-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[33] api 별 유저 권한체크 #40
Merged
Merged
Changes from 11 commits
Commits
Show all changes
12 commits
Select commit
Hold shift + click to select a range
453dc94
[33] partner 권한이 필요한 api 에 권한 체크 추가
ohsuha 9eddb25
[33] cart, address api 의 role 체크 및 userAuthId 토큰 파싱
ohsuha 3f44a37
[33] open api config addresses 주소 설정 변경
ohsuha 5cc8eff
[33] order api role 권한 추가
ohsuha 6382b09
[33] userAuthId 를 String 으로 변경 등
ohsuha 2de4a06
[33] address 관련 테스트 코드 수정
ohsuha d79ef41
[33] address test 불필요한 setUp 삭제
ohsuha 6999a7a
[33] cart 관련 테스트 코드 수정
ohsuha d93310f
[33] product 에 관한 테스트 코드 수정
ohsuha 41520a4
[33] reformat code
ohsuha 8cc4b1d
[33] address list api 에 id 추가
ohsuha c500fba
[33] 불필요한 로그 삭제
ohsuha File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,23 +1,36 @@ | ||
package org.example.commerce_site.config; | ||
|
||
import java.util.Collection; | ||
import java.util.List; | ||
import java.util.Map; | ||
import java.util.stream.Collectors; | ||
|
||
import org.example.commerce_site.config.filter.UserIdFilter; | ||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.http.HttpMethod; | ||
import org.springframework.security.config.Customizer; | ||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; | ||
import org.springframework.security.config.annotation.web.builders.HttpSecurity; | ||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; | ||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; | ||
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer; | ||
import org.springframework.security.core.GrantedAuthority; | ||
import org.springframework.security.core.authority.SimpleGrantedAuthority; | ||
import org.springframework.security.core.session.SessionRegistryImpl; | ||
import org.springframework.security.oauth2.jwt.Jwt; | ||
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter; | ||
import org.springframework.security.web.SecurityFilterChain; | ||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; | ||
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy; | ||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy; | ||
|
||
import lombok.extern.slf4j.Slf4j; | ||
|
||
@Slf4j | ||
@Configuration | ||
@EnableWebSecurity | ||
@EnableMethodSecurity(securedEnabled = true) | ||
public class SecurityConfig { | ||
private final AuthExcludeProperties authExcludeProperties; | ||
|
||
|
@@ -33,6 +46,7 @@ protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { | |
@Bean | ||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { | ||
JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter(); | ||
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(this::extractAuthorities); | ||
|
||
http | ||
.csrf(AbstractHttpConfigurer::disable) | ||
|
@@ -50,4 +64,20 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti | |
|
||
return http.build(); | ||
} | ||
|
||
private Collection<GrantedAuthority> extractAuthorities(Jwt jwt) { | ||
var resourceAccess = (Map<String, Object>)jwt.getClaim("resource_access"); | ||
var roles = (Map<String, Object>)resourceAccess.get("oauth2-client-app"); | ||
|
||
if (roles != null) { | ||
log.info(roles.toString()); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 이 로그는 어디에 필요해서 남기는 건가요? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 헉 불필요한 로그입니다. 테스트 하기 위해서 사용했는데 삭제하도록 하겠습니다. |
||
|
||
var roleList = (List<String>)roles.get("roles"); | ||
return roleList.stream() | ||
.map(role -> new SimpleGrantedAuthority(role)) | ||
.collect(Collectors.toList()); | ||
} | ||
|
||
return List.of(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
권한을 jwt에서 받아올 때, 관리 측면에서 신경써줘야 할 부분이 있을까요?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
토큰 만료 시간을 짧게 설정해서 탈취되더라도 오랫동안 사용되지 않게 합니다.
role 이 변경되었는데 기존 발급받은 토큰의 재사용을 막기 위해 api 서버에서 DB 체크를 추가로 합니다
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
db 체크를 추가로 하면, 토큰에 role을 집어넣을 필요가 없는거 아닌가요?