From f83a3ab6063e4a8d1821ae00e8ca93f04aaf4398 Mon Sep 17 00:00:00 2001 From: liquidjoo Date: Tue, 4 Aug 2020 14:10:10 +0900 Subject: [PATCH] =?UTF-8?q?chore:=20=EC=82=AC=EC=9A=A9=ED=95=98=EC=A7=80?= =?UTF-8?q?=20=EC=95=8A=EB=8A=94=20=ED=8C=A8=ED=82=A4=EC=A7=80=20=EC=A0=95?= =?UTF-8?q?=EB=A6=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../AuthorizationServerApplication.java | 4 -- .../config/OAuth2SsoServerConfig.java | 18 ++++---- .../config/ResourceServerConfiguration.java | 1 - .../config/WebMvcConfig.java | 1 - .../config/WebSecurityConfig.java | 42 +++++++++---------- .../CustomOAuthExceptionSerializer.java | 2 +- .../controller/sso/SsoController.java | 10 ++--- .../accesstoken/AccessTokenRepository.java | 1 - .../domain/social/SocialType.java | 4 +- .../domain/social/UserArgumentResolver.java | 7 +++- .../domain/user/CustomUserDetails.java | 3 +- .../authorizationserver/domain/user/User.java | 2 - .../domain/user/UserRepository.java | 2 +- ...erviceImpl.java => DefaultSsoService.java} | 9 ++-- ...mpl.java => CustomUserDetailsService.java} | 7 ++-- 15 files changed, 49 insertions(+), 64 deletions(-) rename authorization-server/src/main/java/io/bluemoon/authorizationserver/service/sso/{SsoServiceImpl.java => DefaultSsoService.java} (90%) rename authorization-server/src/main/java/io/bluemoon/authorizationserver/service/user/{CustomUserDetailsServiceImpl.java => CustomUserDetailsService.java} (91%) diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/AuthorizationServerApplication.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/AuthorizationServerApplication.java index 53c0b02..1243975 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/AuthorizationServerApplication.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/AuthorizationServerApplication.java @@ -2,10 +2,6 @@ package io.bluemoon.authorizationserver; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; -import org.springframework.format.annotation.DateTimeFormat; -import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; - -import java.util.Date; @SpringBootApplication public class AuthorizationServerApplication { diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/OAuth2SsoServerConfig.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/OAuth2SsoServerConfig.java index 571c2ad..8320969 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/OAuth2SsoServerConfig.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/OAuth2SsoServerConfig.java @@ -1,11 +1,10 @@ package io.bluemoon.authorizationserver.config; -import io.bluemoon.authorizationserver.service.user.CustomUserDetailsServiceImpl; +import io.bluemoon.authorizationserver.service.user.CustomUserDetailsService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Primary; -import org.springframework.core.io.ClassPathResource; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; @@ -21,10 +20,8 @@ import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeSe import org.springframework.security.oauth2.provider.token.TokenStore; import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore; import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter; -import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory; import javax.sql.DataSource; -import java.security.KeyPair; @@ -47,7 +44,7 @@ public class OAuth2SsoServerConfig extends AuthorizationServerConfigurerAdapter private ClientDetailsService clientDetailsService; private AuthenticationManager authenticationManager; private DataSource dataSource; - private CustomUserDetailsServiceImpl customUserDetailsService; + private CustomUserDetailsService customUserDetailsService; public OAuth2SsoServerConfig( // AuthorizationCodeServices authorizationCodeServices, @@ -55,7 +52,7 @@ public class OAuth2SsoServerConfig extends AuthorizationServerConfigurerAdapter ClientDetailsService clientDetailsService, AuthenticationManager authenticationManager, DataSource dataSource, - CustomUserDetailsServiceImpl customUserDetailsService + CustomUserDetailsService customUserDetailsService ) { // this.authorizationCodeServices = authorizationCodeServices; // this.approvalStore = approvalStore; @@ -75,9 +72,10 @@ public class OAuth2SsoServerConfig extends AuthorizationServerConfigurerAdapter } /** - * OAuth2 서버가 작동하기 위한 Endpoint에 대한 정보를 설정 - * 권한 부여 및 토큰 엔드 포인트와 토큰 서비스를 설정. - * AuhorizationEndpoint가 지원하는 부여 유형을 정할 수 있음. + * OAuth2 서버가 작동하기 위한 Endpoint에 대한 정보를 설정 + * 권한 부여 및 토큰 엔드 포인트와 토큰 서비스를 설정. + * AuhorizationEndpoint가 지원하는 부여 유형을 정할 수 있음. + * * @param endpoints * @throws Exception */ @@ -108,6 +106,7 @@ public class OAuth2SsoServerConfig extends AuthorizationServerConfigurerAdapter * 클라리언트 세부 사항 서비스의 메모리 내 or JDBC구현을 정의 * JdbcClientDetailsService를 활용해 데이터베이스 테이블로 세부 정보를 업데이트 가능 * AuthorizationServerConfigurer의 콜백 + * * @param clients * @throws Exception */ @@ -123,6 +122,7 @@ public class OAuth2SsoServerConfig extends AuthorizationServerConfigurerAdapter * 액세스 토큰을 만들 때 액세스 토콘을 수락하는 리소스가 나중에 참조 할 수 있도록 인증을 저장해야함 * 액세스 토콘을 생성 권한 부여에 사용 된 인증을 로드하는데 사용됨. * 서버간에 데이터베이스를 공유 할 수 있는 경우!! + * * @param dataSource * @return */ diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/ResourceServerConfiguration.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/ResourceServerConfiguration.java index d413409..1cb0b79 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/ResourceServerConfiguration.