From a7e3feb3bf0dd5abd0ef2edb9141f5be4a958f9a Mon Sep 17 00:00:00 2001 From: kimyonghwa Date: Mon, 15 Apr 2019 19:14:45 +0900 Subject: [PATCH 1/2] =?UTF-8?q?SpringBoot2=EB=A1=9C=20Rest=20api=20?= =?UTF-8?q?=EB=A7=8C=EB=93=A4=EA=B8=B0(8)=20=E2=80=93=20SpringSecurity?= =?UTF-8?q?=EB=A5=BC=20=EC=9D=B4=EC=9A=A9=ED=95=9C=20api=20=EC=9D=B8?= =?UTF-8?q?=EC=A6=9D=20=EB=B0=8F=20=EA=B6=8C=ED=95=9C=EB=B6=80=EC=97=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- build.gradle | 2 + .../rest/api/SpringRestApiApplication.java | 8 ++ .../com/rest/api/advice/ExceptionAdvice.java | 18 ++++- .../CEmailSigninFailedException.java | 15 ++++ .../CInvalidJwtAuthenticationException.java | 15 ++++ .../rest/api/config/MessageConfiguration.java | 2 +- .../api/config/SecurityConfiguration.java | 50 +++++++++++++ .../rest/api/config/SwaggerConfiguration.java | 2 +- .../api/controller/v1/SignController.java | 59 +++++++++++++++ .../api/controller/v1/UserController.java | 55 +++++++------- src/main/java/com/rest/api/entity/User.java | 68 ++++++++++++++--- .../com/rest/api/filter/JwtTokenFilter.java | 33 +++++++++ .../com/rest/api/filter/JwtTokenProvider.java | 74 +++++++++++++++++++ .../java/com/rest/api/repo/UserJpaRepo.java | 4 + .../security/CustomUserDetailService.java | 19 +++++ src/main/resources/application.yml | 2 +- src/main/resources/i18n/exception_en.yml | 8 +- src/main/resources/i18n/exception_ko.yml | 8 +- 18 files changed, 397 insertions(+), 45 deletions(-) create mode 100644 src/main/java/com/rest/api/advice/exception/CEmailSigninFailedException.java create mode 100644 src/main/java/com/rest/api/advice/exception/CInvalidJwtAuthenticationException.java create mode 100644 src/main/java/com/rest/api/config/SecurityConfiguration.java create mode 100644 src/main/java/com/rest/api/controller/v1/SignController.java create mode 100644 src/main/java/com/rest/api/filter/JwtTokenFilter.java create mode 100644 src/main/java/com/rest/api/filter/JwtTokenProvider.java create mode 100644 src/main/java/com/rest/api/service/security/CustomUserDetailService.java diff --git a/build.gradle b/build.gradle index e7ba1ad..8eff071 100644 --- a/build.gradle +++ b/build.gradle @@ -23,6 +23,8 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-data-jpa' implementation 'org.springframework.boot:spring-boot-starter-freemarker' implementation 'org.springframework.boot:spring-boot-starter-web' + implementation 'org.springframework.boot:spring-boot-starter-security' + implementation 'io.jsonwebtoken:jjwt:0.9.1' implementation 'io.springfox:springfox-swagger2:2.6.1' implementation 'io.springfox:springfox-swagger-ui:2.6.1' implementation 'net.rakugakibox.util:yaml-resource-bundle:1.1' diff --git a/src/main/java/com/rest/api/SpringRestApiApplication.java b/src/main/java/com/rest/api/SpringRestApiApplication.java index 4df685c..5718fc4 100644 --- a/src/main/java/com/rest/api/SpringRestApiApplication.java +++ b/src/main/java/com/rest/api/SpringRestApiApplication.java @@ -2,10 +2,18 @@ import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.Bean; +import org.springframework.security.crypto.factory.PasswordEncoderFactories; +import org.springframework.security.crypto.password.PasswordEncoder; @SpringBootApplication public class SpringRestApiApplication { public static void main(String[] args) { SpringApplication.run(SpringRestApiApplication.class, args); } + + @Bean + public PasswordEncoder passwordEncoder() { + return PasswordEncoderFactories.createDelegatingPasswordEncoder(); + } } diff --git a/src/main/java/com/rest/api/advice/ExceptionAdvice.java b/src/main/java/com/rest/api/advice/ExceptionAdvice.java index 0ad8d7a..c56ffa5 100644 --- a/src/main/java/com/rest/api/advice/ExceptionAdvice.java +++ b/src/main/java/com/rest/api/advice/ExceptionAdvice.java @@ -1,5 +1,7 @@ package com.rest.api.advice; +import com.rest.api.advice.exception.CEmailSigninFailedException; +import com.rest.api.advice.exception.CInvalidJwtAuthenticationException; import com.rest.api.advice.exception.CUserNotFoundException; import com.rest.api.model.response.CommonResult; import com.rest.api.service.ResponseService; @@ -24,15 +26,29 @@ public class ExceptionAdvice { @ExceptionHandler(Exception.class) @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR) protected CommonResult defaultException(HttpServletRequest request, Exception e) { + e.printStackTrace(); return responseService.getFailResult(Integer.valueOf(getMessage("unKnown.code")), getMessage("unKnown.msg")); } @ExceptionHandler(CUserNotFoundException.class) @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR) - protected CommonResult userNotFoundException(HttpServletRequest request, CUserNotFoundException e) { + protected CommonResult userNotFound(HttpServletRequest request, CUserNotFoundException e) { return responseService.getFailResult(Integer.valueOf(getMessage("userNotFound.code")), getMessage("userNotFound.msg")); } + @ExceptionHandler(CInvalidJwtAuthenticationException.class) + @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR) + protected CommonResult invalidJwtToken(HttpServletRequest request, CInvalidJwtAuthenticationException e) { + return responseService.getFailResult(Integer.valueOf(getMessage("invalidJwtToken.code")), getMessage("invalidJwtToken.msg")); + } + + @ExceptionHandler(CEmailSigninFailedException.class) + @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR) + protected CommonResult emailSigninFailed(HttpServletRequest request, CEmailSigninFailedException e) { + return responseService.getFailResult(Integer.valueOf(getMessage("emailSigninFailed.code")), getMessage("emailSigninFailed.msg")); + } + + private String getMessage(String code) { return getMessage(code, null); } diff --git a/src/main/java/com/rest/api/advice/exception/CEmailSigninFailedException.java b/src/main/java/com/rest/api/advice/exception/CEmailSigninFailedException.java new file mode 100644 index 0000000..7474666 --- /dev/null +++ b/src/main/java/com/rest/api/advice/exception/CEmailSigninFailedException.java @@ -0,0 +1,15 @@ +package com.rest.api.advice.exception; + +public class CEmailSigninFailedException extends RuntimeException { + public CEmailSigninFailedException(String msg, Throwable t) { + super(msg, t); + } + + public CEmailSigninFailedException(String msg) { + super(msg); + } + + public CEmailSigninFailedException() { + super(); + } +} diff --git a/src/main/java/com/rest/api/advice/exception/CInvalidJwtAuthenticationException.java b/src/main/java/com/rest/api/advice/exception/CInvalidJwtAuthenticationException.java new file mode 100644 index 0000000..341d873 --- /dev/null +++ b/src/main/java/com/rest/api/advice/exception/CInvalidJwtAuthenticationException.java @@ -0,0 +1,15 @@ +package com.rest.api.advice.exception; + +public class CInvalidJwtAuthenticationException extends RuntimeException { + public CInvalidJwtAuthenticationException(String msg, Throwable t) { + super(msg, t); + } + + public CInvalidJwtAuthenticationException(String msg) { + super(msg); + } + + public CInvalidJwtAuthenticationException() { + super(); + } +} diff --git a/src/main/java/com/rest/api/config/MessageConfiguration.java b/src/main/java/com/rest/api/config/MessageConfiguration.java index 4823af2..ce36020 100644 --- a/src/main/java/com/rest/api/config/MessageConfiguration.java +++ b/src/main/java/com/rest/api/config/MessageConfiguration.java @@ -28,7 +28,7 @@ public LocaleResolver localeResolver() { } @Bean // 지역설정을 변경하는 인터셉터. 요청시 파라미터에 lang 정보를 지정하면 언어가 변경됨. - private LocaleChangeInterceptor localeChangeInterceptor() { + public LocaleChangeInterceptor localeChangeInterceptor() { LocaleChangeInterceptor lci = new LocaleChangeInterceptor(); lci.setParamName("lang"); return lci; diff --git a/src/main/java/com/rest/api/config/SecurityConfiguration.java b/src/main/java/com/rest/api/config/SecurityConfiguration.java new file mode 100644 index 0000000..a38ba24 --- /dev/null +++ b/src/main/java/com/rest/api/config/SecurityConfiguration.java @@ -0,0 +1,50 @@ +package com.rest.api.config; + +import com.rest.api.filter.JwtTokenFilter; +import com.rest.api.filter.JwtTokenProvider; +import lombok.RequiredArgsConstructor; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; + +@RequiredArgsConstructor +@Configuration +public class SecurityConfiguration extends WebSecurityConfigurerAdapter { + + private final JwtTokenProvider jwtTokenProvider; + + @Bean + @Override + public AuthenticationManager authenticationManagerBean() throws Exception { + return super.authenticationManagerBean(); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http + .httpBasic().disable() // rest api 이므로 기본설정 사용안함. 기본설정은 비인증시 로그인폼 화면으로 리다이렉트 된다. + .csrf().disable() // rest api이므로 csrf 보안이 필요없으므로 disable처리. + .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) // jwt token으로 인증할것이므로 세션필요없으므로 생성안함. + .and() + .authorizeRequests() // 다음 리퀘스트에 대한 사용권한 체크 + .antMatchers("/*/signin", "/*/signup").permitAll() // 가입 및 인증 주소는 누구나 접근가능 + .antMatchers(HttpMethod.GET, "helloworld/**").permitAll() // hellowworld로 시작하는 GET요청 리소스는 누구나 접근가능 + .anyRequest().authenticated() // 그외 나머지 요청은 모두 인증된 회원만 접근 가능 + .and() + .addFilterBefore(new JwtTokenFilter(jwtTokenProvider), UsernamePasswordAuthenticationFilter.class); // jwt token 필터를 id/password 인증 필터 전에 넣어라. + + } + + @Override // ignore swagger security config + public void configure(WebSecurity web) throws Exception { + web.ignoring().antMatchers("/v2/api-docs", "/swagger-resources/**", + "/swagger-ui.html", "/webjars/**", "/swagger/**"); + + } +} diff --git a/src/main/java/com/rest/api/config/SwaggerConfiguration.java b/src/main/java/com/rest/api/config/SwaggerConfiguration.java index 3de0c61..20e2a01 100644 --- a/src/main/java/com/rest/api/config/SwaggerConfiguration.java +++ b/src/main/java/com/rest/api/config/SwaggerConfiguration.java @@ -17,7 +17,7 @@ public class SwaggerConfiguration { public Docket swaggerApi() { return new Docket(DocumentationType.SWAGGER_2).apiInfo(swaggerInfo()).select() .apis(RequestHandlerSelectors.basePackage("com.rest.api.controller")) - .paths(PathSelectors.any()) + .paths(PathSelectors.ant("/v1/**")) .build() .useDefaultResponseMessages(false); // 기본으로 세팅되는 200,401,403,404 메시지를 표시 하지 않음 } diff --git a/src/main/java/com/rest/api/controller/v1/SignController.java b/src/main/java/com/rest/api/controller/v1/SignController.java new file mode 100644 index 0000000..9310d77 --- /dev/null +++ b/src/main/java/com/rest/api/controller/v1/SignController.java @@ -0,0 +1,59 @@ +package com.rest.api.controller.v1; + +import com.rest.api.advice.exception.CEmailSigninFailedException; +import com.rest.api.entity.User; +import com.rest.api.filter.JwtTokenProvider; +import com.rest.api.model.response.CommonResult; +import com.rest.api.model.response.SingleResult; +import com.rest.api.repo.UserJpaRepo; +import com.rest.api.service.ResponseService; +import io.swagger.annotations.Api; +import io.swagger.annotations.ApiOperation; +import io.swagger.annotations.ApiParam; +import lombok.RequiredArgsConstructor; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.RestController; + +import java.util.Collections; + +@Api(tags = {"1. Sign"}) +@RequiredArgsConstructor +@RestController +@RequestMapping(value = "/v1") +public class SignController { + + private final UserJpaRepo userJpaRepo; + private final JwtTokenProvider jwtTokenProvider; + private final ResponseService responseService; + private final PasswordEncoder passwordEncoder; + + @ApiOperation(value = "로그인", notes = "이메일 회원 로그인을 한다.") + @GetMapping(value = "/signin") + public SingleResult signin(@ApiParam(value = "회원ID : 이메일", required = true) @RequestParam String id, + @ApiParam(value = "비밀번호", required = true) @RequestParam String password) { + + User user = userJpaRepo.findByUid(id).orElseThrow(CEmailSigninFailedException::new); + if (!passwordEncoder.matches(password, user.getPassword())) + throw new CEmailSigninFailedException(); + + return responseService.getSingleResult(jwtTokenProvider.createToken(user.getUsername(), user.getRoles())); + } + + @ApiOperation(value = "가입", notes = "회원가입을 한다.") + @GetMapping(value = "/signup") + public CommonResult signin(@ApiParam(value = "회원ID : 이메일", required = true) @RequestParam String id, + @ApiParam(value = "비밀번호", required = true) @RequestParam String password, + @ApiParam(value = "이름", required = true) @RequestParam String name) { + + userJpaRepo.save(User.builder() + .uid(id) + .password(passwordEncoder.encode(password)) + .name(name) + .roles(Collections.singletonList("ROLE_USER")) + .build()); + return responseService.getSuccessResult(); + } +} diff --git a/src/main/java/com/rest/api/controller/v1/UserController.java b/src/main/java/com/rest/api/controller/v1/UserController.java index df649b5..b3aa843 100644 --- a/src/main/java/com/rest/api/controller/v1/UserController.java +++ b/src/main/java/com/rest/api/controller/v1/UserController.java @@ -7,13 +7,11 @@ import com.rest.api.model.response.SingleResult; import com.rest.api.repo.UserJpaRepo; import com.rest.api.service.ResponseService; -import io.swagger.annotations.Api; -import io.swagger.annotations.ApiOperation; -import io.swagger.annotations.ApiParam; +import io.swagger.annotations.