forked from InhaBas/Inhabas.com-api
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathAuthSecurityConfig.java
More file actions
91 lines (83 loc) · 4.21 KB
/
AuthSecurityConfig.java
File metadata and controls
91 lines (83 loc) · 4.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package com.inhabas.api.auth.config;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.cors.CorsUtils;
import com.inhabas.api.auth.domain.oauth2.CustomOAuth2UserService;
import com.inhabas.api.auth.domain.oauth2.cookie.HttpCookieOAuth2AuthorizationRequestRepository;
import com.inhabas.api.auth.domain.oauth2.handler.Oauth2AuthenticationFailureHandler;
import com.inhabas.api.auth.domain.oauth2.handler.Oauth2AuthenticationSuccessHandler;
@Order(0) // 인증 관련 security filter chain 은 우선순위가 가장 높아야 함.
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
@Profile({"dev1", "dev2", "local", "prod1", "prod2"}) // 테스트에는 포함시키지 않음.
public class AuthSecurityConfig {
private final CustomOAuth2UserService customOAuth2UserService;
private final OAuth2AuthorizedClientService authorizedClientService;
private final Oauth2AuthenticationSuccessHandler oauth2AuthenticationSuccessHandler;
private final Oauth2AuthenticationFailureHandler oauth2AuthenticationFailureHandler;
private final HttpCookieOAuth2AuthorizationRequestRepository
httpCookieOAuth2AuthorizationRequestRepository;
/**
* 소셜 로그인 api <br>
* <br>
* 진행과정은 아래와 같다.<br>
*
* <ol>
* <li>사용자가 소셜로그인 시작. (프론트에서 redirect_url 보내줘야함.)
* <li>OAuth2 인증 진행 -> 기존 회원인지 검사
* <ol style="list-style-type:lower-alpha">
* <li>성공 -> OAuth2AuthenticationSuccessHandler
* <ol>
* <li>프론트에서 보내준 redirect_url 검증 (-> 실패하면 failure handler 에서 처리)
* <li>jwt 토큰 발급 및 로그인 처리
* <li>리다이렉트
* </ol>
* <li>실패 -> OAuth2AuthenticationFailureHandler
* </ol>
* </ol>
*
* 회원가입이나, jwt 토큰 발급을 위한 url 로 함부로 접근할 수 없게 하기 위해 jwt 토근이 발급되기 이전까지는 OAuth2 인증 결과를 세션을 통해서 유지함.
* 따라서 critical 한 url 에 대해서 OAuth2 인증이 완료된 세션에 한해서만 허용.
*/
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.securityMatcher("/login/**")
// 세션 생성 금지
.sessionManagement(
session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.cors(cors -> cors.disable())
.authorizeHttpRequests(
authorize ->
authorize
.requestMatchers(CorsUtils::isPreFlightRequest)
.permitAll()
.anyRequest()
.permitAll())
.csrf(csrf -> csrf.disable())
// Oauth 로그인 설정
.oauth2Login(
oauth2 ->
oauth2
.authorizedClientService(authorizedClientService)
.authorizationEndpoint(
authorization ->
authorization
.baseUri("/login/oauth2/authorization")
.authorizationRequestRepository(
httpCookieOAuth2AuthorizationRequestRepository))
// 사용자 정보를 가져오는 엔드포인트에 대한 설정
.userInfoEndpoint(userInfo -> userInfo.userService(customOAuth2UserService))
.failureHandler(oauth2AuthenticationFailureHandler)
.successHandler(oauth2AuthenticationSuccessHandler));
return http.build();
}
}