resourceServer config, websecurity config setting

2019-07-10 15:26:23 +09:00
parent 1cad6d916b
commit d2dbddb9d2
18 changed files with 224 additions and 27 deletions
--- a/authorization-server2/src/main/java/io/bluemoon/authorizationserver2/AuthorizationServer2Application.java
+++ b/authorization-server2/src/main/java/io/bluemoon/authorizationserver2/AuthorizationServer2Application.java
@@ -4,7 +4,7 @@ import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;

-@EnableResourceServer
+//@EnableResourceServer
@SpringBootApplication
 public class AuthorizationServer2Application {

--- a/authorization-server2/src/main/java/io/bluemoon/authorizationserver2/config/ResourceServerConfig.java
+++ b/authorization-server2/src/main/java/io/bluemoon/authorizationserver2/config/ResourceServerConfig.java
@@ -1,18 +1,24 @@
-package io.bluemoon.testservice;
+package io.bluemoon.authorizationserver2.config;

+import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
-import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;

@Configuration
-public class ResourceServiceConfig extends ResourceServerConfigurerAdapter {
+//@Order(SecurityProperties.BASIC_AUTH_ORDER)
+@EnableResourceServer
+public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
+//                .requestMatchers().antMatchers("/createOAuthUser")
+//                .and()
                .authorizeRequests()
+                .antMatchers("/createOAuthUser").permitAll()
                .anyRequest()
                .authenticated();
    }
--- a/authorization-server2/src/main/java/io/bluemoon/authorizationserver2/config/WebSecurity2Config.java
+++ b/authorization-server2/src/main/java/io/bluemoon/authorizationserver2/config/WebSecurity2Config.java
@@ -8,13 +8,22 @@ import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.util.matcher.AnyRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;

@Configuration
-@Order(SecurityProperties.BASIC_AUTH_ORDER)
+@EnableWebSecurity
+//@Order(SecurityProperties.BASIC_AUTH_ORDER -1)
+//@Order(-1)
 public class WebSecurity2Config extends WebSecurityConfigurerAdapter {
    private CustomUserDetailsServiceImpl customUserDetailsService;
+//    private PasswordEncoder passwordEncoder;

    public WebSecurity2Config(
            CustomUserDetailsServiceImpl customUserDetailsService
@@ -33,8 +42,18 @@ public class WebSecurity2Config extends WebSecurityConfigurerAdapter {
        auth.authenticationProvider(daoAuthenticationProvider());
    }

+    // allow controller uri
+
+
    @Override
    protected void configure(HttpSecurity http) throws Exception {
+        http
+//                .requestMatchers().antMatchers("/createOAuthUser")
+//                .and()
+                .authorizeRequests()
+//                .antMatchers("/createOAuthUser").permitAll()
+                .anyRequest()
+                .authenticated();

    }

@@ -47,6 +66,12 @@ public class WebSecurity2Config extends WebSecurityConfigurerAdapter {
    }

    // 패스워드 인코딩 수정
+//    @Bean
+//    public static PasswordEncoder passwordEncoder() {
+//        return new BCryptPasswordEncoder();
+//    }
+
+
    @Bean
    @SuppressWarnings("deprecation")
    public static NoOpPasswordEncoder passwordEncoder() {
--- a/authorization-server2/src/main/java/io/bluemoon/authorizationserver2/controller/AuthController.java
+++ b/authorization-server2/src/main/java/io/bluemoon/authorizationserver2/controller/AuthController.java
@@ -1,17 +1,48 @@
 package io.bluemoon.authorizationserver2.controller;

+import io.bluemoon.authorizationserver2.domain.user.User;
+import io.bluemoon.authorizationserver2.service.user.UserService;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.validation.Errors;
+import org.springframework.web.bind.annotation.*;

+import javax.validation.constraints.NotNull;
 import java.security.Principal;
+import java.util.Map;

@RestController
 public class AuthController {
+    private UserService userService;
+
+    public AuthController(
+            UserService userService
+    ) {
+        this.userService = userService;
+    }
+
+
    @RequestMapping(value = "/user")
    public Principal getUser(Principal user) {
        return user;
    }