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/ResourceServerConfiguration.java @@ -4,7 +4,6 @@ package io.bluemoon.authorizationserver.config; import io.bluemoon.authorizationserver.config.handler.CustomAccessDeniedHandler; import io.bluemoon.authorizationserver.config.handler.CustomHttp403ForbiddenEntryPoint; import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer; diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebMvcConfig.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebMvcConfig.java index 3150880..c0c80a8 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebMvcConfig.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebMvcConfig.java @@ -6,7 +6,6 @@ import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.Ordered; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.web.filter.ForwardedHeaderFilter; import org.springframework.web.method.support.HandlerMethodArgumentResolver; import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java index e95bf03..2abd43f 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/WebSecurityConfig.java @@ -1,7 +1,7 @@ package io.bluemoon.authorizationserver.config; import io.bluemoon.authorizationserver.config.handler.CustomAuthFailureHandler; -import io.bluemoon.authorizationserver.service.user.CustomUserDetailsServiceImpl; +import io.bluemoon.authorizationserver.service.user.CustomUserDetailsService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.security.SecurityProperties; import org.springframework.context.annotation.Bean; @@ -14,15 +14,10 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; -import org.springframework.security.crypto.password.NoOpPasswordEncoder; -//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client; import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.security.web.authentication.AuthenticationFailureHandler; -import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; -import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; -import org.springframework.security.web.csrf.CsrfFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; -import org.springframework.web.filter.CharacterEncodingFilter; + +//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client; @Configuration @EnableWebSecurity @@ -32,18 +27,25 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired CustomAuthFailureHandler customAuthFailureHandler; - private CustomUserDetailsServiceImpl customUserDetailsService; + private CustomUserDetailsService customUserDetailsService; public WebSecurityConfig( - CustomUserDetailsServiceImpl customUserDetailsService + CustomUserDetailsService customUserDetailsService ) { this.customUserDetailsService = customUserDetailsService; } + + @Bean + public static PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } + /** * authentication processing * if success -> Authentication in info object return * els fail -> Exception * impl 구현체 -> authentication provider 에서 구현해서 authentication object를 던져줌 + * * @return AuthenticationManager * @throws Exception */ @@ -59,7 +61,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { // --------------------------------- sso test http.formLogin().loginPage("/login").permitAll().failureHandler(customAuthFailureHandler) .and() - .requestMatchers().antMatchers("/login/**","/oauth/authorize") + .requestMatchers().antMatchers("/login/**", "/oauth/authorize") .and() .authorizeRequests().anyRequest().authenticated() .and() @@ -72,7 +74,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { } - /** * authentication Object managing * @@ -84,6 +85,12 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { auth.authenticationProvider(daoAuthenticationProvider()); } +// @Bean +// @SuppressWarnings("deprecation") +// public static NoOpPasswordEncoder passwordEncoder() { +// return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance(); +// } + /** * user info at database for make authentication object * @@ -97,17 +104,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { return daoAuthenticationProvider; } -// @Bean -// @SuppressWarnings("deprecation") -// public static NoOpPasswordEncoder passwordEncoder() { -// return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance(); -// } - - @Bean - public static PasswordEncoder passwordEncoder() { - return new BCryptPasswordEncoder(); - } - // social login // @Bean diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/handler/CustomOAuthExceptionSerializer.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/handler/CustomOAuthExceptionSerializer.java index 00b0416..0ea5d73 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/handler/CustomOAuthExceptionSerializer.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/config/handler/CustomOAuthExceptionSerializer.java @@ -29,6 +29,6 @@ public class CustomOAuthExceptionSerializer extends StdSerializer userRoles = userRoleRepository.findByUser(user); // role 부여 - setRoleIfNotSame(user, authentication, map, userRoles); + setRoleIfNotSame(user, authentication, map, userRoles); session.setAttribute("user", user); } catch (ClassCastException e) { return user; @@ -104,6 +104,7 @@ public class UserArgumentResolver implements HandlerMethodArgumentResolver { /** * 사용자의 인증된 소셜 미디어 타입에 따라 빌더를 사용하여 User 객체를 만들어 주는 가교 역할 + * * @param authority * @param map * @return @@ -117,6 +118,7 @@ public class UserArgumentResolver implements HandlerMethodArgumentResolver { /** * 페이스북이나 구글 같이 공통되는 명명규칙을 가진 그룹을 맵핑 + * * @param socialType * @param map * @return @@ -156,6 +158,7 @@ public class UserArgumentResolver implements HandlerMethodArgumentResolver { /** * 인증된 authentication이 권한을 갖고 있는지 체크하는 용도 * 만약 저장된 User 권한이 없으면 SecurityContextHolder를 사용하여 해당 소셜미디어 타입으로 권한을 저장 + * * @param user * @param authentication * @param map diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/CustomUserDetails.