*; import lombok.RequiredArgsConstructor; import org.springframework.web.bind.annotation.*; -@Api(tags = {"1. User"}) +@Api(tags = {"2. User"}) @RequiredArgsConstructor @RestController @RequestMapping(value = "/v1") @@ -22,6 +20,9 @@ public class UserController { private final UserJpaRepo userJpaRepo; private final ResponseService responseService; // 결과를 처리할 Service + @ApiImplicitParams({ + @ApiImplicitParam(name = "X-AUTH-TOKEN", value = "로그인 성공 후 access_token", required = true, dataType = "String", paramType = "header") + }) @ApiOperation(value = "회원 리스트 조회", notes = "모든 회원을 조회한다") @GetMapping(value = "/users") public ListResult findAllUser() { @@ -29,42 +30,40 @@ public ListResult findAllUser() { return responseService.getListResult(userJpaRepo.findAll()); } + @ApiImplicitParams({ + @ApiImplicitParam(name = "X-AUTH-TOKEN", value = "로그인 성공 후 access_token", required = true, dataType = "String", paramType = "header") + }) @ApiOperation(value = "회원 단건 조회", notes = "userId로 회원을 조회한다") - @GetMapping(value = "/user/{userId}") - public SingleResult findUserById(@ApiParam(value = "회원ID", required = true) @PathVariable int userId, - @ApiParam(value = "언어", defaultValue = "ko") @RequestParam String lang) { + @GetMapping(value = "/user/{msrl}") + public SingleResult findUserById(@ApiParam(value = "회원번호", required = true) @PathVariable int msrl, + @ApiParam(value = "언어", defaultValue = "ko") @RequestParam String lang) { // 결과데이터가 단일건인경우 getSingleResult를 이용해서 결과를 출력한다. - return responseService.getSingleResult(userJpaRepo.findById(userId).orElseThrow(CUserNotFoundException::new)); - } - - @ApiOperation(value = "회원 입력", notes = "회원을 입력한다") - @PostMapping(value = "/user") - public SingleResult save(@ApiParam(value = "회원이름", required = true) @RequestParam String name, - @ApiParam(value = "회원이메일", required = true) @RequestParam String email) { - User user = new User(); - user.setName(name); - user.setEmail(email); - return responseService.getSingleResult(userJpaRepo.save(user)); + return responseService.getSingleResult(userJpaRepo.findById(msrl).orElseThrow(CUserNotFoundException::new)); } + @ApiImplicitParams({ + @ApiImplicitParam(name = "X-AUTH-TOKEN", value = "로그인 성공 후 access_token", required = true, dataType = "String", paramType = "header") + }) @ApiOperation(value = "회원 수정", notes = "회원정보를 수정한다") @PutMapping(value = "/user") public SingleResult modify( - @ApiParam(value = "회원ID", required = true) @RequestParam int userId, - @ApiParam(value = "회원이름", required = true) @RequestParam String name, - @ApiParam(value = "회원이메일", required = true) @RequestParam String email) { - User user = new User(); - user.setId(userId); - user.setName(name); - user.setEmail(email); + @ApiParam(value = "회원번호", required = true) @RequestParam int msrl, + @ApiParam(value = "회원이름", required = true) @RequestParam String name) { + User user = User.builder() + .msrl(msrl) + .name(name) + .build(); return responseService.getSingleResult(userJpaRepo.save(user)); } + @ApiImplicitParams({ + @ApiImplicitParam(name = "X-AUTH-TOKEN", value = "로그인 성공 후 access_token", required = true, dataType = "String", paramType = "header") + }) @ApiOperation(value = "회원 삭제", notes = "userId로 회원정보를 삭제한다") - @DeleteMapping(value = "/user/{userId}") + @DeleteMapping(value = "/user/{msrl}") public CommonResult delete( - @ApiParam(value = "회원ID", required = true) @PathVariable int userId) { - userJpaRepo.deleteById(userId); + @ApiParam(value = "회원번호", required = true) @PathVariable int msrl) { + userJpaRepo.deleteById(msrl); // 성공 결과 정보만 필요한경우 getSuccessResult()를 이용하여 결과를 출력한다. return responseService.getSuccessResult(); } diff --git a/src/main/java/com/rest/api/entity/User.java b/src/main/java/com/rest/api/entity/User.java index 6d31eb2..77ac46f 100644 --- a/src/main/java/com/rest/api/entity/User.java +++ b/src/main/java/com/rest/api/entity/User.java @@ -1,21 +1,67 @@ package com.rest.api.entity; -import lombok.Getter; -import lombok.Setter; +import com.fasterxml.jackson.annotation.JsonProperty; +import lombok.*; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.userdetails.UserDetails; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; +import javax.persistence.*; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import java.util.stream.Collectors; @Entity -@Getter @Setter -//@Table(name = "user") -public class User { +@Getter +@Builder +@NoArgsConstructor +@AllArgsConstructor +@Table(name = "user") +public class User implements UserDetails { @Id // pk @GeneratedValue(strategy = GenerationType.IDENTITY) - private int id; + private int msrl; + @Column(nullable = false, unique = true, length = 30) + private String uid; + @JsonProperty(access = JsonProperty.Access.WRITE_ONLY) + @Column(nullable = false, length = 100) + private String password; + @Column(nullable = false, length = 100) private String name; - private String email; + + @ElementCollection(fetch = FetchType.EAGER) + @Builder.Default + private List roles = new ArrayList<>(); + + @Override + public Collection getAuthorities() { + return this.roles.