[Refactor/#164] Member, Security 개편

.gitignore

@@ -1,3 +1,4 @@
+**/application.pid
 HELP.md
 .gradle
 build/

build.gradle

@@ -46,6 +46,7 @@ subprojects {
                 'org.springframework.boot:spring-boot-starter-web',
                 'org.springframework.boot:spring-boot-starter-validation',
                 'org.springdoc:springdoc-openapi-ui:1.6.0',
+                'com.google.code.findbugs:jsr305:3.0.2',
 
                 // cloud config
                 'org.springframework.cloud:spring-cloud-starter-config:3.1.0',
@@ -54,6 +55,7 @@ subprojects {
         )
         testImplementation 'org.springframework.boot:spring-boot-starter-test'
 
+        developmentOnly "org.springframework.boot:spring-boot-devtools"
         compileOnly 'org.projectlombok:lombok'
 
 
@@ -78,7 +80,8 @@ project(':module-jpa') {
                 'org.springframework.boot:spring-boot-starter-data-jpa',
                 'com.querydsl:querydsl-jpa', // query dsl
                 'com.jcraft:jsch:0.1.55',  // 로컬 개발용 db ssh tunneling, https://mavenlibs.com/maven/dependency/com.jcraft/jsch
-                'org.mariadb.jdbc:mariadb-java-client',
+//                'org.mariadb.jdbc:mariadb-java-client',
+                'mysql:mysql-connector-java',
                 'com.h2database:h2'
         )
     }
@@ -90,7 +93,6 @@ project(':module-auth') {
 
     dependencies {
         api project(':module-jpa')
-
         // jwt
         api 'io.jsonwebtoken:jjwt-api:0.11.2'
         runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.2',
@@ -101,6 +103,7 @@ project(':module-auth') {
         // security
         api 'org.springframework.boot:spring-boot-starter-security'
         api 'org.springframework.boot:spring-boot-starter-oauth2-client'
+        api 'org.springframework.security:spring-security-core:5.1.6.RELEASE'
         api 'javax.xml.bind:jaxb-api'
         testImplementation 'org.springframework.security:spring-security-test'
         testImplementation 'org.mockito:mockito-inline:2.13.0'

module-auth/src/main/java/com/inhabas/api/auth/AuthBeansConfig.java

@@ -5,45 +5,45 @@
 import com.inhabas.api.auth.domain.oauth2.handler.Oauth2AuthenticationSuccessHandler;
 import com.inhabas.api.auth.domain.oauth2.userAuthorityProvider.DefaultUserAuthorityProvider;
 import com.inhabas.api.auth.domain.oauth2.userAuthorityProvider.UserAuthorityProvider;
-import com.inhabas.api.auth.domain.token.TokenProvider;
+import com.inhabas.api.auth.domain.token.TokenUtil;
 import com.inhabas.api.auth.domain.token.TokenReIssuer;
 import com.inhabas.api.auth.domain.token.TokenResolver;
-import com.inhabas.api.auth.domain.token.jwtUtils.JwtTokenProvider;
+import com.inhabas.api.auth.domain.token.jwtUtils.JwtTokenUtil;
 import com.inhabas.api.auth.domain.token.jwtUtils.JwtTokenReIssuer;
 import com.inhabas.api.auth.domain.token.jwtUtils.JwtTokenResolver;
 import com.inhabas.api.auth.domain.token.jwtUtils.refreshToken.RefreshTokenRepository;
 import com.inhabas.api.auth.domain.token.securityFilter.DefaultUserPrincipalService;
-import com.inhabas.api.auth.domain.token.securityFilter.InvalidJwtTokenHandler;
-import com.inhabas.api.auth.domain.token.securityFilter.TokenAuthenticationFailureHandler;
-import com.inhabas.api.auth.domain.token.securityFilter.TokenAuthenticationProcessingFilter;
 import com.inhabas.api.auth.domain.token.securityFilter.UserPrincipalService;
+import io.jsonwebtoken.Jwt;
 import lombok.RequiredArgsConstructor;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizedClientRepository;
-import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
+import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.security.oauth2.client.JdbcOAuth2AuthorizedClientService;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
+import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
+
+import javax.sql.DataSource;
 
