webSecurity config setting

authorization-server/build.gradle

@@ -29,7 +29,7 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-web'
     implementation 'org.springframework.cloud:spring-cloud-starter-oauth2'
     implementation 'org.springframework.cloud:spring-cloud-starter-security'
-    implementation('org.springframework.boot:spring-boot-starter-data-jpa')
+    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
     compileOnly 'org.projectlombok:lombok'
     runtimeOnly 'mysql:mysql-connector-java'
     annotationProcessor 'org.projectlombok:lombok'

authorization-server/gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,6 @@
+#Thu May 16 11:26:19 KST 2019
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-5.4.1-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-5.4.1-all.zip

authorization-server/src/main/java/io/bluemoon/authorizationserver/config/AuthServerConfig.java

@@ -0,0 +1,7 @@
+package io.bluemoon.authorizationserver.config;
+
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+
+public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {
+
+}

authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java

@@ -0,0 +1,72 @@
+package io.bluemoon.authorizationserver.config;
+
+import io.bluemoon.authorizationserver.service.user.CustomUserDetailsServiceImpl;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
+
+@Configuration
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    private CustomUserDetailsServiceImpl customUserDetailsService;
+
+    public WebSecurityConfig(
+            CustomUserDetailsServiceImpl customUserDetailsService
+    ) {
+        this.customUserDetailsService = customUserDetailsService;
+    }
+
+    /**
+     * authentication processing
+     * if success -> Authentication in info object return
+     * els fail -> Exception
+     * impl 구현체 -> authentication provider 에서 구현해서 authentication object를 던져줌
+     * @return AuthenticationManager
+     * @throws Exception
+     */
+    @Bean
+    @Override
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests().antMatchers("/oauth/**", "/test/**").permitAll();
+    }
+
+    /**
+     * authentication Object managing
+     *
+     * @param auth
+     * @throws Exception
+     */
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.authenticationProvider(daoAuthenticationProvider());
+    }
+
+    /**
+     * user info at database for make authentication object
+     *
+     * @return DaoAuthenticationProvider
+     */
+    @Bean
+    public DaoAuthenticationProvider daoAuthenticationProvider() {
+        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
+        daoAuthenticationProvider.setUserDetailsService(customUserDetailsService);
+        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
+        return daoAuthenticationProvider;
+    }
+
+    @Bean
+    @SuppressWarnings("deprecation")
+    public static NoOpPasswordEncoder passwordEncoder() {
+        return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
+    }
+}

authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/User.java

@@ -0,0 +1,28 @@
+package io.bluemoon.authorizationserver.domain.user;
+
+import lombok.Data;
+
+import javax.persistence.*;
+import java.util.Date;
+
+@Entity
+@Data
+public class User {
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private Long id;
+
+    @Column(length = 20, nullable = false, unique = true)
+    private String userName;
+
+    @Column(length = 100, nullable = false)
+    private String password;
+
+    //1:수퍼관리자, 2:관리자, 3:사용자
+    @Column(length = 1, nullable = false)
+    private String userType;
+
+    @Column(nullable = false)
+    @Temporal(TemporalType.TIMESTAMP)
+    private Date regDate = new Date();
+}

authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/UserDetail.java

@@ -0,0 +1,57 @@
+package io.bluemoon.authorizationserver.domain.user;
+
+import lombok.Data;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+@Data
+public class UserDetail implements UserDetails {
+
+    private static final long serialVersionUID = 6396079419309274853L;
+    private Long id;
+    private String username;
+    private String password;
+    private String userType;
+    private List<String> roles;
+
+    public UserDetail(User user) {
+        this.id = user.getId();
+        this.username = user.getUserName();
+        this.password = user.getPassword();
+        this.userType = user.getUserType();
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        List<GrantedAuthority> authorities = new ArrayList<>();
+        for (String role: roles) {
+            authorities.add(new SimpleGrantedAuthority(role));
+        }
+        return authorities;
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+}

authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/UserRepository.java

@@ -0,0 +1,7 @@
+package io.bluemoon.authorizationserver.domain.user;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface UserRepository extends JpaRepository<User, Long> {
+    User findByUserName(String userName);
+}

authorization-server/src/main/java/io/bluemoon/authorizationserver/service/user/CustomUserDetailsServiceImpl.java

@@ -0,0 +1,52 @@
+package io.bluemoon.authorizationserver.service.user;
+
+import io.bluemoon.authorizationserver.domain.user.User;
+import io.bluemoon.authorizationserver.domain.user.UserDetail;
+import io.bluemoon.authorizationserver.domain.user.UserRepository;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+import java.util.Arrays;
+
+@Service
+public class CustomUserDetailsServiceImpl implements UserDetailsService {
+
+    // User Info
+    private UserRepository userRepository;
+
+    public CustomUserDetailsServiceImpl(
+            UserRepository userRepository
+    ) {
+        this.userRepository = userRepository;
+    }
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        User user = userRepository.findByUserName(username);
+
+        if (user == null) {
+            throw new UsernameNotFoundException("UsernameNotFound[" + username + "]");
+        }
+
+        UserDetail userDetail = createUser(user);
+        return userDetail;
+    }
+
+    /**
+     * User role check
+     * @param user
+     * @return
+     */
+    private UserDetail createUser(User user) {
+        UserDetail userDetail = new UserDetail(user);
+
+        if (userDetail.getUserType().equals("1")) {
+            userDetail.setRoles(Arrays.asList("ROLE_ADMIN"));
+        } else {
+            userDetail.setRoles(Arrays.asList("ROLE_USER"));
+        }
+        return userDetail;
+    }
+}