[PR] Artscope 2.5 아고라, 이벤트 출시

.github/workflows/dev-build.yml

@@ -16,15 +16,10 @@ env:
   JASYPT_ENCRYPTOR_PASSWORD: ${{ secrets.JASYPT_ENCRYPTOR_PASSWORD }}
 
 jobs:
-  test:
-    uses: ./.github/workflows/test.yaml
-    secrets:
-      JASYPT_ENCRYPTOR_PASSWORD: ${{ secrets.JASYPT_ENCRYPTOR_PASSWORD }}
 
   build-dockerized-development:
     name: Build Dockerized Development
     runs-on: ubuntu-latest
-    needs: test
 
     services:
       redis:
@@ -35,10 +30,10 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: Set up JDK 11
+      - name: Set up JDK 17
         uses: actions/setup-java@v3
         with:
-          java-version: '11'
+          java-version: '17'
           distribution: 'temurin'
 
       - name: Cache Gradle packages

.github/workflows/prod-build.yml

@@ -17,15 +17,10 @@ env:
   AWS_CODE_DEPLOY_GROUP: artscope-codedeploy-group
 
 jobs:
-  test:
-    uses: ./.github/workflows/test.yaml
-    secrets:
-      JASYPT_ENCRYPTOR_PASSWORD: ${{ secrets.JASYPT_ENCRYPTOR_PASSWORD }}
 
   build-dockerized-production:
     name: Build and push Docker image
     runs-on: ubuntu-latest
-    needs: test
 
     services:
       redis:
@@ -36,10 +31,10 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: Set up JDK 11
+      - name: Set up JDK 17
         uses: actions/setup-java@v3
         with:
-          java-version: '11'
+          java-version: '17'
           distribution: 'temurin'
 
       - name: Cache Gradle packages

.github/workflows/test.yaml

@@ -31,10 +31,10 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: Set up JDK 11
+      - name: Set up JDK 17
         uses: actions/setup-java@v3
         with:
-          java-version: '11'
+          java-version: '17'
           distribution: 'temurin'
 
       - name: Cache Gradle packages

Dockerfile.dev

@@ -1,4 +1,4 @@
-FROM openjdk:11
+FROM openjdk:17
 
 ARG JAVA_OPTS
 

Dockerfile.prod

@@ -1,4 +1,4 @@
-FROM openjdk:11
+FROM openjdk:17
 
 ARG JAVA_OPTS
 

build.gradle

@@ -1,12 +1,12 @@
 plugins {
-    id 'org.springframework.boot' version '2.6.6'
-    id 'io.spring.dependency-management' version '1.0.11.RELEASE'
+    id 'org.springframework.boot' version '3.1.5'
+    id 'io.spring.dependency-management' version '1.1.4'
     id 'java'
 }
 
 group = 'com.example'
 version = '0.0.1-SNAPSHOT'
-sourceCompatibility = '11'
+sourceCompatibility = '17'
 
 configurations {
     compileOnly {
@@ -16,7 +16,6 @@ configurations {
     all {
         exclude group: 'org.springframework.boot', module: 'spring-boot-starter-logging'
     }
-
 }
 
 repositories {
@@ -26,19 +25,28 @@ repositories {
 dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
     implementation 'org.springframework.boot:spring-boot-starter-web'
-    implementation 'io.springfox:springfox-boot-starter:3.0.0'
-    implementation 'org.springframework.boot:spring-boot-starter-security:2.6.7'
-    implementation 'org.springframework.boot:spring-boot-starter-validation:2.6.7'
-    implementation 'org.springframework.boot:spring-boot-starter-oauth2-client:2.6.7'
-    implementation 'org.springframework.cloud:spring-cloud-starter-aws:2.2.6.RELEASE'
+    implementation 'org.springframework.boot:spring-boot-starter-security:'
+    implementation 'org.springframework.boot:spring-boot-starter-validation'
+    implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
     implementation 'org.springframework.boot:spring-boot-starter-mail' // email
+    implementation 'org.springframework.cloud:spring-cloud-starter-aws:2.2.6.RELEASE'
+
+    // Swagger
+    implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.2.0'
+
+    // thymeleaf
+    implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
 
     // https://mvnrepository.com/artifact/org.apache.tika/tika-core
     implementation 'org.apache.tika:tika-core:2.7.0'    // Image Validation
 
-    implementation group: 'io.jsonwebtoken', name: 'jjwt-api', version: '0.11.3'
-    runtimeOnly group: 'io.jsonwebtoken', name: 'jjwt-impl', version: '0.11.3'
-    runtimeOnly group: 'io.jsonwebtoken', name: 'jjwt-jackson', version: '0.11.3'
+    implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5'
+
+    // XSS Protection
+    // https://mvnrepository.com/artifact/org.apache.commons/commons-text
+    implementation 'org.apache.commons:commons-text:1.11.0'
 