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList()); + } + + @Override + public java.lang.String getUsername() { + return this.uid; + } + + @Override + public boolean isAccountNonExpired() { + return true; + } + + @Override + public boolean isAccountNonLocked() { + return true; + } + + @Override + public boolean isCredentialsNonExpired() { + return true; + } + + @Override + public boolean isEnabled() { + return true; + } } diff --git a/src/main/java/com/rest/api/filter/JwtTokenFilter.java b/src/main/java/com/rest/api/filter/JwtTokenFilter.java new file mode 100644 index 0000000..193c8cf --- /dev/null +++ b/src/main/java/com/rest/api/filter/JwtTokenFilter.java @@ -0,0 +1,33 @@ +package com.rest.api.filter; + +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.web.filter.GenericFilterBean; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import java.io.IOException; + +public class JwtTokenFilter extends GenericFilterBean { + + private JwtTokenProvider jwtTokenProvider; + + // Jwt Provier 주입 + public JwtTokenFilter(JwtTokenProvider jwtTokenProvider) { + this.jwtTokenProvider = jwtTokenProvider; + } + + // Request로 들어오는 Jwt Token의 유효성을 검증하는 filter를 filterChain에 등록합니다. + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { + String token = jwtTokenProvider.resolveToken((HttpServletRequest) request); + if (token != null && jwtTokenProvider.validateToken(token)) { + Authentication auth = jwtTokenProvider.getAuthentication(token); + SecurityContextHolder.getContext().setAuthentication(auth); + } + filterChain.doFilter(request, response); + } +} diff --git a/src/main/java/com/rest/api/filter/JwtTokenProvider.java b/src/main/java/com/rest/api/filter/JwtTokenProvider.java new file mode 100644 index 0000000..3022818 --- /dev/null +++ b/src/main/java/com/rest/api/filter/JwtTokenProvider.java @@ -0,0 +1,74 @@ +package com.rest.api.filter; + +import com.rest.api.advice.exception.CInvalidJwtAuthenticationException; +import io.jsonwebtoken.Claims; +import io.jsonwebtoken.Jws; +import io.jsonwebtoken.Jwts; +import io.jsonwebtoken.SignatureAlgorithm; +import lombok.RequiredArgsConstructor; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.stereotype.Component; + +import javax.annotation.PostConstruct; +import javax.servlet.http.HttpServletRequest; +import java.util.Base64; +import java.util.Date; +import java.util.List; + +@RequiredArgsConstructor +@Component +public class JwtTokenProvider { // JWT 토큰을 생성 및 검증 모듈 + + private String secretKey = "secret"; + + private long tokenValidMilisecond = 1000L * 60 * 60; // 1hour + + private final UserDetailsService userDetailsService; + + @PostConstruct + protected void init() { + secretKey = Base64.getEncoder().encodeToString(secretKey.getBytes()); + } + + // Jwt 토큰 생성 + public String createToken(String username, List roles) { + Claims claims = Jwts.claims().setSubject(username); + claims.put("roles", roles); + Date now = new Date(); + return Jwts.builder() + .setClaims(claims) // 데이터 + .setIssuedAt(now) // 토큰 발행일자 + .setExpiration(new Date(now.getTime() + tokenValidMilisecond)) // set Expire Time + .signWith(SignatureAlgorithm.HS256, secretKey) // 암호화 알고리즘, secret값 세팅 + .compact(); + } + + // Jwt 토큰으로 인증 정보를 조회 + public Authentication getAuthentication(String token) { + UserDetails userDetails = userDetailsService.loadUserByUsername(this.getUsername(token)); + return new UsernamePasswordAuthenticationToken(userDetails, "", userDetails.getAuthorities()); + } + + // Jwt 토큰에서 회원 이름(ID) 추출 + public String getUsername(String token) { + return Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token).getBody().getSubject(); + } + + // Request의 Header에서 token 파싱 : "X-AUTH-TOKEN: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJjb2Rlajk5QG5hdmVyLmNvbSIsInJvbGVzIjpbIlJPTEVfVVNFUiJdLCJpYXQiOjE1NTUzMTY1NzksImV4cCI6MTU1NTMyMDE3OX0.ftuRcpLZmMbKoxM3pQB5VA9As9Yamt10FN6Lbgu-pjVB3AGZDWfS9WRzGNbtZkKvSZH9swx3WgrHnONyrUoaqA" + public String resolveToken(HttpServletRequest req) { + return req.getHeader("X-AUTH-TOKEN"); + } + + // Jwt 토큰의 유효성 + 만료일자 확인 + public boolean validateToken(String jwtToken) { + try { + Jws claims = Jwts.parser().setSigningKey(secretKey).parseClaimsJws(jwtToken); + return !claims.getBody().getExpiration().before(new Date()); + } catch (Exception e) { + throw new CInvalidJwtAuthenticationException(); + } + } +} diff --git a/src/main/java/com/rest/api/repo/UserJpaRepo.java b/src/main/java/com/rest/api/repo/UserJpaRepo.java index ea2044d..6ce0683 100644 --- a/src/main/java/com/rest/api/repo/UserJpaRepo.java +++ b/src/main/java/com/rest/api/repo/UserJpaRepo.java @@ -3,5 +3,9 @@ import com.rest.api.entity.User; import org.springframework.data.jpa.repository.JpaRepository; +import java.util.Optional; + public interface UserJpaRepo extends JpaRepository { + + Optional findByUid(String email); } diff --git a/src/main/java/com/rest/api/service/security/CustomUserDetailService.java b/src/main/java/com/rest/api/service/security/CustomUserDetailService.java new file mode 100644 index 0000000..e522867 --- /dev/null +++ b/src/main/java/com/rest/api/service/security/CustomUserDetailService.java @@ -0,0 +1,19 @@ +package com.rest.api.service.security; + +import com.rest.api.advice.exception.CUserNotFoundException; +import com.rest.api.repo.UserJpaRepo; +import lombok.RequiredArgsConstructor; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.stereotype.Service; + +@RequiredArgsConstructor +@Service +public class CustomUserDetailService implements UserDetailsService { + + private final UserJpaRepo userJpaRepo; + + public UserDetails loadUserByUsername(String username) { + return userJpaRepo.findByUid(username).orElseThrow(CUserNotFoundException::new); + } +} diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 92e7df2..29b011b 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -8,7 +8,7 @@ spring: username: sa jpa: database-platform: org.hibernate.dialect.H2Dialect - #properties.hibernate.hbm2ddl.auto: none + properties.hibernate.hbm2ddl.auto: update showSql: true messages: basename: i18n/exception diff --git a/src/main/resources/i18n/exception_en.yml b/src/main/resources/i18n/exception_en.yml index 0b3e28e..30e6ee4 100644 --- a/src/main/resources/i18n/exception_en.yml +++ b/src/main/resources/i18n/exception_en.yml @@ -3,4 +3,10 @@ unKnown: msg: "An unknown error has occurred." userNotFound: code: "-1000" - msg: "This member not exist" \ No newline at end of file + msg: "This member not exist" +invalidJwtToken: + code: "-1001" + msg: "Authentication information is not valid." +emailSigninFailed: + code: "-1001" + msg: "Your account does not exist or your email or password is incorrect." \ No newline at end of file diff --git a/src/main/resources/i18n/exception_ko.yml b/src/main/resources/i18n/exception_ko.yml index dc51274..2f4f132 100644 --- a/src/main/resources/i18n/exception_ko.yml +++ b/src/main/resources/i18n/exception_ko.yml @@ -3,4 +3,10 @@ unKnown: msg: "알수 없는 오류가 발생하였습니다." userNotFound: code: "-1000" - msg: "존재하지 않는 회원입니다." \ No newline at end of file + msg: "존재하지 않는 회원입니다." +invalidJwtToken: + code: "-1001" + msg: "인증 정보가 유효하지 않습니다." +emailSigninFailed: + code: "-1001" + msg: "계정이 존재하지 않거나 이메일 또는 비밀번호가 정확하지 않습니다." \ No newline at end of file From 41e93d885c9b30cb96e00b505736dc18bc19f0fb Mon Sep 17 00:00:00 2001 From: kimyonghwa Date: Tue, 16 Apr 2019 15:54:37 +0900 Subject: [PATCH 2/2] =?UTF-8?q?SpringBoot2=EB=A1=9C=20Rest=20api=20?