-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #15 from mju-likelion/feature/spring-security-#12
Feature/#12 Spring Security 적용
- Loading branch information
Showing
23 changed files
with
637 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
34 changes: 34 additions & 0 deletions
34
src/main/java/org/mjulikelion/baker/config/CorsConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
package org.mjulikelion.baker.config; | ||
|
||
import static org.mjulikelion.baker.constant.SecurityConstant.ALL; | ||
import static org.mjulikelion.baker.constant.SecurityConstant.ALL_PATH; | ||
|
||
import java.util.List; | ||
import org.springframework.beans.factory.annotation.Value; | ||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.web.cors.CorsConfiguration; | ||
import org.springframework.web.cors.UrlBasedCorsConfigurationSource; | ||
import org.springframework.web.filter.CorsFilter; | ||
|
||
@Configuration | ||
public class CorsConfig { | ||
@Value("${client.additional.host}") | ||
private List<String> clientAdditionalHost; | ||
@Value("${client.host}") | ||
private String clientHost; | ||
|
||
@Bean | ||
public CorsFilter corsFilter() { | ||
List<String> clientHosts = clientAdditionalHost; | ||
clientHosts.add(clientHost); | ||
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); | ||
CorsConfiguration config = new CorsConfiguration(); | ||
config.setAllowCredentials(true); | ||
config.setAllowedOriginPatterns(clientHosts); | ||
config.addAllowedHeader(ALL); | ||
config.addAllowedMethod(ALL); | ||
source.registerCorsConfiguration(ALL_PATH, config); | ||
return new CorsFilter(source); | ||
} | ||
} |
106 changes: 106 additions & 0 deletions
106
src/main/java/org/mjulikelion/baker/config/SecurityConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,106 @@ | ||
package org.mjulikelion.baker.config; | ||
|
||
import static org.hibernate.type.descriptor.java.IntegerJavaType.ZERO; | ||
import static org.mjulikelion.baker.constant.SecurityConstant.ACCESS_TOKEN; | ||
import static org.mjulikelion.baker.constant.SecurityConstant.ALL_PATH; | ||
import static org.mjulikelion.baker.constant.SecurityConstant.CONTENT_TYPE; | ||
import static org.mjulikelion.baker.errorcode.ErrorCode.ACCESS_DENIED_ERROR; | ||
import static org.mjulikelion.baker.errorcode.ErrorCode.UNAUTHORIZED_ERROR; | ||
import static org.mjulikelion.baker.model.Role.ROLE_ADMIN; | ||
|
||
import com.fasterxml.jackson.databind.ObjectMapper; | ||
import jakarta.servlet.http.Cookie; | ||
import jakarta.servlet.http.HttpServletResponse; | ||
import java.io.IOException; | ||
import lombok.RequiredArgsConstructor; | ||
import lombok.extern.slf4j.Slf4j; | ||
import org.mjulikelion.baker.dto.response.ResponseDto; | ||
import org.mjulikelion.baker.errorcode.ErrorCode; | ||
import org.mjulikelion.baker.filter.JwtAuthenticationExceptionFilter; | ||
import org.mjulikelion.baker.filter.JwtFilter; | ||
import org.mjulikelion.baker.util.security.JwtTokenProvider; | ||
import org.springframework.beans.factory.annotation.Value; | ||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.http.HttpStatus; | ||
import org.springframework.security.config.annotation.web.builders.HttpSecurity; | ||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; | ||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; | ||
import org.springframework.security.config.http.SessionCreationPolicy; | ||
import org.springframework.security.web.SecurityFilterChain; | ||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; | ||
|
||
@Configuration | ||
@EnableWebSecurity | ||
@RequiredArgsConstructor | ||
@Slf4j | ||
public class SecurityConfig { | ||
private final JwtAuthenticationExceptionFilter jwtAuthenticationExceptionFilter; | ||
private final JwtTokenProvider jwtTokenProvider; | ||
private final CorsConfig corsConfig; | ||
@Value("${security.permit-all.url}") | ||
private String[] permitAllUrl; | ||
@Value("${security.logout.url}") | ||
private String logoutUrl; | ||
|
||
@Bean | ||
public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception { | ||
return httpSecurity | ||
.csrf(AbstractHttpConfigurer::disable) | ||
.formLogin(AbstractHttpConfigurer::disable) | ||
.authorizeHttpRequests(authorize -> authorize | ||