     // Env Security
     implementation("com.github.ulisesbocchio:jasypt-spring-boot-starter:3.0.5")
@@ -47,24 +55,26 @@ dependencies {
     compileOnly 'org.projectlombok:lombok'
     annotationProcessor 'org.projectlombok:lombok'
 
-    runtimeOnly 'com.h2database:h2'
-    runtimeOnly 'mysql:mysql-connector-java'
+    runtimeOnly 'com.mysql:mysql-connector-j'
     implementation 'org.flywaydb:flyway-core'
-//    implementation 'org.postgresql:postgresql:42.5.0'
+    implementation 'org.flywaydb:flyway-mysql'
+
     implementation 'org.springframework.boot:spring-boot-starter-data-redis'
 
-    implementation 'org.springframework.security:spring-security-test:5.6.7'
+    implementation 'org.springframework.security:spring-security-test'
 
     // Log
     implementation 'org.bgee.log4jdbc-log4j2:log4jdbc-log4j2-jdbc4.1:1.16'
     implementation("org.springframework.boot:spring-boot-starter-log4j2")
 
-    testCompileOnly 'org.projectlombok:lombok:1.18.22'
-    testAnnotationProcessor 'org.projectlombok:lombok:1.18.22'
+    testCompileOnly 'org.projectlombok:lombok'
+    testAnnotationProcessor 'org.projectlombok:lombok'
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     testImplementation 'io.findify:s3mock_2.13:0.2.6'
+    testImplementation 'com.h2database:h2'
+
 }
 
-tasks.named('test') {
+test {
     useJUnitPlatform()
 }

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

src/main/java/com/example/codebase/ArtBackendApplication.java

@@ -1,14 +1,9 @@
 package com.example.codebase;
 
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.autoconfigure.flyway.FlywayMigrationStrategy;
-import org.springframework.context.annotation.Bean;
 import org.springframework.scheduling.annotation.EnableScheduling;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
 
 @Slf4j
 @EnableScheduling

src/main/java/com/example/codebase/config/JwtSecurityConfig.java

@@ -9,7 +9,7 @@
 
 public class JwtSecurityConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
 
-    private TokenProvider tokenProvider;
+    private final TokenProvider tokenProvider;
 
     public JwtSecurityConfig(TokenProvider tokenProvider) {
         this.tokenProvider = tokenProvider;

src/main/java/com/example/codebase/config/RedisConfig.java

@@ -1,8 +1,6 @@
 package com.example.codebase.config;
 
-import lombok.Getter;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.cache.annotation.EnableCaching;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
@@ -15,10 +13,10 @@
 @EnableRedisRepositories
 public class RedisConfig {
 
-    @Value("${spring.redis.host}")
+    @Value("${spring.data.redis.host}")
     private String host;
 
-    @Value("${spring.redis.port}")
+    @Value("${spring.data.redis.port}")
     private int port;
 
     @Bean

src/main/java/com/example/codebase/config/S3Config.java

@@ -29,8 +29,8 @@ public BasicAWSCredentials basicAWSCredentials() {
     @Bean
     public AmazonS3 amazonS3() {
         return AmazonS3ClientBuilder.standard()
-                .withRegion(region)
-                .withCredentials(new AWSStaticCredentialsProvider(basicAWSCredentials()))
-                .build();
+            .withRegion(region)
+            .withCredentials(new AWSStaticCredentialsProvider(basicAWSCredentials()))
+            .build();
     }
 }

src/main/java/com/example/codebase/config/SecurityConfig.java

@@ -1,30 +1,47 @@
 package com.example.codebase.config;
 
-import com.example.codebase.domain.auth.service.CustomOAuth2UserService;
 import com.example.codebase.domain.auth.handler.OAuth2AuthenticationFailureHandler;
 import com.example.codebase.domain.auth.handler.OAuth2AuthenticationSuccessHandler;
+import com.example.codebase.domain.auth.service.CustomOAuth2UserService;
+import com.example.codebase.jwt.JwtAccessDeniedHandler;
 import com.example.codebase.jwt.JwtAuthenticationEntryPoint;
 import com.example.codebase.jwt.TokenProvider;
-import com.example.codebase.jwt.JwtAccessDeniedHandler;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
 
