mindol1004/spring-cloud-oauth2-sso-mk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

zuul sso-login 빼고 oauth2 환경 테스트 중

Browse Source
This commit is contained in:
liquidjoo
2019-07-02 19:00:54 +09:00
parent 8077c4715d
commit 9ff670ffcf
18 changed files with 569 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
authorization-server/src/main/java/io/bluemoon/authorizationserver/config/OAuth2SsoServerConfig.java
View File

@@ -90,11 +90,14 @@ public class OAuth2SsoServerConfig extends AuthorizationServerConfigurerAdapter
.authenticationManager(authenticationManager)
// jdbc token processing
.tokenStore(jdbcTokenStore(dataSource))
// refresh token
// 사용자 세부 정보가 필요할 때
.userDetailsService(customUserDetailsService)
// approval store
.approvalStore(approvalStore)
// refresh token
.reuseRefreshTokens(true)
// 인증 코드 부여에 대한 인증 코드 서비스
.authorizationCodeServices(authorizationCodeServices);

27
authorization-server/src/main/java/io/bluemoon/authorizationserver/config/ResourceServerConfiguration.java Normal file
View File

@@ -0,0 +1,27 @@
//package io.bluemoon.authorizationserver.config;
//
//
//import org.springframework.context.annotation.Configuration;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
//import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
//import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
//
//@Configuration
//@EnableResourceServer
//public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
//
// @Override
// public void configure(HttpSecurity http) throws Exception {
//// super.configure(http);
// http.headers().frameOptions().disable();
// http.authorizeRequests()
// .anyRequest().permitAll()
// .antMatchers("/mk-auth/code").access("#oauth2.hasScode('read')");
// }
//
// @Override
// public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
// resources.resourceId()
// }
//}

2
authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebMvcConfig.java
View File

@@ -13,7 +13,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import java.util.List;
@EnableWebSecurity
//@EnableWebSecurity
public class WebMvcConfig implements WebMvcConfigurer {
@Autowired

58
authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java
View File

@@ -23,7 +23,7 @@ import org.springframework.web.filter.CharacterEncodingFilter;
@Configuration
//@EnableOAuth2Client
//@Order(SecurityProperties.BASIC_AUTH_ORDER - 6)
@Order(-1)
//@Order(-1)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@@ -52,43 +52,27 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
CharacterEncodingFilter filter = new CharacterEncodingFilter();
// http
// .formLogin().loginPage("/login").permitAll()
// .and()
// .authorizeRequests()
// .antMatchers("/", "/login/**", "/css/**", "/images/**", "/js/**", "/oauth/authorize", "/oauth/confirm_access",
// "/console/**", "/oauth2/**").permitAll()
// .anyRequest().authenticated();
// .and()
// .oauth2Login();
// .loginPage("/login").permitAll()
//// .defaultSuccessUrl("http://localhost:8765/login")
// .failureUrl("/loginFailure")
// http.formLogin();
//http://localhost:8081/mk-auth/oauth/authorize?response_type=code&client_id=system1&redirect_uri=http://localhost:8081/mk-auth/code&scope=read
// curl -u system1:1234 http://localhost:8081/mk-auth/oauth/token -d "grant_type=password&username=user1&password=1234"
// curl -u system1:1234 http://localhost:8081/mk-auth/oauth/token -d "grant_type=refresh_token&scope=read&refresh_token=131e73e1-0806-4f26-a84c-6d06eeecfd5d"
// .and()
// .exceptionHandling()
// .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
//
// .and()
// .logout()
// .logoutUrl("/logout")
// .deleteCookies("JSESSSIONID")
// .invalidateHttpSession(true)
// .and()
// .addFilterBefore(filter, CsrfFilter.class);
// .csrf().disable();
http.formLogin().loginPage("/login").permitAll().failureHandler(customAuthFailureHandler)
.and()
.requestMatchers().antMatchers("/login/**", "/logout", "/oauth/authorize", "/oauth/confirm_access", "/oauth2/**")
.and()
.authorizeRequests().anyRequest().authenticated()
.and()
.headers().frameOptions().disable()
.and()
.oauth2Login()
// .loginPage("/login").defaultSuccessUrl("/mk-auth/login/success").permitAll();
.loginPage("/login").permitAll().defaultSuccessUrl("/login/success", true).failureHandler(customAuthFailureHandler);
// --------------------------------- sso test
// http.formLogin().loginPage("/login").permitAll().failureHandler(customAuthFailureHandler)
// .and()
// .requestMatchers().antMatchers("/login/**", "/logout", "/oauth/authorize", "/oauth/confirm_access", "/oauth2/**")
// .and()
// .authorizeRequests().anyRequest().authenticated()
// .and()
// .headers().frameOptions().disable()
// .and()
// .oauth2Login()
// .loginPage("/login").permitAll().defaultSuccessUrl("/login/success", true).failureHandler(customAuthFailureHandler);
// .and()
// .addFilterBefore(filter, CsrfFilter.class);