.requestMatchers(permitAllUrl).permitAll() | ||
.requestMatchers(ALL_PATH).hasRole(ROLE_ADMIN.getRoleName()) | ||
.anyRequest().authenticated() | ||
) | ||
.sessionManagement((sessionManagement) -> | ||
sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS) | ||
) | ||
.addFilter(corsConfig.corsFilter()) | ||
.addFilterBefore(new JwtFilter(jwtTokenProvider), | ||
UsernamePasswordAuthenticationFilter.class) | ||
.addFilterBefore(jwtAuthenticationExceptionFilter, JwtFilter.class) | ||
.exceptionHandling(exceptionHandling -> | ||
exceptionHandling.authenticationEntryPoint( | ||
(request, response, authException) -> makeResponse(response, UNAUTHORIZED_ERROR))) | ||
.exceptionHandling(exceptionHandling -> | ||
exceptionHandling.accessDeniedHandler( | ||
(request, response, accessDeniedException) -> makeResponse(response, | ||
ACCESS_DENIED_ERROR))) | ||
.logout(logout -> { | ||
logout | ||
.logoutUrl(logoutUrl) | ||
.logoutSuccessHandler((request, response, authentication) -> { | ||
Cookie cookie = new Cookie(ACCESS_TOKEN, null); | ||
cookie.setMaxAge(ZERO); | ||
cookie.setHttpOnly(true); | ||
cookie.setPath(ALL_PATH); | ||
response.addCookie(cookie); | ||
|
||
this.makeResponse(response, HttpStatus.OK, "로그아웃 되었습니다."); | ||
}) | ||
.invalidateHttpSession(true); | ||
}) | ||
.build(); | ||
} | ||
|
||
private void makeResponse(HttpServletResponse response, HttpStatus status, String message) | ||
throws IOException { | ||
String jsonResponse = new ObjectMapper().writeValueAsString( | ||
ResponseDto.res(status, message)); | ||
response.setStatus(status.value()); | ||
response.setContentType(CONTENT_TYPE); | ||
response.getWriter().write(jsonResponse); | ||
response.getWriter().flush(); | ||
} | ||
|
||
private void makeResponse(HttpServletResponse response, ErrorCode errorCode) | ||
throws IOException { | ||
String jsonResponse = new ObjectMapper().writeValueAsString( | ||
ResponseDto.res(errorCode.getCode(), errorCode.getMessage())); | ||
response.setStatus(Integer.parseInt(errorCode.getCode().substring(0, 3))); | ||
response.setContentType(CONTENT_TYPE); | ||
response.getWriter().write(jsonResponse); | ||
response.getWriter().flush(); | ||
} | ||
} |
8 changes: 8 additions & 0 deletions
8
src/main/java/org/mjulikelion/baker/constant/EtcConstant.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
package org.mjulikelion.baker.constant; | ||
|
||
public class EtcConstant { | ||
public static final String COLON = " : "; | ||
public static final String COMMA = ","; | ||
public static final String BLANK = ""; | ||
public static final String WHITE_SPACE = " "; | ||
} |
12 changes: 12 additions & 0 deletions
12
src/main/java/org/mjulikelion/baker/constant/SecurityConstant.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
package org.mjulikelion.baker.constant; | ||
|
||
public class SecurityConstant { | ||
public static final String AUTH = "auth"; | ||
public static final String BEARER = "Bearer "; | ||
public static final String BEARER_WITHOUT_SPACE = "Bearer"; | ||
public static final String ACCESS_TOKEN = "accessToken"; | ||
public static final String ALL_PATH = "/**"; | ||
public static final String ROOT_PATH = "/"; | ||
public static final String CONTENT_TYPE = "application/json;charset=UTF-8"; | ||
public static final String ALL = "*"; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9 changes: 9 additions & 0 deletions
9
src/main/java/org/mjulikelion/baker/exception/AuthenticationException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
package org.mjulikelion.baker.exception; | ||
|
||
import org.mjulikelion.baker.errorcode.ErrorCode; | ||
|
||
public class AuthenticationException extends CustomException { | ||
public AuthenticationException(ErrorCode errorCode, String message) { | ||
super(errorCode, message); | ||
} | ||
} |
9 changes: 9 additions & 0 deletions
9
src/main/java/org/mjulikelion/baker/exception/JwtException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
package org.mjulikelion.baker.exception; | ||
|
||
import org.mjulikelion.baker.errorcode.ErrorCode; | ||
|
||
public class JwtException extends CustomException { | ||
public JwtException(ErrorCode errorCode, String message) { | ||
super(errorCode, message); | ||
} | ||
} |
Oops, something went wrong.