From 5a974631e9ee0ba2b0952f4f54dc2397dd647842 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?dhji=28=EC=A7=80=EB=8C=80=ED=95=9C=29?= Date: Wed, 7 Feb 2024 16:55:37 +0900 Subject: [PATCH] =?UTF-8?q?fix:=20web=20ignore=20=EC=82=AC=EC=9A=A9?= =?UTF-8?q?=EC=8B=9C=20warning?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit web ignore 대신 security filter의 permitAll로 대체 --- app/kac-app/build.gradle | 7 ++- .../app/core/security/AppSecurityConfig.java | 30 +++++----- .../kac/config/security/SecurityConfig.java | 55 +++++++++++++++---- .../pty/repository/PtyCstmrBasRepository.java | 2 +- http-client/http/auth.http | 4 ++ 5 files changed, 71 insertions(+), 27 deletions(-) diff --git a/app/kac-app/build.gradle b/app/kac-app/build.gradle index 72cfc38..d2e93a5 100644 --- a/app/kac-app/build.gradle +++ b/app/kac-app/build.gradle @@ -39,7 +39,12 @@ dependencies { implementation project(":common-security") implementation project(":web-api-com") // TDOO: 제거... -// compileOnly project(":data-com") +// implementation project(":data-cns") +// implementation project(":data-com") +// implementation project(":data-ctr") +// implementation project(":data-flt") +// implementation project(":data-other") +// implementation project(":data-pty") } ext { diff --git a/app/kac-app/src/main/java/kr/co/palnet/kac/app/core/security/AppSecurityConfig.java b/app/kac-app/src/main/java/kr/co/palnet/kac/app/core/security/AppSecurityConfig.java index c4a27ee..8b62e3c 100644 --- a/app/kac-app/src/main/java/kr/co/palnet/kac/app/core/security/AppSecurityConfig.java +++ b/app/kac-app/src/main/java/kr/co/palnet/kac/app/core/security/AppSecurityConfig.java @@ -7,11 +7,16 @@ import kr.co.palnet.kac.config.security.service.BaseUserDetailsService; import lombok.extern.slf4j.Slf4j; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.DependsOn; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.web.SecurityFilterChain; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + @Slf4j @EnableWebSecurity @@ -20,25 +25,24 @@ public class AppSecurityConfig extends SecurityConfig { // 시큐리티 적용 안하는 URL 목록 private final String[] IGNORE_URL = { - "/docs/index.html", - "/api-docs/**", - "/swagger-ui/**", - "/v1/com/code/**" + "/v1/com/code/**", }; - private final String[] USER_URL = {}; - - + // 권한(ROLE)별 URL + private final String[] USER_URL = { + }; public AppSecurityConfig(BaseUserDetailsService baseUserDetailsService, BaseAuthenticationEntryPoint baseAuthenticationEntryPoint, BaseAccessDeniedHandler baseAccessDeniedHandler) { super(baseUserDetailsService, baseAuthenticationEntryPoint, baseAccessDeniedHandler); } @Override - @Bean - protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + // 기본 security 설정을 불러온다. this.setDefaultHttpSecurity(http); + // 여기서는 role별 허용 url 설정을 한다. http + .securityMatchers(matchers -> matchers.requestMatchers("/**")) .authorizeHttpRequests(authz -> authz .requestMatchers(USER_URL).hasRole("USER") @@ -49,10 +53,10 @@ public class AppSecurityConfig extends SecurityConfig { return http.build(); } - @Bean - public WebSecurityCustomizer appWebSecurityCustomizer() { - return web -> web.ignoring() - .requestMatchers(IGNORE_URL); + // security filter 제외 - permission all + @Override + protected List getExcludeURI() { + return new ArrayList<>(Arrays.asList(IGNORE_URL)); } } diff --git a/common/security/src/main/java/kr/co/palnet/kac/config/security/SecurityConfig.java b/common/security/src/main/java/kr/co/palnet/kac/config/security/SecurityConfig.java index 89993b7..fbbf0fc 100644 --- a/common/security/src/main/java/kr/co/palnet/kac/config/security/SecurityConfig.java +++ b/common/security/src/main/java/kr/co/palnet/kac/config/security/SecurityConfig.java @@ -6,15 +6,16 @@ import kr.co.palnet.kac.config.security.filter.JwtCheckFilter; import kr.co.palnet.kac.config.security.filter.JwtLoginFilter; import kr.co.palnet.kac.config.security.service.BaseUserDetailsService; import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.core.annotation.Order; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.crypto.password.NoOpPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; @@ -22,7 +23,11 @@ import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; +import java.util.Arrays; +import java.util.List; +@EnableWebSecurity +@Configuration @RequiredArgsConstructor public abstract class SecurityConfig { @@ -30,20 +35,25 @@ public abstract class SecurityConfig { private final BaseAuthenticationEntryPoint baseAuthenticationEntryPoint; private final BaseAccessDeniedHandler baseAccessDeniedHandler; - private final String[] SWAGGER_URI = { + // 정적 + private final String[] IGNORE_URI = { + // swagger + "/swagger-ui/**", "/swagger-ui/index.html", "/v3/api-docs", "/swagger-resources/**", "/webjars/**", - // "/swagger-ui/**", - // "/api-docs/**" + // rest doc + "/docs/index.html", + "/api-docs/**", + // custom + "/ping" }; - @Bean PasswordEncoder passwordEncoder() { // return new BCryptPasswordEncoder(); - // TODO 테스트 후 BCryptPasswordEncoder 로 변경 + // TODO 테스트 후 BCryptPasswordEncoder 로 변경 - 회원가입 로직 구현 후 제거 return NoOpPasswordEncoder.getInstance(); } @@ -55,10 +65,12 @@ public abstract class SecurityConfig { return new ProviderManager(authProvider); } + @Order(2) @Bean - protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { setDefaultHttpSecurity(http); http + .securityMatchers(matchers -> matchers.requestMatchers("/**")) .authorizeHttpRequests(authz -> authz .anyRequest().authenticated() @@ -66,7 +78,7 @@ public abstract class SecurityConfig { return http.build(); } - public void setDefaultHttpSecurity(HttpSecurity http) throws Exception { + protected void setDefaultHttpSecurity(HttpSecurity http) throws Exception { http .csrf(AbstractHttpConfigurer::disable) .sessionManagement(session -> @@ -82,10 +94,29 @@ public abstract class SecurityConfig { ); } + protected abstract List getExcludeURI(); + @Order(1) @Bean - public WebSecurityCustomizer webSecurityCustomizer() { - return web -> web.ignoring() - .requestMatchers(SWAGGER_URI); + public SecurityFilterChain excludeFilterChain(HttpSecurity http) throws Exception { + List excludeURI = getExcludeURI(); + String[] ignoreURI; + if (excludeURI != null && !excludeURI.isEmpty()) { + excludeURI.addAll(Arrays.asList(IGNORE_URI)); + ignoreURI = excludeURI.toArray(new String[0]); + } else { + ignoreURI = IGNORE_URI; + } + + http + .securityMatchers(matchers -> matchers.requestMatchers(ignoreURI)) + .authorizeHttpRequests(authz -> authz.anyRequest().permitAll()) + .requestCache(RequestCacheConfigurer::disable) + .securityContext(AbstractHttpConfigurer::disable) + .sessionManagement(AbstractHttpConfigurer::disable) + ; + return http.build(); } + + } diff --git a/data/pty/src/main/java/kr/co/palnet/kac/data/pty/repository/PtyCstmrBasRepository.java b/data/pty/src/main/java/kr/co/palnet/kac/data/pty/repository/PtyCstmrBasRepository.java index f618693..dd965dc 100644 --- a/data/pty/src/main/java/kr/co/palnet/kac/data/pty/repository/PtyCstmrBasRepository.java +++ b/data/pty/src/main/java/kr/co/palnet/kac/data/pty/repository/PtyCstmrBasRepository.java @@ -6,6 +6,6 @@ import org.springframework.data.jpa.repository.Query; import org.springframework.data.repository.query.Param; public interface PtyCstmrBasRepository extends JpaRepository { - @Query("select b from PtyCstmrBas b inner join b.ptyCstmrDtl where b.userId = :userId") + @Query("select b from PtyCstmrBas b left join b.ptyCstmrDtl where b.userId = :userId") PtyCstmrBas findByUserId(@Param("userId") String userId); } diff --git a/http-client/http/auth.http b/http-client/http/auth.http index d8c7396..51f7f95 100644 --- a/http-client/http/auth.http +++ b/http-client/http/auth.http @@ -2,6 +2,7 @@ @userId = user @password = 1234 +# @no-cookie-jar POST {{host}}/v1/login Authorization: Bearer {{authToken}} // 토큰이 있을 경우 필터에 걸리는지 확인하기 위한 조치 Content-Type: application/json @@ -15,5 +16,8 @@ Content-Type: application/json client.global.set("authToken", response.headers.valueOf("Auth-Token")); %} +### PING +GET {{host}}/ping +