= =?UTF-8?q?=EB=A7=8C=EB=93=A4=EA=B8=B0(8)=20=E2=80=93=20=20SpringSecurity?= =?UTF-8?q?=EB=A5=BC=20=EC=9D=B4=EC=9A=A9=ED=95=9C=20=EC=9D=B8=EC=A6=9D=20?= =?UTF-8?q?=EB=B0=8F=20=EA=B6=8C=ED=95=9C=EB=B6=80=EC=97=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/rest/api/advice/ExceptionAdvice.java | 21 ++++++++------ .../CAuthenticationEntryPointException.java | 15 ++++++++++ .../CInvalidJwtAuthenticationException.java | 15 ---------- .../security/CustomAccessDeniedHandler.java | 28 +++++++++++++++++++ .../CustomAuthenticationEntryPoint.java | 24 ++++++++++++++++ .../security/JwtAuthenticationFilter.java} | 8 +++--- .../security}/JwtTokenProvider.java | 23 +++++++-------- .../{ => security}/SecurityConfiguration.java | 15 ++++++---- .../exception/ExceptionController.java | 25 +++++++++++++++++ .../api/controller/v1/SignController.java | 4 +-- .../api/controller/v1/UserController.java | 22 +++++++++------ src/main/java/com/rest/api/entity/User.java | 27 +++++++++++------- .../java/com/rest/api/repo/UserJpaRepo.java | 2 +- .../security/CustomUserDetailService.java | 4 +-- src/main/resources/application.yml | 4 ++- src/main/resources/i18n/exception_en.yml | 11 +++++--- src/main/resources/i18n/exception_ko.yml | 11 +++++--- 17 files changed, 182 insertions(+), 77 deletions(-) create mode 100644 src/main/java/com/rest/api/advice/exception/CAuthenticationEntryPointException.java delete mode 100644 src/main/java/com/rest/api/advice/exception/CInvalidJwtAuthenticationException.java create mode 100644 src/main/java/com/rest/api/config/security/CustomAccessDeniedHandler.java create mode 100644 src/main/java/com/rest/api/config/security/CustomAuthenticationEntryPoint.java rename src/main/java/com/rest/api/{filter/JwtTokenFilter.java => config/security/JwtAuthenticationFilter.java} (76%) rename src/main/java/com/rest/api/{filter => config/security}/JwtTokenProvider.java (73%) rename src/main/java/com/rest/api/config/{ => security}/SecurityConfiguration.java (76%) create mode 100644 src/main/java/com/rest/api/controller/exception/ExceptionController.java diff --git a/src/main/java/com/rest/api/advice/ExceptionAdvice.java b/src/main/java/com/rest/api/advice/ExceptionAdvice.java index c56ffa5..7a67389 100644 --- a/src/main/java/com/rest/api/advice/ExceptionAdvice.java +++ b/src/main/java/com/rest/api/advice/ExceptionAdvice.java @@ -1,7 +1,7 @@ package com.rest.api.advice; +import com.rest.api.advice.exception.CAuthenticationEntryPointException; import com.rest.api.advice.exception.CEmailSigninFailedException; -import com.rest.api.advice.exception.CInvalidJwtAuthenticationException; import com.rest.api.advice.exception.CUserNotFoundException; import com.rest.api.model.response.CommonResult; import com.rest.api.service.ResponseService; @@ -9,6 +9,7 @@ import org.springframework.context.MessageSource; import org.springframework.context.i18n.LocaleContextHolder; import org.springframework.http.HttpStatus; +import org.springframework.security.access.AccessDeniedException; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.ResponseStatus; import org.springframework.web.bind.annotation.RestControllerAdvice; @@ -26,7 +27,6 @@ public class ExceptionAdvice { @ExceptionHandler(Exception.class) @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR) protected CommonResult defaultException(HttpServletRequest request, Exception e) { - e.printStackTrace(); return responseService.getFailResult(Integer.valueOf(getMessage("unKnown.code")), getMessage("unKnown.msg")); } @@ -36,18 +36,23 @@ protected CommonResult userNotFound(HttpServletRequest request, CUserNotFoundExc return responseService.getFailResult(Integer.valueOf(getMessage("userNotFound.code")), getMessage("userNotFound.msg")); } - @ExceptionHandler(CInvalidJwtAuthenticationException.class) - @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR) - protected CommonResult invalidJwtToken(HttpServletRequest request, CInvalidJwtAuthenticationException e) { - return responseService.getFailResult(Integer.valueOf(getMessage("invalidJwtToken.code")), getMessage("invalidJwtToken.msg")); - } - @ExceptionHandler(CEmailSigninFailedException.class) @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR) protected CommonResult emailSigninFailed(HttpServletRequest request, CEmailSigninFailedException e) { return responseService.getFailResult(Integer.valueOf(getMessage("emailSigninFailed.code")), getMessage("emailSigninFailed.msg")); } + @ExceptionHandler(CAuthenticationEntryPointException.class) + @ResponseStatus(HttpStatus.UNAUTHORIZED) + public CommonResult authenticationEntryPointException(HttpServletRequest request, CAuthenticationEntryPointException e) { + return responseService.getFailResult(Integer.valueOf(getMessage("entryPointException.code")), getMessage("entryPointException.msg")); + } + + @ExceptionHandler(AccessDeniedException.class) + @ResponseStatus(HttpStatus.UNAUTHORIZED) + public CommonResult AccessDeniedException(HttpServletRequest request, AccessDeniedException e) { + return responseService.getFailResult(Integer.valueOf(getMessage("accessDenied.code")), getMessage("accessDenied.msg")); + } private String getMessage(String code) { return getMessage(code, null); diff --git a/src/main/java/com/rest/api/advice/exception/CAuthenticationEntryPointException.java b/src/main/java/com/rest/api/advice/exception/CAuthenticationEntryPointException.java new file mode 100644 index 0000000..00469ca --- /dev/null +++ b/src/main/java/com/rest/api/advice/exception/CAuthenticationEntryPointException.java @@ -0,0 +1,15 @@ +package com.rest.api.advice.exception; + +public class CAuthenticationEntryPointException extends RuntimeException { + public CAuthenticationEntryPointException(String msg, Throwable t) { + super(msg, t); + } + + public CAuthenticationEntryPointException(String msg) { + super(msg); + } + + public CAuthenticationEntryPointException() { + super(); + } +} diff --git a/src/main/java/com/rest/api/advice/exception/CInvalidJwtAuthenticationException.java b/src/main/java/com/rest/api/advice/exception/CInvalidJwtAuthenticationException.java