7
authorization-server/src/main/java/io/bluemoon/authorizationserver/controller/sso/SsoController.java
View File

@@ -94,6 +94,13 @@ public class SsoController {
return "kkk";
}
@RequestMapping(value = "/code")
public String test(
@RequestParam(value = "code") String code
) {
return code;
}

44
readme.md
View File

@@ -75,46 +75,4 @@ WebSecurityConfigurerAdapter
- HttpSecurity http setting
Authorization Server
"67",
"100",
"113",
"118",
"170",
"224",
"226",
"439",
"448",
"451",
"498",
"506",
"507",
"511",
"568",
"618",
"699",
"705",
"748",
"772",
"799",
"883",
"1086",
"1100",
"1617",
"1636",
"2023",
"2256",
"2259",
"2269",
"2318",
"2320",
"2490",
"2531",
"2533",
"2604",
"2609",
"2612",
"2618",
Authorization Server

32
zuul-oauth2/.gitignore vendored Normal file
View File

@@ -0,0 +1,32 @@
HELP.md
.gradle
build/
!gradle/wrapper/gradle-wrapper.jar
!**/src/main/**
!**/src/test/**
### STS ###
.apt_generated
.classpath
.factorypath
.project
.settings
.springBeans
.sts4-cache
### IntelliJ IDEA ###
.idea
*.iws
*.iml
*.ipr
out/
### NetBeans ###
/nbproject/private/
/nbbuild/
/dist/
/nbdist/
/.nb-gradle/
### VS Code ###
.vscode/

40
zuul-oauth2/build.gradle Normal file
View File

@@ -0,0 +1,40 @@
plugins {
id 'org.springframework.boot' version '2.1.5.RELEASE'
id 'java'
}
apply plugin: 'io.spring.dependency-management'
group = 'io.bluemoon'
version = '0.0.1-SNAPSHOT'
sourceCompatibility = '1.8'
configurations {
compileOnly {
extendsFrom annotationProcessor
}
}
repositories {
mavenCentral()
}
ext {
set('springCloudVersion', 'Greenwich.SR1')
}
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-actuator'
implementation 'org.springframework.cloud:spring-cloud-starter-netflix-zuul'
implementation 'org.springframework.cloud:spring-cloud-starter-oauth2'
implementation 'org.springframework.cloud:spring-cloud-starter-security'
compileOnly 'org.projectlombok:lombok'
annotationProcessor 'org.projectlombok:lombok'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
}
dependencyManagement {
imports {
mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
}
}

BIN
zuul-oauth2/gradle/wrapper/gradle-wrapper.jar vendored Normal file
View File

Binary file not shown.

6
zuul-oauth2/gradle/wrapper/gradle-wrapper.properties vendored Normal file
View File

@@ -0,0 +1,6 @@
#Tue Jul 02 16:45:08 KST 2019
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-5.4.1-all.zip