 @Configuration
 @RequiredArgsConstructor
 public class AuthBeansConfig {
 
+    private final JwtTokenUtil jwtTokenUtil;
     private final AuthProperties authProperties;
+    private final RefreshTokenRepository refreshTokenRepository;
 
     @Bean
     public HttpCookieOAuth2AuthorizationRequestRepository httpCookieOAuth2AuthorizationRequestRepository() {
         return new HttpCookieOAuth2AuthorizationRequestRepository();
     }
 
-    @Bean
-    public TokenProvider tokenProvider(RefreshTokenRepository refreshTokenRepository) {
-        return new JwtTokenProvider(refreshTokenRepository);
-    }
 
     @Bean
     public Oauth2AuthenticationSuccessHandler oauth2AuthenticationSuccessHandler(RefreshTokenRepository refreshTokenRepository) {
         return new Oauth2AuthenticationSuccessHandler(
-                this.tokenProvider(refreshTokenRepository), this.authProperties, this.httpCookieOAuth2AuthorizationRequestRepository());
+                jwtTokenUtil, this.authProperties, this.httpCookieOAuth2AuthorizationRequestRepository());
     }
 
     @Bean
@@ -58,40 +58,27 @@ public UserAuthorityProvider userAuthorityService() {
     }
 
     @Bean
-    public OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository() {
-        return new HttpSessionOAuth2AuthorizedClientRepository();
+    public OAuth2AuthorizedClientService authorizedClientService(
+            DataSource dataSource, ClientRegistrationRepository clientRegistrationRepository) {
+        return new JdbcOAuth2AuthorizedClientService(new JdbcTemplate(dataSource), clientRegistrationRepository);
     }
 
     @ConditionalOnMissingBean
     public UserPrincipalService userPrincipalService() {
         return new DefaultUserPrincipalService();
     }
 
-    @Bean
-    public TokenAuthenticationFailureHandler tokenAuthenticationFailureHandler() {
-        return new InvalidJwtTokenHandler();
-    }
 
     @Bean
     public TokenResolver tokenResolver() {
         return new JwtTokenResolver();
     }
 
-    @Bean
-    public TokenAuthenticationProcessingFilter tokenAuthenticationProcessingFilter(
-            TokenProvider tokenProvider,
-            TokenResolver tokenResolver,
-            TokenAuthenticationFailureHandler failureHandler,
-            UserPrincipalService userPrincipalService
-    ) {
-        return new TokenAuthenticationProcessingFilter(tokenProvider, tokenResolver, failureHandler,
-                userPrincipalService);
-    }
 
     @Bean
-    public TokenReIssuer tokenReIssuer(TokenProvider tokenProvider, TokenResolver tokenResolver,
-            RefreshTokenRepository refreshTokenRepository) {
-        return new JwtTokenReIssuer(tokenProvider, tokenResolver, refreshTokenRepository);
+    public TokenReIssuer tokenReIssuer(TokenUtil tokenUtil, TokenResolver tokenResolver,
+                                       RefreshTokenRepository refreshTokenRepository) {
+        return new JwtTokenReIssuer(tokenUtil, tokenResolver, refreshTokenRepository);
     }
 
 }

module-auth/src/main/java/com/inhabas/api/auth/AuthProperties.java

@@ -1,5 +1,6 @@
 package com.inhabas.api.auth;
 
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.cloud.context.config.annotation.RefreshScope;
 

module-auth/src/main/java/com/inhabas/api/auth/AuthSecurityConfig.java

@@ -11,6 +11,7 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
 import org.springframework.web.cors.CorsUtils;
 