+
+    @RequestMapping(value = "/createOAuthUser", method = RequestMethod.POST)
+    public User createOAuthUser(@RequestBody @NotNull User user, @RequestHeader Map header, Errors errors) {
+        System.out.println(errors.toString());
+        System.out.println(user);
+        System.out.println(header);
+
+        return user;
+    }
+
+    @PutMapping(value = "/updateOAuthUser")
+    public User updateOAuthUser(@RequestBody User user, @RequestHeader Map header) {
+        System.out.println(user);
+        System.out.println(header);
+
+        return user;
+    }
+
 }
--- a/test-service/build.gradle
+++ b/test-service/build.gradle
@@ -31,6 +31,7 @@ dependencies {
    implementation 'com.squareup.okhttp3:okhttp:3.9.1'
    implementation 'com.google.code.gson:gson'
    compileOnly 'org.projectlombok:lombok'
+    runtimeOnly 'mysql:mysql-connector-java'
    annotationProcessor 'org.projectlombok:lombok'
    testImplementation 'org.springframework.boot:spring-boot-starter-test'
 }
--- a/test-service/src/main/java/io/bluemoon/testservice/TestServiceApplication.java
+++ b/test-service/src/main/java/io/bluemoon/testservice/TestServiceApplication.java
@@ -14,7 +14,6 @@ import org.springframework.web.bind.annotation.SessionAttributes;
 import java.security.Principal;

@SpringBootApplication
-@EnableResourceServer
 public class TestServiceApplication {


--- a/test-service/src/main/java/io/bluemoon/testservice/config/ResourceServerConfig.java
+++ b/test-service/src/main/java/io/bluemoon/testservice/config/ResourceServerConfig.java
@@ -0,0 +1,26 @@
+package io.bluemoon.testservice.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
+
+@Configuration
+@EnableResourceServer
+public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
+
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        http
+                .authorizeRequests()
+                .antMatchers("/signIn").permitAll()
+                .antMatchers("/signUp").permitAll()
+                .antMatchers("/signInMiddleWare").permitAll()
+                .antMatchers("/signUpMiddleWare").permitAll()
+                .anyRequest()
+                .authenticated();
+    }
+}
--- a/test-service/src/main/java/io/bluemoon/testservice/config/WebMvcConfig.java
+++ b/test-service/src/main/java/io/bluemoon/testservice/config/WebMvcConfig.java
@@ -12,5 +12,6 @@ public class WebMvcConfig implements WebMvcConfigurer {
    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/signIn").setViewName("signIn");
+        registry.addViewController("/signUp").setViewName("signUp");
    }
 }
--- a/test-service/src/main/java/io/bluemoon/testservice/config/WebSecurityConfig.java
+++ b/test-service/src/main/java/io/bluemoon/testservice/config/WebSecurityConfig.java
@@ -9,7 +9,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
-@Order(-1)
+//@Order(-1)
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
@@ -17,7 +17,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        http
                .authorizeRequests()
                .antMatchers("/signIn").permitAll()
-                .antMatchers("/signInAfter").permitAll()
+                .antMatchers("/signUp").permitAll()
+                .antMatchers("/signInMiddleWare").permitAll()
+                .antMatchers("/signUpMiddleWare").permitAll()
                .anyRequest()
                .authenticated();

--- a/test-service/src/main/java/io/bluemoon/testservice/controller/SignController.java
+++ b/test-service/src/main/java/io/bluemoon/testservice/controller/SignController.java
@@ -1,6 +1,8 @@
 package io.bluemoon.testservice.controller;

 import io.bluemoon.testservice.domain.user.User;
+import io.bluemoon.testservice.service.user.UserService;
+import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.web.bind.annotation.*;

 import javax.servlet.http.HttpServletRequest;
@@ -9,8 +11,17 @@ import java.util.Map;

@RestController
 public class SignController {
-    @PostMapping("/signInAfter")
-    private String signIn(HttpServletRequest request) {
+
+    private UserService userService;
+
+    public SignController(
+            UserService userService
+    ) {
+        this.userService = userService;
+    }
+
+    @PostMapping("/signInMiddleWare")
+    public String signInMiddleWare(HttpServletRequest request) {
        System.out.println(request);
        System.out.println(request.getAuthType());
        System.out.println(request.getSession());
@@ -19,11 +30,29 @@ public class SignController {
        return "aaaa";
    }

