Skip to content

Feature/jwt practice #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .idea/compiler.xml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions .idea/dataSources.xml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 9 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,12 @@
- https://console.cloud.google.com/ 개발자 센터 접속
- 프로젝트 생성 후 OAuth 2.0 클라이언트 Id 생성
- 승인된 리디렉션 URI: http://localhost:8080/login/oauth2/code/google path 고정
- 클라이언트ID, 보안 비밀번호 yml 설정 추가
- 클라이언트ID, 보안 비밀번호 yml 설정 추가

### JWT
- JSON 객체를 사용해서 토큰 자체에 정보들을 저장하고 있는 Web Token
- 기존 세션 방식의 처리는 서버가 메모리 혹은 별도의 세션을 저장할 공간이 필요했음(하드디스크, DB)
- 서버의 부담
- auto scale이 되어 서버 인스턴스가 늘어났을 때, 메모리를 서로 공유하지 못하기 때문에 세션을 공유할 수 없음.
- 중간에 서버가 죽으면? 메모리에 있던 정보들 다 날라감. 별도 저장소를 구성하기엔 비용이 듦
- 이러한 이유 등으로 인해 jwt 웹 표준(RFC 7519) 등장.
15 changes: 10 additions & 5 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,20 @@ repositories {
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
implementation 'org.springframework.boot:spring-boot-starter-validation'
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.boot:spring-boot-starter-mustache'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation 'org.springframework.security:spring-security-test'

compileOnly 'org.projectlombok:lombok'
annotationProcessor 'org.projectlombok:lombok'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation 'org.springframework.security:spring-security-test'
runtimeOnly 'com.mysql:mysql-connector-j:8.0.33'

runtimeOnly 'com.h2database:h2'
// runtimeOnly 'com.mysql:mysql-connector-j:8.0.33'

implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5'
runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5'
}

tasks.named('test') {
Expand Down
24 changes: 24 additions & 0 deletions docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
## compose 파일 버전
#version: '3'
#services:
# # 서비스 명
# db:
# # 사용할 이미지
# image: mysql
# # 컨테이너 실행 시 재시작
# restart: always
# # 컨테이너명 설정
# container_name: mysql-container-by-compose
# # 접근 포트 설정(컨테이너 외부:컨테이너 내부)
# ports:
#
# - 3307:3306
# # 환경 변수 설정
# environment:
# MYSQL_ROOT_PASSWORD: root
# # 명령어 설정
# command:
# - --character-set-server=utf8mb4
# - --collation-server=utf8mb4_unicode_ci
## volumes:
## -
98 changes: 0 additions & 98 deletions src/main/java/com/example/security2/auth/PrincipalDetails.java

This file was deleted.

This file was deleted.

25 changes: 25 additions & 0 deletions src/main/java/com/example/security2/config/CorsConfig.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
package com.example.security2.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

@Configuration
public class CorsConfig {

@Bean
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();

CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOriginPattern("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");

source.registerCorsConfiguration("/rest/api/**", config);
return new CorsFilter(source);
}
}
25 changes: 25 additions & 0 deletions src/main/java/com/example/security2/config/JwtSecurityConfig.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
package com.example.security2.config;

import com.example.security2.jwt.JwtFilter;
import com.example.security2.jwt.TokenProvider;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

public class JwtSecurityConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {

private final TokenProvider tokenProvider;

public JwtSecurityConfig(TokenProvider tokenProvider) {
this.tokenProvider = tokenProvider;
}

@Override
public void configure(HttpSecurity http) throws Exception {
// security 로직에 JwtFilter 등록
http.addFilterBefore(
new JwtFilter(tokenProvider),
UsernamePasswordAuthenticationFilter.class);
}
}
82 changes: 49 additions & 33 deletions src/main/java/com/example/security2/config/SecurityConfig.java
Original file line number Diff line number Diff line change
@@ -1,59 +1,75 @@
package com.example.security2.config;

import com.example.security2.oauth.PrincipalOauth2UserService;
import com.example.security2.jwt.JwtAccessDeniedHandler;
import com.example.security2.jwt.JwtAuthenticationEntryPoint;
import com.example.security2.jwt.TokenProvider;
import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.expression.WebExpressionAuthorizationManager;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.web.filter.CorsFilter;

@Configuration
@EnableWebSecurity // 스프링 필터체인에 등록
@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true) // 권한 처리, Secured 어노테이션 활성화. preAuthorize, postAuthorize 어노테이션 활성화
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfig {

private final PrincipalOauth2UserService principalOauth2UserService;
private final CorsFilter corsFilter;
private final TokenProvider tokenProvider;
private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
private final JwtAccessDeniedHandler jwtAccessDeniedHandler;

public SecurityConfig(PrincipalOauth2UserService principalOauth2UserService) {
this.principalOauth2UserService = principalOauth2UserService;
public SecurityConfig(CorsFilter corsFilter, TokenProvider tokenProvider, JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint, JwtAccessDeniedHandler jwtAccessDeniedHandler) {
this.corsFilter = corsFilter;
this.tokenProvider = tokenProvider;
this.jwtAuthenticationEntryPoint = jwtAuthenticationEntryPoint;
this.jwtAccessDeniedHandler = jwtAccessDeniedHandler;
}

// SecurityConfig <-> PrincipalOauth2UserService 순환참조로 인해 분리(PasswordConfig)
/*@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}*/

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// csrf, cors 일단 비활성화
http.csrf(AbstractHttpConfigurer::disable);
http.cors(AbstractHttpConfigurer::disable);
http
.csrf(AbstractHttpConfigurer::disable)
// .cors(AbstractHttpConfigurer::disable)

http.authorizeHttpRequests((requests) -> requests
.requestMatchers("/user/**").authenticated()
.requestMatchers("/manager/**").access(
new WebExpressionAuthorizationManager("hasRole('ROLE_ADMIN') or hasRole('ROLE_MANAGER')")
.addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
// jwt 예외핸들러 등록
.exceptionHandling(httpSecurityExceptionHandlingConfigurer ->
httpSecurityExceptionHandlingConfigurer
.authenticationEntryPoint(jwtAuthenticationEntryPoint)
.accessDeniedHandler(jwtAccessDeniedHandler)
)
.requestMatchers("/admin/**").access(
new WebExpressionAuthorizationManager("hasRole('ROLE_ADMIN')")

// 세션을 사용하지 않기 때문에 "STATELESS"로 설정
.sessionManagement(sessionManagementConfigurer ->
sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
)
.anyRequest().permitAll())
.formLogin(form -> form
.loginPage("/loginForm")
.usernameParameter("email")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/")

.authorizeHttpRequests((requests) -> requests
.requestMatchers(PathRequest.toH2Console()).permitAll()
.requestMatchers(
new AntPathRequestMatcher("/api/v1/auth"),
new AntPathRequestMatcher("/api/v1/user/hello"),
new AntPathRequestMatcher("/api/v1/user/signup")
).permitAll()
.anyRequest().authenticated()
)
.oauth2Login(oauth2 -> oauth2
.loginPage("/loginForm")
.userInfoEndpoint(userInfoEndpointConfig -> userInfoEndpointConfig
.userService(principalOauth2UserService)
)
);
// enable h2 console
.headers(header -> header
.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin)
)

// JwtFilter 적용
.apply(new JwtSecurityConfig(tokenProvider));

return http.build();
}
Expand Down
Loading