 @Order(0) // 인증 관련 security filter chain 은 우선순위가 가장 높아야 함.
@@ -20,6 +21,7 @@
 public class AuthSecurityConfig extends WebSecurityConfigurerAdapter {
 
     private final CustomOAuth2UserService customOAuth2UserService;
+    private final OAuth2AuthorizedClientService authorizedClientService;
     private final Oauth2AuthenticationSuccessHandler oauth2AuthenticationSuccessHandler;
     private final Oauth2AuthenticationFailureHandler oauth2AuthenticationFailureHandler;
     private final HttpCookieOAuth2AuthorizationRequestRepository httpCookieOAuth2AuthorizationRequestRepository;
@@ -51,29 +53,35 @@ public class AuthSecurityConfig extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) throws Exception {
 
         http
-                .antMatcher("/login/**")
+                .requestMatchers().antMatchers("/login/**")
+                .and()
+                // 세션 생성 금지
                 .sessionManagement()
                     .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                    .and()
-                .cors().and()
+                .and()
+                .cors()
+                .and()
                 .authorizeRequests()
-                    .antMatchers("/login/refresh").permitAll()
-                    .and()
-                .csrf().and()
+                    .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
+                    .anyRequest().permitAll()
+                .and()
+                .csrf().disable()
+
+                // Oauth 로그인 설정
                 .oauth2Login()
+                    .authorizedClientService(authorizedClientService)
                     .authorizationEndpoint()
                         .baseUri("/login/oauth2/authorization")
                         .authorizationRequestRepository(httpCookieOAuth2AuthorizationRequestRepository)
-                        .and()
-                        .userInfoEndpoint()
-                            .userService(customOAuth2UserService)
-                            .and()
-                    .failureHandler(oauth2AuthenticationFailureHandler)
-                    .successHandler(oauth2AuthenticationSuccessHandler)
-                    .and()
-                .authorizeRequests()
-                    .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
-                    .anyRequest().permitAll();
+                .and()
+
+                // 사용자 정보를 가져오는 엔드포인트에 대한 설정
+                .userInfoEndpoint()
+                    .userService(customOAuth2UserService)
+                .and()
+                .failureHandler(oauth2AuthenticationFailureHandler)
+                .successHandler(oauth2AuthenticationSuccessHandler);
+
     }
 
 }

module-auth/src/main/java/com/inhabas/api/auth/domain/exception/AuthExceptionCodes.java

@@ -65,7 +65,7 @@ public interface AuthExceptionCodes {
     /**
      * {@code user_not_found} - request 에 담긴 토큰정보를 사용해 기존 사용자 정보를 조회하였으나, 존재하지 않는 경우 발생.
      * 또는 최초 소셜로그인 시도하였으나 가입한 회원이 아니라면 해당 오류 발생
-     * @see com.inhabas.api.auth.domain.token.securityFilter.TokenAuthenticationProcessingFilter
+     * @see com.inhabas.api.auth.domain.token.securityFilter;
      */
     String USER_NOT_FOUND = "user_not_found";
 }

module-auth/src/main/java/com/inhabas/api/auth/domain/oauth2/CustomOAuth2User.java

@@ -0,0 +1,29 @@
+package com.inhabas.api.auth.domain.oauth2;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
+
+import java.util.Collection;
+import java.util.Map;
+
+public class CustomOAuth2User extends DefaultOAuth2User {
+
+    private Long memberId;
+
+    public CustomOAuth2User(Collection<? extends GrantedAuthority> authorities,
+                            Map<String, Object> attributes,
+                            String nameAttributeKey,
+                            Long memberId) {
+        super(authorities, attributes, nameAttributeKey);
+        this.memberId = memberId;
+    }
+
+    public Long getMemberId() {
+        return memberId;
+    }
+
+    public void setMemberId(Long memberId) {
+        this.memberId = memberId;
+    }
+
+}

module-auth/src/main/java/com/inhabas/api/auth/domain/oauth2/CustomOAuth2UserService.java