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/CustomUserDetails.java index 93a43d7..ff9b636 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/CustomUserDetails.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/CustomUserDetails.java @@ -1,6 +1,5 @@ package io.bluemoon.authorizationserver.domain.user; -import io.bluemoon.authorizationserver.domain.social.SocialType; import lombok.Data; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; @@ -29,7 +28,7 @@ public class CustomUserDetails implements UserDetails { @Override public Collection getAuthorities() { List authorities = new ArrayList<>(); - for (String role: userRole) { + for (String role : userRole) { authorities.add(new SimpleGrantedAuthority(role)); } return authorities; diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/User.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/User.java index 5b78cd7..1743d61 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/User.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/User.java @@ -6,7 +6,6 @@ import lombok.*; import javax.persistence.*; import java.time.LocalDateTime; import java.util.Collection; -import java.util.Date; @Entity @Getter @@ -47,7 +46,6 @@ public class User { private LocalDateTime updatedAt; - // //1:수퍼관리자, 2:관리자, 3:사용자 // @Column // private String userType; diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/UserRepository.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/UserRepository.java index c35058d..868a4e3 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/UserRepository.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/domain/user/UserRepository.java @@ -1,9 +1,9 @@ package io.bluemoon.authorizationserver.domain.user; import org.springframework.data.jpa.repository.JpaRepository; -import org.springframework.stereotype.Repository; public interface UserRepository extends JpaRepository { User findByUsername(String username); + User findByEmail(String email); } diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/sso/SsoServiceImpl.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/sso/DefaultSsoService.java similarity index 90% rename from authorization-server/src/main/java/io/bluemoon/authorizationserver/service/sso/SsoServiceImpl.java rename to authorization-server/src/main/java/io/bluemoon/authorizationserver/service/sso/DefaultSsoService.java index 139d0b9..4e6cf4a 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/sso/SsoServiceImpl.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/sso/DefaultSsoService.java @@ -9,6 +9,7 @@ import org.springframework.transaction.annotation.Transactional; import java.io.UnsupportedEncodingException; import java.math.BigInteger; +import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.HashMap; @@ -17,11 +18,11 @@ import java.util.Map; import java.util.Optional; @Service -public class SsoServiceImpl implements SsoService{ +public class DefaultSsoService implements SsoService { private AccessTokenRepository accessTokenRepository; private ClientRepository clientRepository; - public SsoServiceImpl( + public DefaultSsoService( AccessTokenRepository accessTokenRepository, ClientRepository clientRepository ) { @@ -44,13 +45,11 @@ public class SsoServiceImpl implements SsoService{ try { MessageDigest digest = MessageDigest.getInstance("MD5"); - byte[] bytes = digest.digest(value.getBytes("UTF-8")); + byte[] bytes = digest.digest(value.getBytes(StandardCharsets.UTF_8)); return String.format("%032x", new BigInteger(1, bytes)); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("MD5 algorithm not avilable. Fatal (should be in the JDK)."); - } catch (UnsupportedEncodingException e) { - throw new IllegalStateException("UTF-8 encoding not available. Fatal (should be in the JDK)."); } } diff --git a/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/user/CustomUserDetailsServiceImpl.java b/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/user/CustomUserDetailsService.java similarity index 91% rename from authorization-server/src/main/java/io/bluemoon/authorizationserver/service/user/CustomUserDetailsServiceImpl.java rename to authorization-server/src/main/java/io/bluemoon/authorizationserver/service/user/CustomUserDetailsService.java index aa51494..e223878 100644 --- a/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/user/CustomUserDetailsServiceImpl.java +++ b/authorization-server/src/main/java/io/bluemoon/authorizationserver/service/user/CustomUserDetailsService.java @@ -7,17 +7,16 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; import java.util.ArrayList; -import java.util.Arrays; import java.util.List; @Service -public class CustomUserDetailsServiceImpl implements UserDetailsService { +public class CustomUserDetailsService implements UserDetailsService { // User Info private UserRepository userRepository; private UserRoleRepository userRoleRepository; - public CustomUserDetailsServiceImpl( + public CustomUserDetailsService( UserRepository userRepository, UserRoleRepository userRoleRepository ) { @@ -27,7 +26,7 @@ public class CustomUserDetailsServiceImpl implements UserDetailsService { @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { - System.out.println("why?????????????"+username); + System.out.println("why?????????????" + username); User user = userRepository.findByUsername(username); System.out.println(user); List userRole = userRoleRepository.findByUser(user);