diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/sso/DefaultSsoService.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/sso/DefaultSsoService.java index 4e6cf4a..f1c967d 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/sso/DefaultSsoService.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/sso/DefaultSsoService.java @@ -7,7 +7,6 @@ import io.bluemoon.authorizationserver.domain.oauth.client.ClientRepository; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; -import java.io.UnsupportedEncodingException; import java.math.BigInteger; import java.nio.charset.StandardCharsets; import java.security.MessageDigest; diff --git a/authorization-server/src/main/resources/application.properties b/authorization-server/src/main/resources/application.properties index 7fdef19..32aa131 100644 --- a/authorization-server/src/main/resources/application.properties +++ b/authorization-server/src/main/resources/application.properties @@ -1,9 +1,7 @@ server.port=8081 server.servlet.context-path=/mk-auth server.use-forward-headers=false - security.oauth2.authorization.check-token-access=isAuthenticated() - spring.main.allow-bean-definition-overriding=true spring.datasource.url=jdbc:mysql://127.0.0.1/oauth2?useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull&serverTimezone=UTC spring.datasource.username=root @@ -11,23 +9,16 @@ spring.datasource.password=bluemoon spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver spring.datasource.platform=schema spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MariaDB53Dialect - - - -spring.jpa.database = MYSQL +spring.jpa.database=MYSQL spring.jpa.hibernate.ddl-auto=update spring.jpa.generate-ddl=true spring.jpa.show-sql=true #spring.jpa.generate-ddl=false #spring.jpa.hibernate.ddl-auto=none - spring.security.oauth2.client.registration.facebook.client-id=715358882216622 spring.security.oauth2.client.registration.facebook.client-secret=a39d8f1e06e8c3863d12e8461f4991e8 - spring.security.oauth2.client.registration.google.client-id=534360107417-qhkkasmnj4tml8iuk3v1dh72ipjvf2qp.apps.googleusercontent.com spring.security.oauth2.client.registration.google.client-secret=XkmQ3KPTpmTkWb8X6_1WRR5i - - #facebook.client.access-token-uri=https://graph.facebook.com/oauth/access_token #facebook.client.user-authorization-uri=https://www.facebook.com/dialog/oauth #facebook.client.token-name=oauth_token @@ -35,7 +26,5 @@ spring.security.oauth2.client.registration.google.client-secret=XkmQ3KPTpmTkWb8X #facebook.client.client-authentication-scheme=form # #facebook.resource.user-info-uri=https://graph.facebook.com/me?fields=id - - logging.level.web=debug -spring.http.log-request-details=true \ No newline at end of file +spring.http.log-request-details=true diff --git a/authorization-server/src/main/resources/templates/authorize.html b/authorization-server/src/main/resources/templates/authorize.html index 90373b7..6bf01af 100644 --- a/authorization-server/src/main/resources/templates/authorize.html +++ b/authorization-server/src/main/resources/templates/authorize.html @@ -10,16 +10,16 @@ protected resources with scope ${authorizationRequest.scope?join(", ")}.

-
- - + + +
-
- - + + +
diff --git a/authorization-server/src/main/resources/templates/login.html b/authorization-server/src/main/resources/templates/login.html index f6bb88b..038ea9d 100644 --- a/authorization-server/src/main/resources/templates/login.html +++ b/authorization-server/src/main/resources/templates/login.html @@ -1,47 +1,52 @@ - +
-
+
- +
- +
- +
- +
- - + +
- Facebook + Facebook
- Google + Google
- - - - - - - - \ No newline at end of file + + + + diff --git a/contents/src/main/java/io/bluemoon/contents/ContentsApplication.java b/contents/src/main/java/io/bluemoon/contents/ContentsApplication.java index a0b49db..a5f0d65 100644 --- a/contents/src/main/java/io/bluemoon/contents/ContentsApplication.java +++ b/contents/src/main/java/io/bluemoon/contents/ContentsApplication.java @@ -13,15 +13,15 @@ import org.springframework.web.client.RestTemplate; @SpringBootApplication public class ContentsApplication { + public static void main(String[] args) { + SpringApplication.run(ContentsApplication.class, args); + } + @Bean @LoadBalanced public RestTemplate restTemplate() { return new RestTemplate(); } - public static void main(String[] args) { - SpringApplication.run(ContentsApplication.class, args); - } - } diff --git a/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/GatewayZuulApplication.java b/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/GatewayZuulApplication.java index 2d5ad9d..81e4d80 100644 --- a/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/GatewayZuulApplication.java +++ b/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/GatewayZuulApplication.java @@ -2,21 +2,11 @@ package io.bluemoon.gatewayzuul; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; -import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoRestTemplateCustomizer; -import org.springframework.cloud.client.loadbalancer.LoadBalancerInterceptor; import org.springframework.cloud.netflix.zuul.EnableZuulProxy; -import org.springframework.context.annotation.Bean; import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; -import org.springframework.http.client.ClientHttpRequestInterceptor; import org.springframework.security.core.Authentication; -import org.springframework.security.core.annotation.AuthenticationPrincipal; -import org.springframework.security.oauth2.client.token.AccessTokenProviderChain; -import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider; -import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider; -import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider; -import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider; import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @@ -27,11 +17,6 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import java.security.Principal; -import java.util.ArrayList; -import java.util.List; -import java.util.stream.Collectors; -import java.util.stream.Stream; @EnableZuulProxy @SpringBootApplication @@ -43,7 +28,7 @@ public class GatewayZuulApplication { @Controller public static class TestController { - + @RequestMapping(value = "/gateway/logout", method = RequestMethod.GET) public String signOut(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { Object details = authentication.getDetails(); @@ -51,7 +36,7 @@ public class GatewayZuulApplication { RestTemplate restTemplate = new RestTemplate(); String url = "http://localhost:8081/mk-auth/revokeToken"; HttpHeaders headers = new HttpHeaders(); - headers.set("Authorization", "Bearer "+token); + headers.set("Authorization", "Bearer " + token); HttpEntity requestEntity = new HttpEntity(headers); restTemplate.exchange(url, HttpMethod.POST, requestEntity, Void.class); @@ -59,14 +44,14 @@ public class GatewayZuulApplication { HttpSession httpSession = request.getSession(); httpSession.invalidate(); Cookie[] cookies = request.getCookies(); - for (Cookie cookie: cookies) { + for (Cookie cookie : cookies) { cookie.setPath("/"); cookie.setSecure(true); cookie.setMaxAge(0); response.addCookie(cookie); } - return "redirect:"+"http://localhost:8765/mk-auth/rending"; + return "redirect:" + "http://localhost:8765/mk-auth/rending"; } } diff --git a/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/SecurityConfig.java b/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/SecurityConfig.java index 4309b89..2517c44 100644 --- a/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/SecurityConfig.java +++ b/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/SecurityConfig.java @@ -2,13 +2,12 @@ package io.bluemoon.gatewayzuul.config; import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso; import org.springframework.context.annotation.Configuration; -import org.springframework.core.annotation.Order; - import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; - -import org.springframework.security.web.csrf.*; +import org.springframework.security.web.csrf.CsrfToken; +import org.springframework.security.web.csrf.CsrfTokenRepository; +import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.web.filter.OncePerRequestFilter; @@ -19,47 +18,13 @@ import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - import java.io.IOException; import java.util.regex.Pattern; @Configuration @EnableOAuth2Sso @EnableResourceServer -public class SecurityConfig extends WebSecurityConfigurerAdapter { - - @Override - public void configure(HttpSecurity http) throws Exception { - http.authorizeRequests() - .antMatchers("/", "/mk-auth/**", "/login").permitAll().anyRequest().authenticated() - .and() - .logout().logoutSuccessUrl("/gateway/logout").logoutRequestMatcher(new AntPathRequestMatcher("/logout")).invalidateHttpSession(true).deleteCookies("JSESSIONID").clearAuthentication(true); - - } - - private RequestMatcher csrfRequestMatcher() { - return new RequestMatcher() { - - private final Pattern allowedMethods = Pattern.compile("^(GET|HEAD|OPTIONS|TRACE)$"); - - // Disable CSFR protection on the following urls: - private final AntPathRequestMatcher[] requestMatchers = { new AntPathRequestMatcher("/mk-auth/**") }; - - @Override - public boolean matches(HttpServletRequest request) { - if (allowedMethods.matcher(request.getMethod()).matches()) { - return false; - } - - for (AntPathRequestMatcher matcher : requestMatchers) { - if (matcher.matches(request)) { - return false; - } - } - return true; - } - }; - } +public class SecurityConfig extends WebSecurityConfigurerAdapter { private static Filter csrfHeaderFilter() { @@ -85,6 +50,38 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { return repository; } + @Override + public void configure(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/", "/mk-auth/**", "/login").permitAll().anyRequest().authenticated() + .and() + .logout().logoutSuccessUrl("/gateway/logout").logoutRequestMatcher(new AntPathRequestMatcher("/logout")).invalidateHttpSession(true).deleteCookies("JSESSIONID").clearAuthentication(true); + + } + + private RequestMatcher csrfRequestMatcher() { + return new RequestMatcher() { + + private final Pattern allowedMethods = Pattern.compile("^(GET|HEAD|OPTIONS|TRACE)$"); + + // Disable CSFR protection on the following urls: + private final AntPathRequestMatcher[] requestMatchers = {new AntPathRequestMatcher("/mk-auth/**")}; + + @Override + public boolean matches(HttpServletRequest request) { + if (allowedMethods.matcher(request.getMethod()).matches()) { + return false; + } + + for (AntPathRequestMatcher matcher : requestMatchers) { + if (matcher.matches(request)) { + return false; + } + } + return true; + } + }; + } } diff --git a/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/filter/DynamicOauth2ClientContextFilter.java b/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/filter/DynamicOauth2ClientContextFilter.java index f0c40ee..12b9f9f 100644 --- a/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/filter/DynamicOauth2ClientContextFilter.java +++ b/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/filter/DynamicOauth2ClientContextFilter.java @@ -18,8 +18,8 @@ public class DynamicOauth2ClientContextFilter extends OAuth2ClientContextFilter protected void redirectUser(UserRedirectRequiredException e, HttpServletRequest request, HttpServletResponse response) throws IOException { String redirectUri = e.getRedirectUri(); UriComponentsBuilder builder = UriComponentsBuilder.fromUriString(redirectUri); - Map requestParams = e.getRequestParams(); - for (Map.Entry param : requestParams.entrySet()) { + Map requestParams = e.getRequestParams(); + for (Map.Entry param : requestParams.entrySet()) { builder.queryParam(param.getKey(), param.getValue()); } diff --git a/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/filter/HeaderEnhanceFilter.java b/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/filter/HeaderEnhanceFilter.java index 5827999..81379bd 100644 --- a/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/filter/HeaderEnhanceFilter.java +++ b/gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/filter/HeaderEnhanceFilter.java @@ -13,6 +13,5 @@ public class HeaderEnhanceFilter implements Filter { // test if request url is permit all, then remove authorization from header - } } diff --git a/gateway-zuul/src/main/resources/application.properties b/gateway-zuul/src/main/resources/application.properties index 21742af..3e73786 100644 --- a/gateway-zuul/src/main/resources/application.properties +++ b/gateway-zuul/src/main/resources/application.properties @@ -1,42 +1,30 @@ server.port=8765 - zuul.sensitive-headers= - zuul.routes.mk2-service.path=/api/** zuul.routes.mk2-service.url=http://127.0.0.1:8082 zuul.routes.mk2-service.sensitive-headers= - zuul.routes.mk2-oauth.path=/mk-auth/** #zuul.routes.mk2-oauth.url=https://59a7bc58.ngrok.io zuul.routes.mk2-oauth.url=http://localhost:8081 zuul.routes.mk2-oauth.sensitive-headers= #zuul.routes.mk2-oauth.path=/mk2auth/** - zuul.routes.mk2-oauth.strip-prefix=false zuul.add-proxy-headers=true - security.oauth2.sso.login-path=/login - security.oauth2.client.access-token-uri=http://localhost:8081/mk-auth/oauth/token # /oauth/authorize 요청은 클라이언트가 리소스 서버의 api를 사용하기 위해 사용자(리소스 소유자)에게 # 권한 위임 동의를 받기 위한 페이지를 출력하는 기능을 수행 security.oauth2.client.user-authorization-uri=http://localhost:8081/mk-auth/oauth/authorize security.oauth2.resource.user-info-uri=http://localhost:8081/mk-auth/user - security.oauth2.resource.prefer-token-info=false - security.oauth2.client.client-id=system1 security.oauth2.client.client-secret=1234 - - #management.security.enabled=false #security.oauth2.resource.jwt.key-value="abc" #security.oauth2.resource.id=read #security.oauth2.resource.service-id=${PREFIX:}resource - - #management.endpoints.web.exposure.include=routes, health, filter #management.endpoint.routes.enabled=true #management.endpoint.filters.enabled=true logging.level.web=debug -spring.http.log-request-details=true \ No newline at end of file +spring.http.log-request-details=true diff --git a/queue/out/production/resources/application.properties