├── .gitignore ├── .mvn └── wrapper │ ├── MavenWrapperDownloader.java │ ├── maven-wrapper.jar │ └── maven-wrapper.properties ├── README.md ├── mvnw ├── mvnw.cmd ├── pom.xml └── src ├── main ├── java │ └── com │ │ └── cos │ │ └── jwtex01 │ │ ├── Jwtex01Application.java │ │ ├── config │ │ ├── CorsConfig.java │ │ ├── SecurityConfig.java │ │ ├── auth │ │ │ ├── PrincipalDetails.java │ │ │ └── PrincipalDetailsService.java │ │ └── jwt │ │ │ ├── JwtAuthenticationFilter.java │ │ │ ├── JwtAuthorizationFilter.java │ │ │ └── JwtProperties.java │ │ ├── controller │ │ └── RestApiController.java │ │ ├── dto │ │ └── LoginRequestDto.java │ │ ├── model │ │ └── User.java │ │ └── repository │ │ └── UserRepository.java └── resources │ └── application.yml └── test └── java └── com └── cos └── jwtex01 ├── Jwtex01ApplicationTests.java └── Test1.java /.gitignore: -------------------------------------------------------------------------------- 1 | HELP.md 2 | target/ 3 | !.mvn/wrapper/maven-wrapper.jar 4 | !**/src/main/**/target/ 5 | !**/src/test/**/target/ 6 | 7 | ### STS ### 8 | .apt_generated 9 | .classpath 10 | .factorypath 11 | .project 12 | .settings 13 | .springBeans 14 | .sts4-cache 15 | 16 | ### IntelliJ IDEA ### 17 | .idea 18 | *.iws 19 | *.iml 20 | *.ipr 21 | 22 | ### NetBeans ### 23 | /nbproject/private/ 24 | /nbbuild/ 25 | /dist/ 26 | /nbdist/ 27 | /.nb-gradle/ 28 | build/ 29 | !**/src/main/**/build/ 30 | !**/src/test/**/build/ 31 | 32 | ### VS Code ### 33 | .vscode/ 34 | -------------------------------------------------------------------------------- /.mvn/wrapper/MavenWrapperDownloader.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2007-present the original author or authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * https://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | import java.net.*; 17 | import java.io.*; 18 | import java.nio.channels.*; 19 | import java.util.Properties; 20 | 21 | public class MavenWrapperDownloader { 22 | 23 | private static final String WRAPPER_VERSION = "0.5.6"; 24 | /** 25 | * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided. 26 | */ 27 | private static final String DEFAULT_DOWNLOAD_URL = "https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/" 28 | + WRAPPER_VERSION + "/maven-wrapper-" + WRAPPER_VERSION + ".jar"; 29 | 30 | /** 31 | * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to 32 | * use instead of the default one. 33 | */ 34 | private static final String MAVEN_WRAPPER_PROPERTIES_PATH = 35 | ".mvn/wrapper/maven-wrapper.properties"; 36 | 37 | /** 38 | * Path where the maven-wrapper.jar will be saved to. 39 | */ 40 | private static final String MAVEN_WRAPPER_JAR_PATH = 41 | ".mvn/wrapper/maven-wrapper.jar"; 42 | 43 | /** 44 | * Name of the property which should be used to override the default download url for the wrapper. 45 | */ 46 | private static final String PROPERTY_NAME_WRAPPER_URL = "wrapperUrl"; 47 | 48 | public static void main(String args[]) { 49 | System.out.println("- Downloader started"); 50 | File baseDirectory = new File(args[0]); 51 | System.out.println("- Using base directory: " + baseDirectory.getAbsolutePath()); 52 | 53 | // If the maven-wrapper.properties exists, read it and check if it contains a custom 54 | // wrapperUrl parameter. 