@@ -1,15 +1,20 @@
 package com.inhabas.api.auth.domain.oauth2;
 
 import com.inhabas.api.auth.domain.exception.InvalidUserInfoException;
-import com.inhabas.api.auth.domain.oauth2.userAuthorityProvider.UserAuthorityProvider;
+import com.inhabas.api.auth.domain.oauth2.member.domain.entity.Member;
 import com.inhabas.api.auth.domain.oauth2.socialAccount.SocialAccountService;
+import com.inhabas.api.auth.domain.oauth2.socialAccount.type.UID;
+import com.inhabas.api.auth.domain.oauth2.userAuthorityProvider.UserAuthorityProvider;
 import com.inhabas.api.auth.domain.oauth2.userInfo.OAuth2UserInfo;
 import com.inhabas.api.auth.domain.oauth2.userInfo.OAuth2UserInfoFactory;
+import com.inhabas.api.auth.domain.oauth2.member.domain.service.MemberService;
+import com.inhabas.api.auth.domain.oauth2.member.repository.MemberRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.stereotype.Component;
@@ -22,6 +27,8 @@ public class CustomOAuth2UserService extends DefaultOAuth2UserService {
 
     private final SocialAccountService socialAccountService;
     private final UserAuthorityProvider userAuthorityProvider;
+    private final MemberService memberService;
+    private final MemberRepository memberRepository;
 
     @Override
     public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
@@ -35,14 +42,17 @@ public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2Authentic
             throw new InvalidUserInfoException();
         }
         // db 에 소셜 계정 정보 update
-        socialAccountService.updateSocialAccountInfo(oAuth2UserInfo);
+        memberService.updateSocialAccountInfo(oAuth2UserInfo);
+        Member member = memberRepository.findByProviderAndUid(
+                        oAuth2UserInfo.getProvider(), new UID(oAuth2UserInfo.getId()))
+                .orElseThrow(() -> new OAuth2AuthenticationException(new OAuth2Error("user_not_found")));
+
 
         // 현재 로그인하려는 유저에 맞는 권한을 들고옴.
         Collection<SimpleGrantedAuthority> authorities = userAuthorityProvider.determineAuthorities(oAuth2UserInfo);
 
         String nameAttributeKey = userRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint()
                 .getUserNameAttributeName();
-
-        return new DefaultOAuth2User(authorities, oAuth2UserInfo.getAttributes(), nameAttributeKey);
+        return new CustomOAuth2User(authorities, oAuth2UserInfo.getAttributes(), nameAttributeKey, member.getId());
     }
 }

module-auth/src/main/java/com/inhabas/api/auth/domain/oauth2/handler/Oauth2AuthenticationFailureHandler.java

@@ -11,6 +11,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
@@ -27,7 +28,7 @@ public void onAuthenticationFailure(HttpServletRequest request, HttpServletRespo
 
         String redirectUri = CookieUtils.resolveCookie(request, REDIRECT_URL_PARAM_COOKIE_NAME)
                 .map(Cookie::getValue)
-                .orElse(null);
+                .orElse("");
 
         String targetUrl = getAuthorizedTargetUrl(exception, redirectUri);
 
@@ -39,7 +40,7 @@ public void onAuthenticationFailure(HttpServletRequest request, HttpServletRespo
     private String getAuthorizedTargetUrl(AuthenticationException exception, String redirectUri) {
 
         StringBuilder targetUrl = new StringBuilder();
-        if (exception instanceof UnauthorizedRedirectUrlException || redirectUri.isBlank() || notAuthorized(redirectUri)) {
+        if (exception instanceof UnauthorizedRedirectUrlException || StringUtils.isBlank(redirectUri) || notAuthorized(redirectUri)) {
             targetUrl.append(authProperties.getOauth2().getDefaultRedirectUri());
         }
         else {