b/queue/out/production/resources/application.properties index 35e1106..8c643a5 100644 --- a/queue/out/production/resources/application.properties +++ b/queue/out/production/resources/application.properties @@ -1,18 +1,14 @@ spring.application.name=queue server.port=8080 - spring.jackson.serialization.write-dates-as-timestamps=false - #spring.datasource.url=jdbc:mysql://rds.master.uneedcomms.net/mmc?charset=utf8 #spring.datasource.username=mmc_crud #spring.datasource.password=s3art33c #spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver - cloud.aws.credentials.access-key=AKIAJG77K3AKVKQVE3LA cloud.aws.credentials.secret-key=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 cloud.aws.region.auto=false cloud.aws.region.static=ap-northeast-2 cloud.aws.stack.auto=false - #sqs.queue_name=sender-sms.fifo #sqs.url=https://sqs.ap-northeast-2.amazonaws.com/203872522995/sender-sms.fifo diff --git a/test-service/src/main/java/io/bluemoon/testservice/TestServiceApplication.java b/test-service/src/main/java/io/bluemoon/testservice/TestServiceApplication.java index 9698f39..d25c332 100644 --- a/test-service/src/main/java/io/bluemoon/testservice/TestServiceApplication.java +++ b/test-service/src/main/java/io/bluemoon/testservice/TestServiceApplication.java @@ -2,16 +2,16 @@ package io.bluemoon.testservice; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; -import org.springframework.core.annotation.Order; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails; import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.ResponseBody; import java.security.Principal; @@ -26,7 +26,7 @@ public class TestServiceApplication { @Controller @RequestMapping("/") - public static class TestController{ + public static class TestController { @RequestMapping(method = RequestMethod.GET) @ResponseBody @@ -36,7 +36,7 @@ public class TestServiceApplication { System.out.println(SecurityContextHolder.getContext().getAuthentication().getName()); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); // UserDetails userDetails = (UserDetails) authentication.getPrincipal(); - OAuth2Authentication oAuth2Authentication = (OAuth2Authentication)authentication; + OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) authentication; OAuth2AuthenticationDetails oAuth2AuthenticationDetails = (OAuth2AuthenticationDetails) oAuth2Authentication.getDetails(); // System.out.println(userDetails.getUsername()); @@ -66,7 +66,7 @@ public class TestServiceApplication { public String helloMk2Secret(Principal principal) { return principal == null ? "hello anonymous" : "heelo" + principal.getName(); } - + } } diff --git a/test-service/src/main/resources/application.properties b/test-service/src/main/resources/application.properties index 132498c..5e25294 100644 --- a/test-service/src/main/resources/application.properties +++ b/test-service/src/main/resources/application.properties @@ -1,11 +1,8 @@ server.port=8082 server.servlet.context-path=/test - #security.oauth2.resource.user-info-uri=http://oauth.keepgrow.world/uaa/user security.oauth2.resource.user-info-uri=http://localhost:8765/uaa/user security.oauth2.resource.token-info-uri=http://localhost:8081/uaa/oauth/check_token security.oauth2.resource.prefer-token-info=false - - logging.level.web=debug -spring.http.log-request-details=true \ No newline at end of file +spring.http.log-request-details=true diff --git a/test-service/src/main/resources/templates/signIn.html b/test-service/src/main/resources/templates/signIn.html index 45feb81..17bf0ed 100644 --- a/test-service/src/main/resources/templates/signIn.html +++ b/test-service/src/main/resources/templates/signIn.html @@ -1,39 +1,42 @@ - +
-
+
- +
- +
- +
- +
- - + +
- - - - - - - - \ No newline at end of file + + + + diff --git a/test-service/src/main/resources/templates/signUp.html b/test-service/src/main/resources/templates/signUp.html index 1cd5b46..298875e 100644 --- a/test-service/src/main/resources/templates/signUp.html +++ b/test-service/src/main/resources/templates/signUp.html @@ -1,39 +1,42 @@ - +
-
+
- +
- +
- +
- +
- - + +
- - - - - - - - \ No newline at end of file + + + + diff --git a/test-service/src/test/java/io/bluemoon/testservice/TestServiceApplicationTests.java b/test-service/src/test/java/io/bluemoon/testservice/TestServiceApplicationTests.java index 6c8a6f6..dcd7217 100644 --- a/test-service/src/test/java/io/bluemoon/testservice/TestServiceApplicationTests.java +++ b/test-service/src/test/java/io/bluemoon/testservice/TestServiceApplicationTests.java @@ -4,7 +4,6 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.test.context.junit4.SpringRunner; -import org.springframework.web.bind.annotation.RequestParam; @RunWith(SpringRunner.class) @SpringBootTest