55 | File mavenWrapperPropertyFile = new File(baseDirectory, MAVEN_WRAPPER_PROPERTIES_PATH); 56 | String url = DEFAULT_DOWNLOAD_URL; 57 | if(mavenWrapperPropertyFile.exists()) { 58 | FileInputStream mavenWrapperPropertyFileInputStream = null; 59 | try { 60 | mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile); 61 | Properties mavenWrapperProperties = new Properties(); 62 | mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream); 63 | url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url); 64 | } catch (IOException e) { 65 | System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'"); 66 | } finally { 67 | try { 68 | if(mavenWrapperPropertyFileInputStream != null) { 69 | mavenWrapperPropertyFileInputStream.close(); 70 | } 71 | } catch (IOException e) { 72 | // Ignore ... 73 | } 74 | } 75 | } 76 | System.out.println("- Downloading from: " + url); 77 | 78 | File outputFile = new File(baseDirectory.getAbsolutePath(), MAVEN_WRAPPER_JAR_PATH); 79 | if(!outputFile.getParentFile().exists()) { 80 | if(!outputFile.getParentFile().mkdirs()) { 81 | System.out.println( 82 | "- ERROR creating output directory '" + outputFile.getParentFile().getAbsolutePath() + "'"); 83 | } 84 | } 85 | System.out.println("- Downloading to: " + outputFile.getAbsolutePath()); 86 | try { 87 | downloadFileFromURL(url, outputFile); 88 | System.out.println("Done"); 89 | System.exit(0); 90 | } catch (Throwable e) { 91 | System.out.println("- Error downloading"); 92 | e.printStackTrace(); 93 | System.exit(1); 94 | } 95 | } 96 | 97 | private static void downloadFileFromURL(String urlString, File destination) throws Exception { 98 | if (System.getenv("MVNW_USERNAME") != null && System.getenv("MVNW_PASSWORD") != null) { 99 | String username = System.getenv("MVNW_USERNAME"); 100 | char[] password = System.getenv("MVNW_PASSWORD").toCharArray(); 101 | Authenticator.setDefault(new Authenticator() { 102 | @Override 103 | protected PasswordAuthentication getPasswordAuthentication() { 104 | return new PasswordAuthentication(username, password); 105 | } 106 | }); 107 | } 108 | URL website = new URL(urlString); 109 | ReadableByteChannel rbc; 110 | rbc = Channels.newChannel(website.openStream()); 111 | FileOutputStream fos = new FileOutputStream(destination); 112 | fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE); 113 | fos.close(); 114 | rbc.close(); 115 | } 116 | 117 | } 118 | -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/codingspecialist/Springboot-Security-JWT-Easy/665aedc6c6a4069e7ae8be64f03a578abebbfd88/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.3/apache-maven-3.6.3-bin.zip 2 | wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 스프링부트 시큐리티 + JWT 2 | 3 | # 브랜치에 버전이 있습니다. 최신 버전인 version3 을 활용하세요 4 | 5 | # 업데이트된 다른 버전도 있습니다. 학생 분들이 커뮤니티에 올려준 링크 6 | +++ OAuth2.0 실습 소스 +++ 7 | 8 | https://github.com/hhmkorea/studySpringBoot/tree/main/security1 9 | 10 | +++ JWT 실습 소스 +++ 11 | 12 | https://github.com/hhmkorea/studySpringBoot/tree/main/jwt 13 | 14 | ## 리엑트 연동 참고 15 | https://bezkoder.com/spring-boot-react-jwt-auth/ 16 | 17 | ## 인증 18 | 19 | ### UsernamePasswordAuthenticationFilter 등록 20 | 21 | - attemptAuthentication() 함수를 오버라이딩 하고 아래와 같이 구현한다. 22 | - request의 username과 password를 ObjectMapper로 받는다. 23 | - 해당 username과 password로 UsernamePasswordAuthenticationToken을 생성한다. 24 | - UsernamePasswordAuthenticationToken으로 Authentication 객체를 만든다. 25 | - Authentication객체를 만들때 자동으로 UserDetailsService가 호출된다. 26 | - 그렇기 때문에 UserDetailsService를 상속하여 직접 서비스를 구현한다. 27 | - UserDetailsService를 통해서 리턴될 UserDetails을 커스텀해서 구현한다. 28 | 29 | ### AuthenticationProvider 관련 팁 30 | 31 | - authenticate() 함수가 호출 되면 인증 프로바이더가 유저 디테일 서비스의 32 | - loadUserByUsername(토큰의 첫번째 파라메터) 를 호출하고 33 | - UserDetails를 리턴받아서 토큰의 두번째 파라메터(credential)과 34 | - UserDetails(DB값)의 getPassword()함수로 비교해서 동일하면 35 | - Authentication 객체를 만들어서 필터체인으로 리턴해준다. 