deleted file mode 100644 index 341d873..0000000 --- a/src/main/java/com/rest/api/advice/exception/CInvalidJwtAuthenticationException.java +++ /dev/null @@ -1,15 +0,0 @@ -package com.rest.api.advice.exception; - -public class CInvalidJwtAuthenticationException extends RuntimeException { - public CInvalidJwtAuthenticationException(String msg, Throwable t) { - super(msg, t); - } - - public CInvalidJwtAuthenticationException(String msg) { - super(msg); - } - - public CInvalidJwtAuthenticationException() { - super(); - } -} diff --git a/src/main/java/com/rest/api/config/security/CustomAccessDeniedHandler.java b/src/main/java/com/rest/api/config/security/CustomAccessDeniedHandler.java new file mode 100644 index 0000000..eaaa3cb --- /dev/null +++ b/src/main/java/com/rest/api/config/security/CustomAccessDeniedHandler.java @@ -0,0 +1,28 @@ +package com.rest.api.config.security; + +import lombok.extern.slf4j.Slf4j; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.access.AccessDeniedException; +import org.springframework.security.web.access.AccessDeniedHandler; +import org.springframework.stereotype.Component; + +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +@Slf4j +@Component +public class CustomAccessDeniedHandler implements AccessDeniedHandler { + + private static final Logger logger = LoggerFactory.getLogger(CustomAccessDeniedHandler.class); + + @Override + public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException exception) throws IOException, + ServletException { + RequestDispatcher dispatcher = request.getRequestDispatcher("/exception/accessdenied"); + dispatcher.forward(request, response); + } +} diff --git a/src/main/java/com/rest/api/config/security/CustomAuthenticationEntryPoint.java b/src/main/java/com/rest/api/config/security/CustomAuthenticationEntryPoint.java new file mode 100644 index 0000000..35cce6b --- /dev/null +++ b/src/main/java/com/rest/api/config/security/CustomAuthenticationEntryPoint.java @@ -0,0 +1,24 @@ +package com.rest.api.config.security; + +import lombok.extern.slf4j.Slf4j; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.AuthenticationEntryPoint; +import org.springframework.stereotype.Component; + +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +@Slf4j +@Component +public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint { + + @Override + public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException ex) throws IOException, + ServletException { + RequestDispatcher dispatcher = request.getRequestDispatcher("/exception/entrypoint"); + dispatcher.forward(request, response); + } +} diff --git a/src/main/java/com/rest/api/filter/JwtTokenFilter.java b/src/main/java/com/rest/api/config/security/JwtAuthenticationFilter.java similarity index 76% rename from src/main/java/com/rest/api/filter/JwtTokenFilter.java rename to src/main/java/com/rest/api/config/security/JwtAuthenticationFilter.java index 193c8cf..a8354ea 100644 --- a/src/main/java/com/rest/api/filter/JwtTokenFilter.java +++ b/src/main/java/com/rest/api/config/security/JwtAuthenticationFilter.java @@ -1,4 +1,4 @@ -package com.rest.api.filter; +package com.rest.api.config.security; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; @@ -11,16 +11,16 @@ import javax.servlet.http.HttpServletRequest; import java.io.IOException; -public class JwtTokenFilter extends GenericFilterBean { +public class JwtAuthenticationFilter extends GenericFilterBean { private JwtTokenProvider jwtTokenProvider; // Jwt Provier 주입 - public JwtTokenFilter(JwtTokenProvider jwtTokenProvider) { + public JwtAuthenticationFilter(JwtTokenProvider jwtTokenProvider) { this.jwtTokenProvider = jwtTokenProvider; } - // Request로 들어오는 Jwt Token의 유효성을 검증하는 filter를 filterChain에 등록합니다. + // Request로 들어오는 Jwt Token의 유효성을 검증(jwtTokenProvider.validateToken)하는 filter를 filterChain에 등록합니다. @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { String token = jwtTokenProvider.resolveToken((HttpServletRequest) request); diff --git a/src/main/java/com/rest/api/filter/JwtTokenProvider.java b/src/main/java/com/rest/api/config/security/JwtTokenProvider.java similarity index 73% rename from src/main/java/com/rest/api/filter/JwtTokenProvider.java rename to src/main/java/com/rest/api/config/security/JwtTokenProvider.java index 3022818..7c32aa1 100644 --- a/src/main/java/com/rest/api/filter/JwtTokenProvider.java +++ b/src/main/java/com/rest/api/config/security/JwtTokenProvider.java @@ -1,11 +1,11 @@ -package com.rest.api.filter; +package com.rest.api.config.security; -import com.rest.api.advice.exception.CInvalidJwtAuthenticationException; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jws; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import lombok.RequiredArgsConstructor; +import org.springframework.beans.factory.annotation.Value; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.userdetails.UserDetails; @@ -22,9 +22,10 @@ @Component public class JwtTokenProvider { // JWT 토큰을 생성 및 검증 모듈 - private String secretKey = "secret"; + @Value("spring.jwt.secret") + private String secretKey; - private long tokenValidMilisecond = 1000L * 60 * 60; // 1hour + private long tokenValidMilisecond = 1000L * 60 * 60; // 1시간만 토큰 유효 private final UserDetailsService userDetailsService; @@ -34,8 +35,8 @@ protected void init() { } // Jwt 토큰 생성 - public String createToken(String username, List roles) { - Claims claims = Jwts.claims().setSubject(username); + public String createToken(String userPk, List roles) { + Claims claims = Jwts.claims().setSubject(userPk); claims.put("roles", roles); Date now = new Date(); return Jwts.builder() @@ -48,16 +49,16 @@ public String createToken(String username, List roles) { // Jwt 토큰으로 인증 정보를 조회 public Authentication getAuthentication(String token) { - UserDetails userDetails = userDetailsService.loadUserByUsername(this.getUsername(token)); + UserDetails userDetails = userDetailsService.loadUserByUsername(this.getUserPk(token)); return new UsernamePasswordAuthenticationToken(userDetails, "", userDetails.getAuthorities()); } - // Jwt 토큰에서 회원 이름(ID) 추출 - public String getUsername(String token) { + // Jwt 토큰에서 회원 구별 정보 추출 + public String getUserPk(String token) { return Jwts.parser().setSigningKey(secretKey).parseClaimsJws(token).getBody().getSubject(); } - // Request의 Header에서 token 파싱 : "X-AUTH-TOKEN: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJjb2Rlajk5QG5hdmVyLmNvbSIsInJvbGVzIjpbIlJPTEVfVVNFUiJdLCJpYXQiOjE1NTUzMTY1NzksImV4cCI6MTU1NTMyMDE3OX0.ftuRcpLZmMbKoxM3pQB5VA9As9Yamt10FN6Lbgu-pjVB3AGZDWfS9WRzGNbtZkKvSZH9swx3WgrHnONyrUoaqA" + // Request의 Header에서 token 파싱 : "X-AUTH-TOKEN: jwt토큰" public String resolveToken(HttpServletRequest req) { return req.getHeader("X-AUTH-TOKEN"); } @@ -68,7 +69,7 @@ public boolean validateToken(String jwtToken) { Jws claims = Jwts.parser().setSigningKey(secretKey).parseClaimsJws(jwtToken); return !claims.getBody().getExpiration().before(new Date()); } catch (Exception e) { - throw new CInvalidJwtAuthenticationException(); + return false; } } } diff --git a/src/main/java/com/rest/api/config/SecurityConfiguration.java b/src/main/java/com/rest/api/config/security/SecurityConfiguration.java similarity index 76% rename from src/main/java/com/rest/api/config/SecurityConfiguration.java rename to src/main/java/com/rest/api/config/security/SecurityConfiguration.java index a38ba24..bf8923d 100644 --- a/src/main/java/com/rest/api/config/SecurityConfiguration.java +++ b/src/main/java/com/rest/api/config/security/SecurityConfiguration.java @@ -1,7 +1,5 @@ -package com.rest.api.config; +package com.rest.api.config.security; -import com.rest.api.filter.JwtTokenFilter; -import com.rest.api.filter.JwtTokenProvider; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -35,14 +33,19 @@ protected void configure(HttpSecurity http) throws Exception { .authorizeRequests() // 다음 리퀘스트에 대한 사용권한 체크 .antMatchers("/*/signin", "/*/signup").permitAll() // 가입 및 인증 주소는 누구나 접근가능 .antMatchers(HttpMethod.GET, "helloworld/**").permitAll() // hellowworld로 시작하는 GET요청 리소스는 누구나 접근가능 - .anyRequest().authenticated() // 그외 나머지 요청은 모두 인증된 회원만 접근 가능 + .antMatchers("/*/users").hasRole("ADMIN") + .anyRequest().hasRole("USER") // 그외 나머지 요청은 모두 인증된 회원만 접근 가능 .and() - .addFilterBefore(new JwtTokenFilter(jwtTokenProvider), UsernamePasswordAuthenticationFilter.class); // jwt token 필터를 id/password 인증 필터 전에 넣어라. + .exceptionHandling().accessDeniedHandler(new CustomAccessDeniedHandler()) + .and() + .exceptionHandling().authenticationEntryPoint(new CustomAuthenticationEntryPoint()) + .and() + .addFilterBefore(new JwtAuthenticationFilter(jwtTokenProvider), UsernamePasswordAuthenticationFilter.class); // jwt token 필터를 id/password 인증 필터 전에 넣어라. } @Override // ignore swagger security config - public void configure(WebSecurity web) throws Exception { + public void configure(WebSecurity web) { web.ignoring().antMatchers("/v2/api-docs", "/swagger-resources/**", "/swagger-ui.html", "/webjars/**", "/swagger/**"); diff --git a/src/main/java/com/rest/api/controller/exception/ExceptionController.java b/src/main/java/com/rest/api/controller/exception/ExceptionController.java new file mode 100644 index 0000000..dbea7cf --- /dev/null +++ b/src/main/java/com/rest/api/controller/exception/ExceptionController.java @@ -0,0 +1,25 @@ +package com.rest.api.controller.exception; + +import com.rest.api.advice.exception.CAuthenticationEntryPointException; +import com.rest.api.model.response.CommonResult; +import lombok.RequiredArgsConstructor; +import org.springframework.security.access.AccessDeniedException; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +@RequiredArgsConstructor +@RestController +@RequestMapping(value = "/exception") +public class ExceptionController { + + @GetMapping(value = "/entrypoint") + public CommonResult entrypointException() { + throw new CAuthenticationEntryPointException(); + } + + @GetMapping(value = "/accessdenied") + public CommonResult accessdeniedException() { + throw new AccessDeniedException(""); + } +} diff --git a/src/main/java/com/rest/api/controller/v1/SignController.java b/src/main/java/com/rest/api/controller/v1/SignController.java index 9310d77..54b6cf6 100644 --- a/src/main/java/com/rest/api/controller/v1/SignController.java +++ b/src/main/java/com/rest/api/controller/v1/SignController.java @@ -2,7 +2,7 @@ import com.rest.api.advice.exception.CEmailSigninFailedException; import com.rest.api.entity.User; -import com.rest.api.filter.JwtTokenProvider; +import com.rest.api.config.security.JwtTokenProvider; import com.rest.api.model.response.CommonResult; import com.rest.api.model.response.SingleResult; import com.rest.api.repo.UserJpaRepo; @@ -39,7 +39,7 @@ public SingleResult signin(@ApiParam(value = "회원ID : 이메일", req if (!passwordEncoder.matches(password, user.getPassword())) throw new CEmailSigninFailedException(); - return responseService.getSingleResult(jwtTokenProvider.createToken(user.getUsername(), user.getRoles())); + return responseService.getSingleResult(jwtTokenProvider.createToken(String.valueOf(user.getMsrl()), user.getRoles())); } @ApiOperation(value = "가입", notes = "회원가입을 한다.") diff --git a/src/main/java/com/rest/api/controller/v1/UserController.java b/src/main/java/com/rest/api/controller/v1/UserController.java index b3aa843..328dd6b 100644 --- a/src/main/java/com/rest/api/controller/v1/UserController.java +++ b/src/main/java/com/rest/api/controller/v1/UserController.java @@ -9,6 +9,8 @@ import com.rest.api.service.ResponseService; import io.swagger.annotations.*; import lombok.RequiredArgsConstructor; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.bind.annotation.*; @Api(tags = {"2. User"}) @@ -31,14 +33,16 @@ public ListResult findAllUser() { } @ApiImplicitParams({ - @ApiImplicitParam(name = "X-AUTH-TOKEN", value = "로그인 성공 후 access_token", required = true, dataType = "String", paramType = "header") + @ApiImplicitParam(name = "X-AUTH-TOKEN", value = "로그인 성공 후 access_token", required = false, dataType = "String", paramType = "header") }) - @ApiOperation(value = "회원 단건 조회", notes = "userId로 회원을 조회한다") - @GetMapping(value = "/user/{msrl}") - public SingleResult findUserById(@ApiParam(value = "회원번호", required = true) @PathVariable int msrl, - @ApiParam(value = "언어", defaultValue = "ko") @RequestParam String lang) { + @ApiOperation(value = "회원 단건 조회", notes = "회원번호(msrl)로 회원을 조회한다") + @GetMapping(value = "/user") + public SingleResult findUserById(@ApiParam(value = "언어", defaultValue = "ko") @RequestParam String lang) { + // SecurityContext에서 인증받은 회원의 정보를 얻어온다. + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + String id = authentication.getName(); // 결과데이터가 단일건인경우 getSingleResult를 이용해서 결과를 출력한다. - return