172
zuul-oauth2/gradlew vendored Executable file
View File

@@ -0,0 +1,172 @@
#!/usr/bin/env sh
##############################################################################
##
## Gradle start up script for UN*X
##
##############################################################################
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
PRG="$0"
# Need this for relative symlinks.
while [ -h "$PRG" ] ; do
ls=`ls -ld "$PRG"`
link=`expr "$ls" : '.*-> \(.*\)$'`
if expr "$link" : '/.*' > /dev/null; then
PRG="$link"
else
PRG=`dirname "$PRG"`"/$link"
fi
done
SAVED="`pwd`"
cd "`dirname \"$PRG\"`/" >/dev/null
APP_HOME="`pwd -P`"
cd "$SAVED" >/dev/null
APP_NAME="Gradle"
APP_BASE_NAME=`basename "$0"`
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS='"-Xmx64m"'
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD="maximum"
warn () {
echo "$*"
}
die () {
echo
echo "$*"
echo
exit 1
}
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
case "`uname`" in
CYGWIN* )
cygwin=true
;;
Darwin* )
darwin=true
;;
MINGW* )
msys=true
;;
NONSTOP* )
nonstop=true
;;
esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD="$JAVA_HOME/jre/sh/java"
else
JAVACMD="$JAVA_HOME/bin/java"
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD="java"
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
# Increase the maximum file descriptors if we can.
if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
MAX_FD_LIMIT=`ulimit -H -n`
if [ $? -eq 0 ] ; then
if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
MAX_FD="$MAX_FD_LIMIT"
fi
ulimit -n $MAX_FD
if [ $? -ne 0 ] ; then
warn "Could not set maximum file descriptor limit: $MAX_FD"
fi
else
warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
fi
fi
# For Darwin, add options to specify how the application appears in the dock
if $darwin; then
GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
fi
# For Cygwin, switch paths to Windows format before running java
if $cygwin ; then
APP_HOME=`cygpath --path --mixed "$APP_HOME"`
CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
JAVACMD=`cygpath --unix "$JAVACMD"`
# We build the pattern for arguments to be converted via cygpath
ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
SEP=""
for dir in $ROOTDIRSRAW ; do
ROOTDIRS="$ROOTDIRS$SEP$dir"
SEP="|"
done
OURCYGPATTERN="(^($ROOTDIRS))"
# Add a user-defined pattern to the cygpath arguments
if [ "$GRADLE_CYGPATTERN" != "" ] ; then
OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
fi
# Now convert the arguments - kludge to limit ourselves to /bin/sh
i=0
for arg in "$@" ; do
CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
else
eval `echo args$i`="\"$arg\""
fi
i=$((i+1))
done
case $i in
(0) set -- ;;
(1) set -- "$args0" ;;
(2) set -- "$args0" "$args1" ;;
(3) set -- "$args0" "$args1" "$args2" ;;
(4) set -- "$args0" "$args1" "$args2" "$args3" ;;
(5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
(6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
(7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
(8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
(9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
esac
fi
# Escape application args
save () {
for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
echo " "
}
APP_ARGS=$(save "$@")
# Collect all arguments for the java command, following the shell quoting and substitution rules
eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
cd "$(dirname "$0")"
fi
exec "$JAVACMD" "$@"

84
zuul-oauth2/gradlew.bat vendored Normal file
View File

@@ -0,0 +1,84 @@
@if "%DEBUG%" == "" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@rem
@rem ##########################################################################
@rem Set local scope for the variables with windows NT shell
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
if "%DIRNAME%" == "" set DIRNAME=.
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS="-Xmx64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if "%ERRORLEVEL%" == "0" goto init
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:findJavaFromJavaHome
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto init
echo.
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:init
@rem Get command-line arguments, handling Windows variants
if not "%OS%" == "Windows_NT" goto win9xME_args
:win9xME_args
@rem Slurp the command line arguments.
set CMD_LINE_ARGS=
set _SKIP=2
:win9xME_args_slurp
if "x%~1" == "x" goto execute
set CMD_LINE_ARGS=%*
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
:end
@rem End local scope for the variables with windows NT shell
if "%ERRORLEVEL%"=="0" goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
exit /b 1
:mainEnd
if "%OS%"=="Windows_NT" endlocal
:omega

6
zuul-oauth2/settings.gradle Normal file
View File

@@ -0,0 +1,6 @@
pluginManagement {
repositories {
gradlePluginPortal()
}
}
rootProject.name = 'zuul-oauth2'

24
zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/ZuulOauth2Application.java Normal file
View File

@@ -0,0 +1,24 @@
package io.bluemoon.zuuloauth2;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.client.loadbalancer.LoadBalanced;
import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
import org.springframework.context.annotation.Bean;
import org.springframework.web.client.RestTemplate;
@SpringBootApplication
@EnableZuulProxy
public class ZuulOauth2Application {
@LoadBalanced
@Bean
public RestTemplate getRestTemplate() {
return new RestTemplate();
}
public static void main(String[] args) {
SpringApplication.run(ZuulOauth2Application.class, args);
}
}