36 | - Tip: 인증 프로바이더의 디폴트 서비스는 UserDetailsService 타입 37 | - Tip: 인증 프로바이더의 디폴트 암호화 방식은 BCryptPasswordEncoder 38 | - 결론은 인증 프로바이더에게 알려줄 필요가 없음. 39 | 40 | ### AuthenticationProvder 커스터 마이징 방법 41 | 42 | ```java 43 | @Override 44 | protected void configure(AuthenticationManagerBuilder auth) { 45 | auth.authenticationProvider(authenticationProvider()); 46 | } 47 | 48 | @Bean 49 | DaoAuthenticationProvider authenticationProvider(){ 50 | DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider(); 51 | daoAuthenticationProvider.setPasswordEncoder(passwordEncoder()); 52 | daoAuthenticationProvider.setUserDetailsService(userPrincipalDetailsService); 53 | 54 | return daoAuthenticationProvider; 55 | } 56 | ``` 57 | 58 | ## 인가 59 | 60 | - Tip : JWT를 사용하면 UserDetailsService를 호출하지 않기 때문에 @AuthenticationPrincipal 사용 불가능.왜냐하면 @AuthenticationPrincipal은 UserDetailsService에서 리턴될 때 만들어지기 때문이다. 61 | 62 | - Tip : 토큰 검증 (이게 인증이기 때문에 AuthenticationManager도 필요 없음) 63 | 64 | - Tip : 스프링 시큐리티가 수행해주는 권한 처리를 위해 아래와 같이 토큰을 만들어서 Authentication 객체를 강제로 만들고 그걸 세션에 저장! 65 | 66 | ```java 67 | PrincipalDetails principalDetails = new PrincipalDetails(user); 68 | Authentication authentication = 69 | new UsernamePasswordAuthenticationToken( 70 | principalDetails, //나중에 컨트롤러에서 DI해서 쓸 때 사용하기 편함. 71 | null, // 패스워드는 모르니까 null 처리, 어차피 지금 인증하는게 아니니까!! 72 | principalDetails.getAuthorities()); 73 | 74 | // 강제로 시큐리티의 세션에 접근하여 값 저장 75 | SecurityContextHolder.getContext().setAuthentication(authentication); 76 | ``` 77 | 78 | ![blog](https://postfiles.pstatic.net/MjAyMDA4MTBfMzQg/MDAxNTk3MDM2OTc1NjQ0.3bgXzd_Bf7JoS1fsYIyGP1DAl9kQZ8IA-_WW74GyaFcg.Vtp4R4c4X1zakxFzEk212VqkTsQhI0bRmPZft9ZQ92og.PNG.getinthere/Screenshot_31.png?type=w773) 79 | 80 | ![blog](https://postfiles.pstatic.net/MjAyMDA4MTBfMjMy/MDAxNTk3MDM2OTc1NjM2.vXqNYRrbfievaF0YrELs8Rj-QW5gMmkoXRmIor3VDrEg.VR5lD5t-6T6FiFXd5bEopgLPR02oSuvzCjYNVFPlqaYg.PNG.getinthere/Screenshot_32.png?type=w773) 81 | -------------------------------------------------------------------------------- /mvnw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # https://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # ---------------------------------------------------------------------------- 20 | 21 | # ---------------------------------------------------------------------------- 22 | # Maven Start Up Batch script 23 | # 24 | # Required ENV vars: 25 | # ------------------ 26 | # JAVA_HOME - location of a JDK home dir 27 | # 28 | # Optional ENV vars 29 | # ----------------- 30 | # M2_HOME - location of maven2's installed home dir 31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven 32 | # e.g. to debug Maven itself, use 33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files 35 | # ---------------------------------------------------------------------------- 36 | 37 | if [ -z "$MAVEN_SKIP_RC" ] ; then 38 | 39 | if [ -f /etc/mavenrc ] ; then 40 | . /etc/mavenrc 41 | fi 42 | 43 | if [ -f "$HOME/.mavenrc" ] ; then 44 | . "$HOME/.mavenrc" 45 | fi 46 | 47 | fi 48 | 49 | # OS specific support. $var _must_ be set to either true or false. 