responseService.getSingleResult(userJpaRepo.findById(msrl).orElseThrow(CUserNotFoundException::new)); + return responseService.getSingleResult(userJpaRepo.findByUid(id).orElseThrow(CUserNotFoundException::new)); } @ApiImplicitParams({ @@ -47,7 +51,7 @@ public SingleResult findUserById(@ApiParam(value = "회원번호", require @ApiOperation(value = "회원 수정", notes = "회원정보를 수정한다") @PutMapping(value = "/user") public SingleResult modify( - @ApiParam(value = "회원번호", required = true) @RequestParam int msrl, + @ApiParam(value = "회원번호", required = true) @RequestParam long msrl, @ApiParam(value = "회원이름", required = true) @RequestParam String name) { User user = User.builder() .msrl(msrl) @@ -59,10 +63,10 @@ public SingleResult modify( @ApiImplicitParams({ @ApiImplicitParam(name = "X-AUTH-TOKEN", value = "로그인 성공 후 access_token", required = true, dataType = "String", paramType = "header") }) - @ApiOperation(value = "회원 삭제", notes = "userId로 회원정보를 삭제한다") + @ApiOperation(value = "회원 삭제", notes = "회원번호(msrl)로 회원정보를 삭제한다") @DeleteMapping(value = "/user/{msrl}") public CommonResult delete( - @ApiParam(value = "회원번호", required = true) @PathVariable int msrl) { + @ApiParam(value = "회원번호", required = true) @PathVariable long msrl) { userJpaRepo.deleteById(msrl); // 성공 결과 정보만 필요한경우 getSuccessResult()를 이용하여 결과를 출력한다. return responseService.getSuccessResult(); diff --git a/src/main/java/com/rest/api/entity/User.java b/src/main/java/com/rest/api/entity/User.java index 77ac46f..e4c0f4c 100644 --- a/src/main/java/com/rest/api/entity/User.java +++ b/src/main/java/com/rest/api/entity/User.java @@ -1,7 +1,10 @@ package com.rest.api.entity; import com.fasterxml.jackson.annotation.JsonProperty; -import lombok.*; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Getter; +import lombok.NoArgsConstructor; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; @@ -12,17 +15,16 @@ import java.util.List; import java.util.stream.Collectors; -@Entity -@Setter -@Getter -@Builder -@NoArgsConstructor -@AllArgsConstructor -@Table(name = "user") +@Builder // builder를 사용할수 있게 합니다. +@Entity // jpa entity임을 알립니다. +@Getter // user 필드값의 getter를 자동으로 생성합니다. +@NoArgsConstructor // 인자없는 생성자를 자동으로 생성합니다. +@AllArgsConstructor // 인자를 모두 갖춘 생성자를 자동으로 생성합니다. +@Table(name = "user") // 'user' 테이블과 매핑됨을 명시 public class User implements UserDetails { @Id // pk @GeneratedValue(strategy = GenerationType.IDENTITY) - private int msrl; + private long msrl; @Column(nullable = false, unique = true, length = 30) private String uid; @JsonProperty(access = JsonProperty.Access.WRITE_ONLY) @@ -40,26 +42,31 @@ public Collection getAuthorities() { return this.roles.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList()); } + @JsonProperty(access = JsonProperty.Access.WRITE_ONLY) @Override - public java.lang.String getUsername() { + public String getUsername() { return this.uid; } + @JsonProperty(access = JsonProperty.Access.WRITE_ONLY) @Override public boolean isAccountNonExpired() { return true; } + @JsonProperty(access = JsonProperty.Access.WRITE_ONLY) @Override public boolean isAccountNonLocked() { return true; } + @JsonProperty(access = JsonProperty.Access.WRITE_ONLY) @Override public boolean isCredentialsNonExpired() { return true; } + @JsonProperty(access = JsonProperty.Access.WRITE_ONLY) @Override public boolean isEnabled() { return true; diff --git a/src/main/java/com/rest/api/repo/UserJpaRepo.java b/src/main/java/com/rest/api/repo/UserJpaRepo.java index 6ce0683..2eb6ffa 100644 --- a/src/main/java/com/rest/api/repo/UserJpaRepo.java +++ b/src/main/java/com/rest/api/repo/UserJpaRepo.java @@ -5,7 +5,7 @@ import java.util.Optional; -public interface UserJpaRepo extends JpaRepository { +public interface UserJpaRepo extends JpaRepository { Optional findByUid(String email); } diff --git a/src/main/java/com/rest/api/service/security/CustomUserDetailService.java b/src/main/java/com/rest/api/service/security/CustomUserDetailService.java index e522867..47a69c5 100644 --- a/src/main/java/com/rest/api/service/security/CustomUserDetailService.java +++ b/src/main/java/com/rest/api/service/security/CustomUserDetailService.java @@ -13,7 +13,7 @@ public class CustomUserDetailService implements UserDetailsService { private final UserJpaRepo userJpaRepo; - public UserDetails loadUserByUsername(String username) { - return userJpaRepo.findByUid(username).orElseThrow(CUserNotFoundException::new); + public UserDetails loadUserByUsername(String userPk) { + return userJpaRepo.findById(Long.valueOf(userPk)).orElseThrow(CUserNotFoundException::new); } } diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 29b011b..dce0ce2 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -12,4 +12,6 @@ spring: showSql: true messages: basename: i18n/exception - encoding: UTF-8 \ No newline at end of file + encoding: UTF-8 + jwt: + secret: govlepel@$& \ No newline at end of file diff --git a/src/main/resources/i18n/exception_en.yml b/src/main/resources/i18n/exception_en.yml index 30e6ee4..47db4aa 100644 --- a/src/main/resources/i18n/exception_en.yml +++ b/src/main/resources/i18n/exception_en.yml @@ -4,9 +4,12 @@ unKnown: userNotFound: code: "-1000" msg: "This member not exist" -invalidJwtToken: - code: "-1001" - msg: "Authentication information is not valid." emailSigninFailed: code: "-1001" - msg: "Your account does not exist or your email or password is incorrect." \ No newline at end of file + msg: "Your account does not exist or your email or password is incorrect." +entryPointException: + code: "-1002" + msg: "You do not have permission to access this resource." +accessDenied: + code: "-1003" + msg: "A resource that can not be accessed with the privileges it has." \ No newline at end of file diff --git a/src/main/resources/i18n/exception_ko.yml b/src/main/resources/i18n/exception_ko.yml index 2f4f132..7213648 100644 --- a/src/main/resources/i18n/exception_ko.yml +++ b/src/main/resources/i18n/exception_ko.yml @@ -4,9 +4,12 @@ unKnown: userNotFound: code: "-1000" msg: "존재하지 않는 회원입니다." -invalidJwtToken: - code: "-1001" - msg: "인증 정보가 유효하지 않습니다." emailSigninFailed: code: "-1001" - msg: "계정이 존재하지 않거나 이메일 또는 비밀번호가 정확하지 않습니다." \ No newline at end of file + msg: "계정이 존재하지 않거나 이메일 또는 비밀번호가 정확하지 않습니다." +entryPointException: + code: "-1002" + msg: "해당 리소스에 접근하기 위한 권한이 없습니다." +accessDenied: + code: "-1003" + msg: "보유한 권한으로 접근할수 없는 리소스 입니다." \ No newline at end of file