeRequests().anyRequest().authenticated();
+        http.formLogin().loginPage("/login").permitAll()
+                .and()
+                .requestMatchers().antMatchers("/login/**", "/logout", "/oauth/authorize", "/oauth/confirm_access", "/oauth2/**")
+                .and()
+                .authorizeRequests().anyRequest().authenticated()
+                .and()
+                .oauth2Login()
+                .loginPage("/login").permitAll();

    }

--- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/controller/sso/SsoController.java
+++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/controller/sso/SsoController.java
@@ -82,8 +82,10 @@ public class SsoController {
    }

    @GetMapping(value = "/loginSuccess")
+    @ResponseBody
    public String loginComplete(@SocialUser User user) {
-        return "redirect:/login/success";
+        System.out.println(user);
+        return "kkkkkkkkk";
    }

    @GetMapping(value = "/login/success")
--- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/social/UserArgumentResolver.java
+++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/social/UserArgumentResolver.java
@@ -98,8 +98,8 @@ public class UserArgumentResolver implements HandlerMethodArgumentResolver {
     */
    private User getModernUser(SocialType socialType, Map<String, Object> map) {
        return User.builder()
-                .username(String.valueOf(map.get("name")))
-                .email(String.valueOf(map.get("mail")))
+                .name(String.valueOf(map.get("name")))
+                .email(String.valueOf(map.get("email")))
                .principal(String.valueOf(map.get("id")))
                .socialType(socialType)
                .createdAt(LocalDateTime.now())
--- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/User.java
+++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/User.java
@@ -20,6 +20,9 @@ public class User {
    @Column
    private String username;

+    @Column
+    private String name;
+
    @Column
    private String password;

@@ -50,9 +53,10 @@ public class User {
 //    private Date regDate = new Date();

    @Builder
-    public User(String username, String password, String email, String principal,
+    public User(String username, String name, String password, String email, String principal,
                SocialType socialType, LocalDateTime createdAt, LocalDateTime updatedAt) {
        this.username = username;
+        this.name = name;
        this.password = password;
        this.email = email;
        this.principal = principal;
--- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/UserDetail.java
+++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/UserDetail.java
@@ -1,5 +1,6 @@
 package io.bluemoon.authorizationserver.domain.user;

+import io.bluemoon.authorizationserver.domain.social.SocialType;
 import lombok.Data;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -16,14 +17,12 @@ public class UserDetail implements UserDetails {
    private Long id;
    private String username;
    private String password;
-    private String userType;
    private List<String> roles;

    public UserDetail(User user) {
        this.id = user.getId();
        this.username = user.getUsername();
        this.password = user.getPassword();
-//        this.userType = user.getSocialType();
    }

    @Override
--- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/user/CustomUserDetailsServiceImpl.java
+++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/user/CustomUserDetailsServiceImpl.java
@@ -25,12 +25,14 @@ public class CustomUserDetailsServiceImpl implements UserDetailsService {
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        User user = userRepository.findByUsername(username);
+        System.out.println(user);

        if (user == null) {
            throw new UsernameNotFoundException("UsernameNotFound[" + username + "]");
        }

        UserDetail userDetail = createUser(user);
+        System.out.println(userDetail);
        return userDetail;
    }

@@ -41,12 +43,13 @@ public class CustomUserDetailsServiceImpl implements UserDetailsService {
     */
    private UserDetail createUser(User user) {
        UserDetail userDetail = new UserDetail(user);
+        userDetail.setRoles(Arrays.asList("ROLE_USER"));

-        if (userDetail.getUserType().equals("1")) {
-            userDetail.setRoles(Arrays.asList("ROLE_ADMIN"));
-        } else {
-            userDetail.setRoles(Arrays.asList("ROLE_USER"));
-        }
+//        if (userDetail.getSocial_type().getVaule().equals("FACEBOOK")) {
+//            userDetail.setRoles(Arrays.asList("ROLE_FACEBOOK"));
+//        } else {
+//            userDetail.setRoles(Arrays.asList("ROLE_USER"));
+//        }
        return userDetail;
    }
 }
--- a/authorization-server/src/main/resources/application.properties
+++ b/authorization-server/src/main/resources/application.properties
@@ -1,5 +1,5 @@
 server.port=8081
-#server.servlet.context-path=/mk-auth
+server.servlet.context-path=/mk-auth
 server.use-forward-headers=false

 security.oauth2.authorization.check-token-access=isAuthenticated()
--- a/authorization-server/src/main/resources/templates/login.ftl
+++ b/authorization-server/src/main/resources/templates/login.ftl
@@ -18,7 +18,7 @@
 </div>