55
zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/filter/AuthenticationFilter.java Normal file
View File

@@ -0,0 +1,55 @@
package io.bluemoon.zuuloauth2.filter;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import com.netflix.zuul.exception.ZuulException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.client.RestTemplate;
@Slf4j
public class AuthenticationFilter extends ZuulFilter {
private static final int FILTER_ORDER = 2;
private static final boolean SHOULD_FILTER = false;
private FilterUtils filterUtils;
private RestTemplate restTemplate;
public AuthenticationFilter(
FilterUtils filterUtils,
RestTemplate restTemplate
) {
this.filterUtils = filterUtils;
this.restTemplate = restTemplate;
}
@Override
public String filterType() {
return FilterUtils.PRE_FILTER_TYPE;
}
@Override
public int filterOrder() {
return FILTER_ORDER;
}
@Override
public boolean shouldFilter() {
return SHOULD_FILTER;
}
private boolean isAuthTokenPresent() {
if (filterUtils.getAuthToken() != null) {
return true;
}
return false;
}
@Override
public Object run() throws ZuulException {
RequestContext ctx = RequestContext.getCurrentContext();
return null;
}
}

72
zuul-oauth2/src/main/java/io/bluemoon/zuuloauth2/filter/FilterUtils.java Normal file
View File

@@ -0,0 +1,72 @@
package io.bluemoon.zuuloauth2.filter;
import com.netflix.zuul.context.RequestContext;
import org.springframework.stereotype.Component;
@Component
public class FilterUtils {
public static final String CORRELATION_ID = "tmx-correlation-id";
public static final String AUTH_TOKEN = "Authorization";
public static final String USER_ID = "tmx-user-id";
public static final String ORG_ID = "tmx-org-id";
public static final String PRE_FILTER_TYPE = "pre";
public static final String POST_FILTER_TYPE = "post";
public static final String ROUTE_FILTER_TYPE = "route";
public String getCorrelationId() {
RequestContext ctx = RequestContext.getCurrentContext();
if (ctx.getRequest().getHeader(CORRELATION_ID) != null) {
return ctx.getRequest().getHeader(CORRELATION_ID);
} else {
return ctx.getZuulRequestHeaders().get(CORRELATION_ID);
}
}
public void setCorrelationId(String correlationId) {
RequestContext ctx = RequestContext.getCurrentContext();
ctx.addZuulRequestHeader(CORRELATION_ID, correlationId);
}
public final String getOrgId() {
RequestContext ctx = RequestContext.getCurrentContext();
if (ctx.getRequest().getHeader(ORG_ID) != null) {
return ctx.getRequest().getHeader(ORG_ID);
} else {
return ctx.getZuulRequestHeaders().get(ORG_ID);
}
}
public void setOrgId(String orgId) {
RequestContext ctx = RequestContext.getCurrentContext();
ctx.addZuulRequestHeader(ORG_ID, orgId);
}
public final String getUserId() {
RequestContext ctx = RequestContext.getCurrentContext();
if (ctx.getRequest().getHeader(USER_ID) != null) {
return ctx.getRequest().getHeader(USER_ID);
} else {
return ctx.getZuulRequestHeaders().get(USER_ID);
}
}
public void setUserId(String userId) {
RequestContext ctx = RequestContext.getCurrentContext();
ctx.addZuulRequestHeader(USER_ID, userId);
}
public String getAuthToken() {
RequestContext ctx = RequestContext.getCurrentContext();
return ctx.getRequest().getHeader(AUTH_TOKEN);
}
public String getServiceId() {
RequestContext ctx = RequestContext.getCurrentContext();
if (ctx.get("serviceId")==null) {
return "";
}
return ctx.get("serviceId").toString();
}
}

1
zuul-oauth2/src/main/resources/application.properties Normal file
View File

@@ -0,0 +1 @@

16
zuul-oauth2/src/test/java/io/bluemoon/zuuloauth2/ZuulOauth2ApplicationTests.java Normal file
View File

@@ -0,0 +1,16 @@
package io.bluemoon.zuuloauth2;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
@RunWith(SpringRunner.class)
@SpringBootTest
public class ZuulOauth2ApplicationTests {
@Test
public void contextLoads() {
}
}