+@Configuration
 @EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = true)
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+@EnableMethodSecurity
+public class SecurityConfig {
     private final TokenProvider tokenProvider;
     private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
     private final JwtAccessDeniedHandler jwtAccessDeniedHandler;
     private final OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler;
     private final OAuth2AuthenticationFailureHandler oAuth2AuthenticationFailureHandler;
     private final CustomOAuth2UserService customOAuth2UserService;
+    private final String[] permitList = {
+            "/v2/**",
+            "/v3/**",
+            "/configuration/**",
+            "/swagger*/**",
+            "/webjars/**",
+            "/swagger-resources/**"
+    };
+
     @Autowired
-    public SecurityConfig(TokenProvider tokenProvider, JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint, JwtAccessDeniedHandler jwtAccessDeniedHandler, OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler, OAuth2AuthenticationFailureHandler oAuth2AuthenticationFailureHandler, CustomOAuth2UserService customOAuth2UserService) {
+    public SecurityConfig(TokenProvider tokenProvider, JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint,
+                          JwtAccessDeniedHandler jwtAccessDeniedHandler,
+                          OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler,
+                          OAuth2AuthenticationFailureHandler oAuth2AuthenticationFailureHandler,
+                          CustomOAuth2UserService customOAuth2UserService) {
         this.tokenProvider = tokenProvider;
         this.jwtAuthenticationEntryPoint = jwtAuthenticationEntryPoint;
         this.jwtAccessDeniedHandler = jwtAccessDeniedHandler;
@@ -33,56 +50,51 @@ public SecurityConfig(TokenProvider tokenProvider, JwtAuthenticationEntryPoint j
         this.customOAuth2UserService = customOAuth2UserService;
     }
 
-    private String[] permitList = {
-            "/v2/**",
-            "/v3/**",
-            "/configuration/**",
-            "/swagger*/**",
-            "/webjars/**",
-            "/swagger-resources/**"
-    };
+//    @Override
+//    public void configure(WebSecurity web) throws Exception {
+//        web
+//                .ignoring()
+//                .antMatchers("/h2-console/**", "/favicon.ico")
+//                .antMatchers(permitList);
+//    }
 
-    @Override
-    public void configure(WebSecurity web) throws Exception {
-        web
-                .ignoring()
-                .antMatchers("/h2-console/**", "/favicon.ico")
-                .antMatchers(permitList);
-    }
+/*
+        @Bean
+        public WebSecurityCustomizer webSecurityCustomizer() {
+           return (web) -> web.ignoring().antMatchers("/ignore1", "/ignore2");
+        }
+ */
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-                .csrf().disable()
-                .formLogin().disable()
-                .httpBasic().disable()
-                .headers().frameOptions().disable()
-
-                .and()
-                .exceptionHandling()
-                .authenticationEntryPoint(jwtAuthenticationEntryPoint)
-                .accessDeniedHandler(jwtAccessDeniedHandler)
+                .csrf(AbstractHttpConfigurer::disable)
+                .formLogin(AbstractHttpConfigurer::disable)
+                .httpBasic(AbstractHttpConfigurer::disable)
+                .headers((headers) -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
 
+                .oauth2Login((oauth2Login) -> oauth2Login
+                        .successHandler(oAuth2AuthenticationSuccessHandler)
+                        .failureHandler(oAuth2AuthenticationFailureHandler)
+                        .userInfoEndpoint((userInfoEndpointConfig -> userInfoEndpointConfig.userService(customOAuth2UserService))))
 
-                .and()
-                .sessionManagement()
-                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .exceptionHandling((exceptionHandler -> exceptionHandler
+                        .authenticationEntryPoint(jwtAuthenticationEntryPoint)
+                        .accessDeniedHandler(jwtAccessDeniedHandler)))
 
-                .and()
-                .authorizeRequests()
-                .antMatchers("/api/**").permitAll()
-                .antMatchers(permitList).permitAll()
+                .sessionManagement((httpSecuritySessionManagementConfigurer) -> httpSecuritySessionManagementConfigurer
+                        .sessionFixation().none()
+                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
 
-                .anyRequest().authenticated()
+                .authorizeHttpRequests((authz) -> authz
+                        .requestMatchers("/api/**", "/hizz").permitAll()
+                        .requestMatchers(permitList).hasAnyAuthority("ROLE_ADMIN")
+                        .anyRequest().authenticated()
+                )
 
-                .and()
-                .apply(new JwtSecurityConfig(tokenProvider))
+                .apply(new JwtSecurityConfig(tokenProvider));
 
-                .and()
-                .oauth2Login()  // oidc
-                .successHandler(oAuth2AuthenticationSuccessHandler)
-                .failureHandler(oAuth2AuthenticationFailureHandler)
-                .userInfoEndpoint().userService(customOAuth2UserService);
+        return http.build();
     }
 }