mindol1004/spring-cloud-oauth2-sso-mk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore : clean code

Browse Source
This commit is contained in:
liquidjoo
2020-08-04 14:11:58 +09:00
parent f83a3ab606
commit b69cc45ff0
16 changed files with 125 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/GatewayZuulApplication.java
View File

@@ -2,21 +2,11 @@ package io.bluemoon.gatewayzuul;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoRestTemplateCustomizer;
import org.springframework.cloud.client.loadbalancer.LoadBalancerInterceptor;
import org.springframework.cloud.netflix.zuul.EnableZuulProxy;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.oauth2.client.token.AccessTokenProviderChain;
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@@ -27,11 +17,6 @@ import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
@EnableZuulProxy
@SpringBootApplication
@@ -43,7 +28,7 @@ public class GatewayZuulApplication {
@Controller
public static class TestController {
@RequestMapping(value = "/gateway/logout", method = RequestMethod.GET)
public String signOut(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
Object details = authentication.getDetails();
@@ -51,7 +36,7 @@ public class GatewayZuulApplication {
RestTemplate restTemplate = new RestTemplate();
String url = "http://localhost:8081/mk-auth/revokeToken";
HttpHeaders headers = new HttpHeaders();
headers.set("Authorization", "Bearer "+token);
headers.set("Authorization", "Bearer " + token);
HttpEntity<Object> requestEntity = new HttpEntity<Object>(headers);
restTemplate.exchange(url, HttpMethod.POST, requestEntity, Void.class);
@@ -59,14 +44,14 @@ public class GatewayZuulApplication {
HttpSession httpSession = request.getSession();
httpSession.invalidate();
Cookie[] cookies = request.getCookies();
for (Cookie cookie: cookies) {
for (Cookie cookie : cookies) {
cookie.setPath("/");
cookie.setSecure(true);
cookie.setMaxAge(0);
response.addCookie(cookie);
}
return "redirect:"+"http://localhost:8765/mk-auth/rending";
return "redirect:" + "http://localhost:8765/mk-auth/rending";
}
}

75
gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/config/SecurityConfig.java
View File

@@ -2,13 +2,12 @@ package io.bluemoon.gatewayzuul.config;
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.web.csrf.*;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.filter.OncePerRequestFilter;
@@ -19,47 +18,13 @@ import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.regex.Pattern;
@Configuration
@EnableOAuth2Sso
@EnableResourceServer
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/mk-auth/**", "/login").permitAll().anyRequest().authenticated()
.and()
.logout().logoutSuccessUrl("/gateway/logout").logoutRequestMatcher(new AntPathRequestMatcher("/logout")).invalidateHttpSession(true).deleteCookies("JSESSIONID").clearAuthentication(true);
}
private RequestMatcher csrfRequestMatcher() {
return new RequestMatcher() {
private final Pattern allowedMethods = Pattern.compile("^(GET|HEAD|OPTIONS|TRACE)$");
// Disable CSFR protection on the following urls:
private final AntPathRequestMatcher[] requestMatchers = { new AntPathRequestMatcher("/mk-auth/**") };
@Override
public boolean matches(HttpServletRequest request) {
if (allowedMethods.matcher(request.getMethod()).matches()) {
return false;
}
for (AntPathRequestMatcher matcher : requestMatchers) {
if (matcher.matches(request)) {
return false;
}
}
return true;
}
};
}
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private static Filter csrfHeaderFilter() {
@@ -85,6 +50,38 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
return repository;
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/mk-auth/**", "/login").permitAll().anyRequest().authenticated()
.and()
.logout().logoutSuccessUrl("/gateway/logout").logoutRequestMatcher(new AntPathRequestMatcher("/logout")).invalidateHttpSession(true).deleteCookies("JSESSIONID").clearAuthentication(true);
}
private RequestMatcher csrfRequestMatcher() {
return new RequestMatcher() {
private final Pattern allowedMethods = Pattern.compile("^(GET|HEAD|OPTIONS|TRACE)$");
// Disable CSFR protection on the following urls:
private final AntPathRequestMatcher[] requestMatchers = {new AntPathRequestMatcher("/mk-auth/**")};
@Override
public boolean matches(HttpServletRequest request) {
if (allowedMethods.matcher(request.getMethod()).matches()) {
return false;
}
for (AntPathRequestMatcher matcher : requestMatchers) {
if (matcher.matches(request)) {
return false;
}
}
return true;
}
};
}
}

4
gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/filter/DynamicOauth2ClientContextFilter.java
View File

@@ -18,8 +18,8 @@ public class DynamicOauth2ClientContextFilter extends OAuth2ClientContextFilter
protected void redirectUser(UserRedirectRequiredException e, HttpServletRequest request, HttpServletResponse response) throws IOException {
String redirectUri = e.getRedirectUri();
UriComponentsBuilder builder = UriComponentsBuilder.fromUriString(redirectUri);
Map<String, String > requestParams = e.getRequestParams();
for (Map.Entry<String ,String> param : requestParams.entrySet()) {
Map<String, String> requestParams = e.getRequestParams();
for (Map.Entry<String, String> param : requestParams.entrySet()) {
builder.queryParam(param.getKey(), param.getValue());
}

1
gateway-zuul/src/main/java/io/bluemoon/gatewayzuul/filter/HeaderEnhanceFilter.java
View File

@@ -13,6 +13,5 @@ public class HeaderEnhanceFilter implements Filter {
// test if request url is permit all, then remove authorization from header
}
}

14
gateway-zuul/src/main/resources/application.properties
View File

@@ -1,42 +1,30 @@
server.port=8765
zuul.sensitive-headers=
zuul.routes.mk2-service.path=/api/**
zuul.routes.mk2-service.url=http://127.0.0.1:8082
zuul.routes.mk2-service.sensitive-headers=
zuul.routes.mk2-oauth.path=/mk-auth/**
#zuul.routes.mk2-oauth.url=https://59a7bc58.ngrok.io
zuul.routes.mk2-oauth.url=http://localhost:8081
zuul.routes.mk2-oauth.sensitive-headers=
#zuul.routes.mk2-oauth.path=/mk2auth/**
zuul.routes.mk2-oauth.strip-prefix=false
zuul.add-proxy-headers=true
security.oauth2.sso.login-path=/login
security.oauth2.client.access-token-uri=http://localhost:8081/mk-auth/oauth/token
# /oauth/authorize 요청은 클라이언트가 리소스 서버의 api를 사용하기 위해 사용자(리소스 소유자)에게
# 권한 위임 동의를 받기 위한 페이지를 출력하는 기능을 수행
security.oauth2.client.user-authorization-uri=http://localhost:8081/mk-auth/oauth/authorize
security.oauth2.resource.user-info-uri=http://localhost:8081/mk-auth/user
security.oauth2.resource.prefer-token-info=false
security.oauth2.client.client-id=system1
security.oauth2.client.client-secret=1234
#management.security.enabled=false
#security.oauth2.resource.jwt.key-value="abc"
#security.oauth2.resource.id=read
#security.oauth2.resource.service-id=${PREFIX:}resource
#management.endpoints.web.exposure.include=routes, health, filter
#management.endpoint.routes.enabled=true
#management.endpoint.filters.enabled=true
logging.level.web=debug
spring.http.log-request-details=true
spring.http.log-request-details=true