+    @PostMapping("/signUpMiddleWare")
+    public User signUpMiddleWare(HttpServletRequest request) {
+
+        User user = requestToUser(request);
+
+        return userService.createUser(user);
+
+    }
+
    @PostMapping("/createOAuthUser")
    public String creatOAuthUser(@RequestBody @Valid User user, @RequestHeader Map header) {

-
-
        return "";
    }
+
+
+    private User requestToUser(HttpServletRequest request) {
+        User user = new User();
+        user.setUsername(request.getParameter("username"));
+        user.setPassword(request.getParameter("password"));
+
+
+        return user;
+    }
+
 }
--- a/test-service/src/main/java/io/bluemoon/testservice/domain/oauth/OAuthUser.java
+++ b/test-service/src/main/java/io/bluemoon/testservice/domain/oauth/OAuthUser.java
@@ -1,7 +1,6 @@
 package io.bluemoon.testservice.domain.oauth;

 import lombok.Data;
-import java.time.LocalDateTime;

@Data
 public class OAuthUser {
--- a/test-service/src/main/java/io/bluemoon/testservice/domain/user/User.java
+++ b/test-service/src/main/java/io/bluemoon/testservice/domain/user/User.java
@@ -2,15 +2,17 @@ package io.bluemoon.testservice.domain.user;

 import lombok.Data;

-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
+import javax.persistence.*;

@Data
+@Entity
 public class User {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private int id;
+
+    @Column
    private String username;
+    @Column
    private String password;
 }
--- a/test-service/src/main/java/io/bluemoon/testservice/service/user/UserEventListener.java
+++ b/test-service/src/main/java/io/bluemoon/testservice/service/user/UserEventListener.java
@@ -1,6 +1,7 @@
 package io.bluemoon.testservice.service.user;

 import io.bluemoon.testservice.domain.user.User;
+import io.bluemoon.testservice.utils.APIRequest;
 import org.springframework.scheduling.annotation.Async;
 import org.springframework.stereotype.Component;
 import org.springframework.transaction.event.TransactionPhase;
@@ -13,8 +14,14 @@ public class UserEventListener {

    @Async
    @TransactionalEventListener(phase = TransactionPhase.AFTER_COMMIT, classes = UserServiceImpl.UserCreateEvent.class)
-    public void createUserHandle(UserServiceImpl.UserCreateEvent event) throws IOException {
+    public void handle(UserServiceImpl.UserCreateEvent event) throws IOException {
        User user = event.getUser();
+        System.out.println("----------handler");
+        System.out.println(user);
+        APIRequest.ResponseWrapper responseWrapper = APIRequest.getIRequestExecutor().createOAuthUser(user);
+        System.out.println(responseWrapper.getHeader());
+        System.out.println(responseWrapper.getBody());
+


        // oauth
@@ -22,7 +29,8 @@ public class UserEventListener {

    @Async
    @TransactionalEventListener(phase = TransactionPhase.AFTER_COMMIT, classes = UserServiceImpl.UserUpdateEvent.class)
-    public void updateUserHandle(UserServiceImpl.UserUpdateEvent event) throws IOException {
+    public void handle(UserServiceImpl.UserUpdateEvent event) throws IOException {
+        System.out.println("----------handler");
        User user = event.getUser();

        // oauth
--- a/test-service/src/main/java/io/bluemoon/testservice/service/user/UserServiceImpl.java
+++ b/test-service/src/main/java/io/bluemoon/testservice/service/user/UserServiceImpl.java
@@ -6,11 +6,16 @@ import lombok.Getter;
 import lombok.NonNull;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;

 import java.util.Optional;

@Service
+@Transactional
 public class UserServiceImpl implements UserService, ApplicationEventPublisherAware {

    private UserRepository userRepository;
@@ -25,12 +30,15 @@ public class UserServiceImpl implements UserService, ApplicationEventPublisherAw

    @Override
    public User createUser(User user) {
-
+        System.out.println(passwordEncoder().encode(user.getPassword()));
+        user.setPassword(passwordEncoder().encode(user.getPassword()));
+        System.out.println(passwordEncoder().matches("1234", user.getPassword()));
        userRepository.save(user);
        eventPublisher.publishEvent(new UserCreateEvent(user));
-        return null;
+        return user;
    }

