From ab6d9da5ca801f61261866c628c0ff040b9b0238 Mon Sep 17 00:00:00 2001 From: Hangyeol Eom <122508554+ah9mon@users.noreply.github.com> Date: Mon, 31 Jul 2023 22:30:50 +0900 Subject: [PATCH] Fix/security (#29) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: @EnableGlobalMethodSecurity 어노테이션 추가 - AuthenticationPrincipal에 id추가 - 메서드별 권한 부여할 수 있는 어노테이션 추가 * fix: role이 회원가입시 ROLE_CUSTOMER로 저장되는 오류 수정 - ROLE_CUSTOMER -> ROLE_CONSUMER로 수정 --- .../anywayclear/config/SecurityConfig.java | 4 +- .../anywayclear/config/jwt/JwtProvider.java | 3 -- .../config/oauth/CustumOAuth2UserService.java | 43 ++++++++++--------- .../controller/MemberController.java | 4 ++ 4 files changed, 29 insertions(+), 25 deletions(-) diff --git a/src/main/java/com/anywayclear/config/SecurityConfig.java b/src/main/java/com/anywayclear/config/SecurityConfig.java index d8b3299..d229d21 100644 --- a/src/main/java/com/anywayclear/config/SecurityConfig.java +++ b/src/main/java/com/anywayclear/config/SecurityConfig.java @@ -6,13 +6,15 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.SecurityFilterChain; import org.springframework.web.filter.CorsFilter; @Configuration -@EnableWebSecurity +@EnableWebSecurity // spring security filter가 spring filter chain에 등록됨 +@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) // secured 어노테이션 활성화, preAuthorized, postAuthorized 어노테이션 활성화 -> 메소드 단위 권한설정 가능 public class SecurityConfig { @Autowired diff --git a/src/main/java/com/anywayclear/config/jwt/JwtProvider.java b/src/main/java/com/anywayclear/config/jwt/JwtProvider.java index 3aa0468..a58b156 100644 --- a/src/main/java/com/anywayclear/config/jwt/JwtProvider.java +++ b/src/main/java/com/anywayclear/config/jwt/JwtProvider.java @@ -21,12 +21,9 @@ public class JwtProvider { // 인증 정보를 기반으로 JWT 토큰 생성하는 메서드 public String createToken(Authentication authentication) { - System.out.println(">>>>>>>>>>>> "); // 사용자 정보 가져오기 OAuth2User oAuth2User = (OAuth2User) authentication.getPrincipal(); - System.out.println("Provider ================== "); - System.out.println("oAuth2User.getAttributes() = " + oAuth2User.getAttributes()); // 현재 시간과 토큰 만료 시간 설정 Date now = new Date(); diff --git a/src/main/java/com/anywayclear/config/oauth/CustumOAuth2UserService.java b/src/main/java/com/anywayclear/config/oauth/CustumOAuth2UserService.java index afc7772..397df47 100644 --- a/src/main/java/com/anywayclear/config/oauth/CustumOAuth2UserService.java +++ b/src/main/java/com/anywayclear/config/oauth/CustumOAuth2UserService.java @@ -31,35 +31,28 @@ public class CustumOAuth2UserService extends DefaultOAuth2UserService { @Override public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException { OAuth2User oAuth2User = super.loadUser(userRequest); - Map kakao_account = (Map) oAuth2User.getAttributes().get("kakao_account"); - Map profile = (Map) kakao_account.get("profile"); - - String emailAddress = (String) kakao_account.get("email"); - String nickname = (String) profile.get("nickname"); - String image = (String) profile.get("profile_image_url"); - Member member = getOrCreateMember(emailAddress, nickname, image); + Member member = getOrCreateMember(oAuth2User); - String oauth2UserRole = member.getRole(); - String oauth2UserId = member.getUserId(); - - Map userAttributes = new HashMap<>(); - userAttributes.put("role", oauth2UserRole); - userAttributes.put("userId", oauth2UserId); + Map userAttributes = createNewAttribute(member); // Spring Security의 세션에 OAuth2User객체 저장됨 - return new DefaultOAuth2User(Collections.singleton(new SimpleGrantedAuthority(oauth2UserRole)), userAttributes, "userId"); + return new DefaultOAuth2User(Collections.singleton(new SimpleGrantedAuthority(member.getRole())), userAttributes, "id"); } - private Member getOrCreateMember(String emailAddress, String nickname, String image) { + private Member getOrCreateMember(OAuth2User oAuth2User) { + Map kakao_account = (Map) oAuth2User.getAttributes().get("kakao_account"); + String emailAddress = (String) kakao_account.get("email"); + Optional memberOptional = memberRepository.findByEmailAddress(emailAddress); + if (memberOptional.isPresent()) { - System.out.println("이미 회원입니다"); - Member member = memberOptional.get(); - member.setImage(image); - return memberRepository.save(member); + return memberOptional.get(); } else { - System.out.println("회원가입합니다"); + Map profile = (Map) kakao_account.get("profile"); + String nickname = (String) profile.get("nickname"); + String image = (String) profile.get("profile_image_url"); + return createMember(emailAddress, nickname, image); } } @@ -74,9 +67,17 @@ private Member createMember(String emailAddress, String nickname, String image) .emailAddress(emailAddress) .image(image) .nickname(nickname) - .role("ROLE_CUSTOMER") + .role("ROLE_CONSUMER") .build(); return memberRepository.save(member); } + + private Map createNewAttribute(Member member) { + Map newAttributes = new HashMap<>(); + newAttributes.put("id", member.getId()); + newAttributes.put("userId", member.getUserId()); + newAttributes.put("role", member.getRole()); + return newAttributes; + } } diff --git a/src/main/java/com/anywayclear/controller/MemberController.java b/src/main/java/com/anywayclear/controller/MemberController.java index e6b59d4..a0c7fcb 100644 --- a/src/main/java/com/anywayclear/controller/MemberController.java +++ b/src/main/java/com/anywayclear/controller/MemberController.java @@ -4,6 +4,10 @@ import com.anywayclear.dto.response.MemberResponse; import com.anywayclear.service.MemberService; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.annotation.Secured; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.core.annotation.AuthenticationPrincipal; +import org.springframework.security.oauth2.core.user.OAuth2User; import org.springframework.web.bind.annotation.*; import javax.validation.Valid;