50 | cygwin=false; 51 | darwin=false; 52 | mingw=false 53 | case "`uname`" in 54 | CYGWIN*) cygwin=true ;; 55 | MINGW*) mingw=true;; 56 | Darwin*) darwin=true 57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home 58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html 59 | if [ -z "$JAVA_HOME" ]; then 60 | if [ -x "/usr/libexec/java_home" ]; then 61 | export JAVA_HOME="`/usr/libexec/java_home`" 62 | else 63 | export JAVA_HOME="/Library/Java/Home" 64 | fi 65 | fi 66 | ;; 67 | esac 68 | 69 | if [ -z "$JAVA_HOME" ] ; then 70 | if [ -r /etc/gentoo-release ] ; then 71 | JAVA_HOME=`java-config --jre-home` 72 | fi 73 | fi 74 | 75 | if [ -z "$M2_HOME" ] ; then 76 | ## resolve links - $0 may be a link to maven's home 77 | PRG="$0" 78 | 79 | # need this for relative symlinks 80 | while [ -h "$PRG" ] ; do 81 | ls=`ls -ld "$PRG"` 82 | link=`expr "$ls" : '.*-> \(.*\)$'` 83 | if expr "$link" : '/.*' > /dev/null; then 84 | PRG="$link" 85 | else 86 | PRG="`dirname "$PRG"`/$link" 87 | fi 88 | done 89 | 90 | saveddir=`pwd` 91 | 92 | M2_HOME=`dirname "$PRG"`/.. 93 | 94 | # make it fully qualified 95 | M2_HOME=`cd "$M2_HOME" && pwd` 96 | 97 | cd "$saveddir" 98 | # echo Using m2 at $M2_HOME 99 | fi 100 | 101 | # For Cygwin, ensure paths are in UNIX format before anything is touched 102 | if $cygwin ; then 103 | [ -n "$M2_HOME" ] && 104 | M2_HOME=`cygpath --unix "$M2_HOME"` 105 | [ -n "$JAVA_HOME" ] && 106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 107 | [ -n "$CLASSPATH" ] && 108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"` 109 | fi 110 | 111 | # For Mingw, ensure paths are in UNIX format before anything is touched 112 | if $mingw ; then 113 | [ -n "$M2_HOME" ] && 114 | M2_HOME="`(cd "$M2_HOME"; pwd)`" 115 | [ -n "$JAVA_HOME" ] && 116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 117 | fi 118 | 119 | if [ -z "$JAVA_HOME" ]; then 120 | javaExecutable="`which javac`" 121 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then 122 | # readlink(1) is not available as standard on Solaris 10. 123 | readLink=`which readlink` 124 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then 125 | if $darwin ; then 126 | javaHome="`dirname \"$javaExecutable\"`" 127 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" 128 | else 129 | javaExecutable="`readlink -f \"$javaExecutable\"`" 130 | fi 131 | javaHome="`dirname \"$javaExecutable\"`" 132 | javaHome=`expr "$javaHome" : '\(.*\)/bin'` 133 | JAVA_HOME="$javaHome" 134 | export JAVA_HOME 135 | fi 136 | fi 137 | fi 138 | 139 | if [ -z "$JAVACMD" ] ; then 140 | if [ -n "$JAVA_HOME" ] ; then 141 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 142 | # IBM's JDK on AIX uses strange locations for the executables 143 | JAVACMD="$JAVA_HOME/jre/sh/java" 144 | else 145 | JAVACMD="$JAVA_HOME/bin/java" 146 | fi 147 | else 148 | JAVACMD="`which java`" 149 | fi 150 | fi 151 | 152 | if [ ! -x "$JAVACMD" ] ; then 153 | echo "Error: JAVA_HOME is not defined correctly." >&2 154 | echo " We cannot execute $JAVACMD" >&2 155 | exit 1 156 | fi 157 | 158 | if [ -z "$JAVA_HOME" ] ; then 159 | echo "Warning: JAVA_HOME environment variable is not set." 160 | fi 161 | 162 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher 163 | 164 | # traverses directory structure from process work directory to filesystem root 165 | # first directory with .mvn subdirectory is considered project base directory 166 | find_maven_basedir() { 167 | 168 | if [ -z "$1" ] 169 | then 170 | echo "Path not specified to find_maven_basedir" 171 | return 1 172 | fi 173 | 174 | basedir="$1" 175 | wdir="$1" 176 | while [ "$wdir" != '/' ] ; do 177 | if [ -d "$wdir"/.mvn ] ; then 178 | basedir=$wdir 179 | break 180 | fi 181 | # workaround for JBEAP-8937 (on Solaris 10/Sparc) 182 | if [ -d "${wdir}" ]; then 183 | wdir=`cd "$wdir/.."; pwd` 184 | fi 185 | # end of workaround 186 | done 187 | echo "${basedir}" 188 | } 189 | 190 | # concatenates all lines of a file 191 | concat_lines() { 