Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[LIME-122] 카카오 소셜 로그인 처리 방식 수정 #63

Merged
merged 16 commits into from
Mar 9, 2024
Merged

[LIME-122] 카카오 소셜 로그인 처리 방식 수정 #63

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
8695497
chore : 소셜로그인 사용 방식 변경으로 인한 oauth2의존성 제거
HandmadeCloud Mar 7, 2024
285f2a4
feat : 카카오 소셜로그인 code를 받아 처리하는 비즈니스 로직 구현
HandmadeCloud Mar 7, 2024
17d4d60
refactor : 소셜 id long타입으로 변경
HandmadeCloud Mar 7, 2024
098c363
feat : 카카오 전용 토큰 요청 및 수신 dto 생성
HandmadeCloud Mar 7, 2024
71911d1
refactor: 카카오 소셜로그인 방식 변경으로 인한 security 설정 변경
HandmadeCloud Mar 7, 2024
e145506
refactor : property 추가로 인한 스캔 범위 수정
HandmadeCloud Mar 7, 2024
5d9ba7d
chore : 개행 수정
HandmadeCloud Mar 7, 2024
9c935dd
fix : gradle 소셜로그인 의존성 제거 및 프로퍼티 적용 의존성 추가
HandmadeCloud Mar 7, 2024
79aa60c
chore : 각종 handler, entrypoint 시도중
HandmadeCloud Mar 7, 2024
9dd6d04
chore : 파일 이동
HandmadeCloud Mar 8, 2024
68683b6
refactor : 인가처리 단계에서 권한 확인 후 인증처리 전 프로필 업데이트 양식으로 리다이렉트 처리
HandmadeCloud Mar 8, 2024
f2332eb
chore : 사용하지 않는 코드 정리
HandmadeCloud Mar 8, 2024
188a92a
refactor : join페이지로 리다이렉트, 해당 권한 승인 처리
HandmadeCloud Mar 8, 2024
05d9cf0
refactor : refreshToken전달방식 변경
HandmadeCloud Mar 9, 2024
2f94280
chore : 컨벤션 및 사용 문법 수정
HandmadeCloud Mar 9, 2024
852f50e
refactor : 레이어 역참조 문제 해결
HandmadeCloud Mar 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion lime-api/src/main/java/com/programmers/lime/global/config/security/MemberSecurity.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import org.springframework.security.core.userdetails.UserDetails;

import com.programmers.lime.domains.member.domain.Member;
import com.programmers.lime.domains.member.domain.vo.Role;

import lombok.RequiredArgsConstructor;

Expand All @@ -18,7 +19,7 @@ public class MemberSecurity implements UserDetails {

@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return List.of(new SimpleGrantedAuthority(member.getRole().name()));
return List.of(new SimpleGrantedAuthority("ROLE_" + member.getRole().name()));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

p1;
Role 이넘 클래스를 보면 key 값이 'ROLE_xx' 형태로 되어있던데, member.getRole().getKey()로 사용할 수 있지 않을까요??

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2f94280 반영 완료

}

@Override
Expand Down
37 changes: 8 additions & 29 deletions ...-api/src/main/java/com/programmers/lime/global/config/security/SecurityConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,13 @@
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import com.programmers.lime.domains.member.implementation.MemberReader;
import com.programmers.lime.global.config.security.auth.handler.OAuth2LoginFailureHandler;
import com.programmers.lime.global.config.security.auth.handler.OAuth2LoginSuccessHandler;
import com.programmers.lime.global.config.security.jwt.JwtAuthenticationFilter;
import com.programmers.lime.global.config.security.jwt.JwtService;

import lombok.RequiredArgsConstructor;

Expand All @@ -32,11 +27,9 @@
@RequiredArgsConstructor
public class SecurityConfiguration {

private final OAuth2UserService oAuth2UserService; //추가
private final JwtService jwtService; // 추가
private final MemberReader memberReader;
private final JwtAuthenticationFilter jwtAuthenticationFilter;
private final AuthenticationProvider authenticationProvider;
private final AccessDeniedHandler accessDeniedHandler;

@Bean
public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
Expand All @@ -48,12 +41,8 @@ public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws E
.requestMatchers("/swagger-ui/**").permitAll()
.requestMatchers("/swagger*/**").permitAll()
.requestMatchers("/v3/api-docs/**").permitAll()
.requestMatchers("/").permitAll()