+    // update password는 별로의 로직으로?
    @Override
    public User updateUser(User user) {
        Optional<User> optionalUser = userRepository.findById(user.getId());
@@ -39,7 +47,7 @@ public class UserServiceImpl implements UserService, ApplicationEventPublisherAw
            userRepository.save(user);
            eventPublisher.publishEvent(new UserUpdateEvent(user));
        }
-        return null;
+        return user;
    }

    @Override
@@ -64,4 +72,9 @@ public class UserServiceImpl implements UserService, ApplicationEventPublisherAw
            this.user = user;
        }
    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
 }
--- a/test-service/src/main/java/io/bluemoon/testservice/utils/APIRequest.java
+++ b/test-service/src/main/java/io/bluemoon/testservice/utils/APIRequest.java
@@ -39,7 +39,7 @@ public class APIRequest {

        @Override
        public ResponseWrapper createOAuthUser(User user) throws IOException {
-            String url = "";
+            String url = "http://localhost:8081/auth/createOAuthUser";
            Gson gson = new GsonBuilder().setPrettyPrinting().create();
            String jsonString = gson.toJson(user);

@@ -55,7 +55,7 @@ public class APIRequest {
            Response response = call.execute();
            ResponseWrapper result = new ResponseWrapper(response.body().string(), convertToString(response.headers()));

-            return null;
+            return result;
        }

        @Override
--- a/test-service/src/main/resources/application.properties
+++ b/test-service/src/main/resources/application.properties
@@ -8,4 +8,20 @@ server.servlet.context-path=/api
 #security.oauth2.client.client-id=system1
 #security.oauth2.client.client-secret=1234
 #security.oauth2.resource.token-info-uri=http://127.0.0.1:8081/mk-auth/oauth/check_token
-security.oauth2.resource.user-info-uri=http://127.0.0.1:8765/auth/check_token
+security.oauth2.resource.user-info-uri=http://127.0.0.1:8765/auth/check_token
+
+spring.main.allow-bean-definition-overriding=true
+spring.datasource.url=jdbc:mysql://127.0.0.1/local_keepgrow?useUnicode=true&characterEncoding=utf-8&zeroDateTimeBehavior=convertToNull&serverTimezone=UTC
+spring.datasource.username=root
+spring.datasource.password=bluemoon
+spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
+spring.datasource.platform=schema
+spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MariaDB53Dialect
+
+spring.jpa.database = MYSQL
+spring.jpa.hibernate.ddl-auto=update
+spring.jpa.generate-ddl=true
+spring.jpa.show-sql=true
+
+logging.level.web=debug
+spring.http.log-request-details=true
--- a/test-service/src/main/resources/templates/signIn.html
+++ b/test-service/src/main/resources/templates/signIn.html
@@ -5,7 +5,7 @@
 </head>
 <body>
 <div class="container">
-    <form role="form" th:action="@{/signInAfter}" method="post">
+    <form role="form" th:action="@{/signInMiddleWare}" method="post">
        <div class="form-group row">
            <label for="username" class="col-sm-2 col-form-label">ID</label>
            <div class="col-sm-10">
--- a/test-service/src/main/resources/templates/signUp.html
+++ b/test-service/src/main/resources/templates/signUp.html
@@ -0,0 +1,39 @@
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
+<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
+
+<head>
+</head>
+<body>
+<div class="container">
+    <form role="form" th:action="@{/signUpMiddleWare}" method="post">
+        <div class="form-group row">
+            <label for="username" class="col-sm-2 col-form-label">ID</label>
+            <div class="col-sm-10">
+                <input type="text" class="form-control" id="username" placeholder="id" name="username">
+            </div>
+        </div>
+
+
+        <div class="form-group row">
+            <label for="password" class="col-sm-2 col-form-label">Password</label>
+            <div class="col-sm-10">
+                <input type="password" class="form-control" id="password" placeholder="password" name="password">
+            </div>
+        </div>
+
+        <input type="hidden" id="csrf_token" name="${_csrf.parameterName}" value="${_csrf.token}"/>
+        <button type="submit" class="btn btn-primary">Sign in</button>
+    </form>
+</div>
+
+
+
+
+
+
+</body>
+
+<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
+<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js" integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous"></script>
+<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>
+</html>