192 | if [ -f "$1" ]; then 193 | echo "$(tr -s '\n' ' ' < "$1")" 194 | fi 195 | } 196 | 197 | BASE_DIR=`find_maven_basedir "$(pwd)"` 198 | if [ -z "$BASE_DIR" ]; then 199 | exit 1; 200 | fi 201 | 202 | ########################################################################################## 203 | # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central 204 | # This allows using the maven wrapper in projects that prohibit checking in binary data. 205 | ########################################################################################## 206 | if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then 207 | if [ "$MVNW_VERBOSE" = true ]; then 208 | echo "Found .mvn/wrapper/maven-wrapper.jar" 209 | fi 210 | else 211 | if [ "$MVNW_VERBOSE" = true ]; then 212 | echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..." 213 | fi 214 | if [ -n "$MVNW_REPOURL" ]; then 215 | jarUrl="$MVNW_REPOURL/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar" 216 | else 217 | jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar" 218 | fi 219 | while IFS="=" read key value; do 220 | case "$key" in (wrapperUrl) jarUrl="$value"; break ;; 221 | esac 222 | done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties" 223 | if [ "$MVNW_VERBOSE" = true ]; then 224 | echo "Downloading from: $jarUrl" 225 | fi 226 | wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" 227 | if $cygwin; then 228 | wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"` 229 | fi 230 | 231 | if command -v wget > /dev/null; then 232 | if [ "$MVNW_VERBOSE" = true ]; then 233 | echo "Found wget ... using wget" 234 | fi 235 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then 236 | wget "$jarUrl" -O "$wrapperJarPath" 237 | else 238 | wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath" 239 | fi 240 | elif command -v curl > /dev/null; then 241 | if [ "$MVNW_VERBOSE" = true ]; then 242 | echo "Found curl ... using curl" 243 | fi 244 | if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then 245 | curl -o "$wrapperJarPath" "$jarUrl" -f 246 | else 247 | curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f 248 | fi 249 | 250 | else 251 | if [ "$MVNW_VERBOSE" = true ]; then 252 | echo "Falling back to using Java to download" 253 | fi 254 | javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java" 255 | # For Cygwin, switch paths to Windows format before running javac 256 | if $cygwin; then 257 | javaClass=`cygpath --path --windows "$javaClass"` 258 | fi 259 | if [ -e "$javaClass" ]; then 260 | if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then 261 | if [ "$MVNW_VERBOSE" = true ]; then 262 | echo " - Compiling MavenWrapperDownloader.java ..." 263 | fi 264 | # Compiling the Java class 265 | ("$JAVA_HOME/bin/javac" "$javaClass") 266 | fi 267 | if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then 268 | # Running the downloader 269 | if [ "$MVNW_VERBOSE" = true ]; then 270 | echo " - Running MavenWrapperDownloader.java ..." 271 | fi 272 | ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR") 273 | fi 274 | fi 275 | fi 276 | fi 277 | ########################################################################################## 278 | # End of extension 279 | ########################################################################################## 280 | 281 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} 282 | if [ "$MVNW_VERBOSE" = true ]; then 283 | echo $MAVEN_PROJECTBASEDIR 284 | fi 285 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" 286 | 287 | # For