.requestMatchers("/api/members/signup").permitAll()
.requestMatchers("/api/members/login").permitAll()
.requestMatchers("/api/members/check/nickname").permitAll()
.requestMatchers("/api/members/check/email").permitAll()
.requestMatchers("/api/members/mypage/{nickname}").permitAll()
.requestMatchers("/api/members/refresh").permitAll()

Expand All @@ -78,31 +67,21 @@ public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws E
.requestMatchers("/api/hobbies").permitAll()
.requestMatchers("/login").permitAll()
.requestMatchers("/actuator/**").permitAll()
.anyRequest().authenticated()
.requestMatchers("/api/auth/kakao/callback").permitAll()

.anyRequest().hasRole("USER")

)
.sessionManagement(session -> session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
)
.authenticationProvider(authenticationProvider)
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);

http.oauth2Login(oauth2Configurer -> oauth2Configurer
.successHandler(successHandler())
.failureHandler(failureHandler())
.userInfoEndpoint(userInfoEndpointConfig -> userInfoEndpointConfig.userService(oAuth2UserService)));
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
.exceptionHandling((exceptions) -> exceptions.accessDeniedHandler(accessDeniedHandler));

return http.build();
}

@Bean
public AuthenticationFailureHandler failureHandler() {
return new OAuth2LoginFailureHandler();
}

@Bean
public AuthenticationSuccessHandler successHandler() {
return new OAuth2LoginSuccessHandler(jwtService, memberReader);
}

@Bean
public CorsConfigurationSource corsConfigurationSource() {
Expand Down
43 changes: 37 additions & 6 deletions ...rc/main/java/com/programmers/lime/global/config/security/jwt/JwtAuthenticationFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,26 +1,36 @@
package com.programmers.lime.global.config.security.jwt;

import java.io.IOException;
import java.util.Collection;
import java.util.List;

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.servlet.HandlerExceptionResolver;

import com.programmers.lime.domains.member.domain.Member;
import com.programmers.lime.domains.member.implementation.MemberReader;
import com.programmers.lime.global.config.security.MemberSecurity;

import io.jsonwebtoken.JwtException;
import jakarta.servlet.FilterChain;
import jakarta.servlet.RequestDispatcher;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.NonNull;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;

@Slf4j
@Component
@RequiredArgsConstructor
public class JwtAuthenticationFilter extends OncePerRequestFilter {
Expand All @@ -29,6 +39,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {

private final JwtService jwtService;
private final HandlerExceptionResolver handlerExceptionResolver;
private final UserDetailsService userDetailsService;

@Override
protected void doFilterInternal(
Expand All @@ -39,20 +50,25 @@ protected void doFilterInternal(
final String requestUri = request.getRequestURI();
final String authHeader = request.getHeader("Authorization");
final String jwt;
final String memberId;

if (requestUri.equals("/api/members/refresh") || authHeader == null || !authHeader.startsWith("Bearer ")) {
filterChain.doFilter(request, response);
return;
}

jwt = authHeader.substring(TOKEN_BEGIN_INDEX);

try {
if (SecurityContextHolder.getContext().getAuthentication() == null && jwtService.isAccessTokenValid(jwt)) {
memberId = jwtService.extractUsername(jwt);

final String memberId = jwtService.extractUsername(jwt);
final UserDetails principal = makePrincipal(memberId);

// if(needsProfileUpdate(principal)){
// // response.setHeader("Location","http://localhost:8080/join");
// // response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
// // response.sendRedirect("http://localhost:8080/join");
//
// }

final UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(
principal,
null,
Expand All @@ -69,7 +85,22 @@ protected void doFilterInternal(
}
}

private static UserDetails makePrincipal(final String memberId) {
return new User(memberId, "", List.of(new SimpleGrantedAuthority("ROLE_USER")));
// private static boolean needsProfileUpdate(final UserDetails principal) {
// Collection<? extends GrantedAuthority> authorities = principal.getAuthorities();
// for(GrantedAuthority authority : authorities){
// String role = authority.getAuthority();
// if(role.equals("ROLE_GUEST")){
// return true;
// }
// }
// return false;
// }

private UserDetails makePrincipal(final String memberId) {
return userDetailsService.loadUserByUsername(memberId);
}

// private static UserDetails makePrincipal(final String memberId) {
// return new User(memberId, "", List.of(new SimpleGrantedAuthority("ROLE_USER")));
// }
}