 <div>
-    <a class="facebook-login-text" href="/oauth2/authorization/facebook">facebook으로 로그인</a>
+    <a class="facebook-login-text" href="/mk-auth/oauth2/authorization/facebook">facebook으로 로그인</a>
 </div>
 </body>
 </html>
--- a/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/SecurityConfig.java
+++ b/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/SecurityConfig.java
@@ -1,23 +1,13 @@
 package io.bluemoon.gatewayzuul.config;

-import io.bluemoon.gatewayzuul.filter.DynamicOauth2ClientContextFilter;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Primary;
 import org.springframework.core.annotation.Order;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.oauth2.client.filter.OAuth2ClientContextFilter;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
-import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
-import org.springframework.security.oauth2.provider.ClientDetailsService;
-import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager;
-import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter;
-import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
+
 import org.springframework.security.web.csrf.*;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
@@ -29,11 +19,10 @@ import javax.servlet.ServletException;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+
 import java.io.IOException;
 import java.util.regex.Pattern;

-
-
@Configuration
@EnableOAuth2Sso
@EnableResourceServer
@@ -49,7 +38,7 @@ public class SecurityConfig  extends WebSecurityConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
-                .antMatchers("/mk-auth/**", "/login").permitAll().anyRequest().authenticated()
+                .antMatchers("/**", "/mk-auth/**", "/login").permitAll().anyRequest().authenticated()
                .and()
 //                .csrf().requireCsrfProtectionMatcher(csrfRequestMatcher()).csrfTokenRepository(csrfTokenRepository())
 //                .and()
--- a/gateway-zuul/src/main/resources/application.properties
+++ b/gateway-zuul/src/main/resources/application.properties
@@ -1,14 +1,14 @@
 server.port=8765

-zuul.sensitive-headers=Cookie,Set-Cookie
+zuul.sensitive-headers=

 zuul.routes.mk2-service.path=/service/**
 zuul.routes.mk2-service.url=http://127.0.0.1:8082
-zuul.routes.mk2-service.sensitive-headers=Cookie,Set-Cookie
+zuul.routes.mk2-service.sensitive-headers=

 zuul.routes.mk2-oauth.path=/mk-auth/**
-zuul.routes.mk2-oauth.url=http://127.0.0.1:8081
-zuul.routes.mk2-oauth.sensitive-headers=Cookie,Set-Cookie
+zuul.routes.mk2-oauth.url=https://6667b9ff.ngrok.io
+zuul.routes.mk2-oauth.sensitive-headers=
 #zuul.routes.mk2-oauth.path=/mk2auth/**

 zuul.routes.mk2-oauth.strip-prefix=false
@@ -18,13 +18,13 @@ security.oauth2.sso.login-path=/login



-security.oauth2.client.access-token-uri=http://127.0.0.1:8081/mk-auth/oauth/token
+security.oauth2.client.access-token-uri=https://6667b9ff.ngrok.io/mk-auth/oauth/token

 # /oauth/authorize 요청은 클라이언트가 리소스 서버의 api를 사용하기 위해 사용자(리소스 소유자)에게
 # 권한 위임 동의를 받기 위한 페이지를 출력하는 기능을 수행
-security.oauth2.client.user-authorization-uri=http://127.0.0.1:8081/mk-auth/oauth/authorize
+security.oauth2.client.user-authorization-uri=https://6667b9ff.ngrok.io/mk-auth/oauth/authorize

-security.oauth2.resource.user-info-uri=http://127.0.0.1:8081/mk-auth/user
+security.oauth2.resource.user-info-uri=https://6667b9ff.ngrok.io/mk-auth/user
 #security.oauth2.resource.prefer-token-info=false

 security.oauth2.client.client-id=system1
@@ -40,3 +40,5 @@ security.oauth2.client.client-secret=1234
 #management.endpoints.web.exposure.include=routes, health, filter
 #management.endpoint.routes.enabled=true
 #management.endpoint.filters.enabled=true
+logging.level.web=debug
+spring.http.log-request-details=true