Cygwin, switch paths to Windows format before running java 288 | if $cygwin; then 289 | [ -n "$M2_HOME" ] && 290 | M2_HOME=`cygpath --path --windows "$M2_HOME"` 291 | [ -n "$JAVA_HOME" ] && 292 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` 293 | [ -n "$CLASSPATH" ] && 294 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 295 | [ -n "$MAVEN_PROJECTBASEDIR" ] && 296 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` 297 | fi 298 | 299 | # Provide a "standardized" way to retrieve the CLI args that will 300 | # work with both Windows and non-Windows executions. 301 | MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@" 302 | export MAVEN_CMD_LINE_ARGS 303 | 304 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 305 | 306 | exec "$JAVACMD" \ 307 | $MAVEN_OPTS \ 308 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ 309 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ 310 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" 311 | -------------------------------------------------------------------------------- /mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM https://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Maven Start Up Batch script 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM M2_HOME - location of maven2's installed home dir 28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending 30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 31 | @REM e.g. to debug Maven itself, use 32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 34 | @REM ---------------------------------------------------------------------------- 35 | 36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 37 | @echo off 38 | @REM set title of command window 39 | title %0 40 | @REM enable echoing by setting MAVEN_BATCH_ECHO to 'on' 41 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 42 | 43 | @REM set %HOME% to equivalent of $HOME 44 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 45 | 46 | @REM Execute a user defined script before this one 47 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 48 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 49 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" 50 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" 51 | :skipRcPre 52 | 53 | @setlocal 54 | 55 | set ERROR_CODE=0 56 | 57 | @REM To isolate internal variables from possible post scripts, we use another setlocal 58 | @setlocal 59 | 60 | @REM ==== START VALIDATION ==== 61 | if not "%JAVA_HOME%" == "" goto OkJHome 62 | 63 | echo. 64 | echo Error: JAVA_HOME not found in your environment. >&2 65 | echo Please set the JAVA_HOME variable in your environment to match the >&2 66 | echo location of your Java installation. >&2 67 | echo. 68 | goto error 69 | 70 | :OkJHome 71 | if exist "%JAVA_HOME%\bin\java.exe" goto init 72 | 73 | echo. 74 | echo Error: JAVA_HOME is set to an invalid directory. >&2 75 | echo JAVA_HOME = "%JAVA_HOME%" >&2 76 | echo Please set the JAVA_HOME variable in your environment to match the >&2 77 | echo location of your Java installation. >&2 78 | echo. 79 | goto error 80 | 81 | @REM ==== END VALIDATION ==== 82 | 83 | :init 84 | 85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 86 | @REM Fallback to current working directory if not found. 87 | 88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 90 | 91 | set EXEC_DIR=%CD% 92 | set WDIR=%EXEC_DIR% 93 | :findBaseDir 94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 95 | cd .. 96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 97 | set WDIR=%CD% 98 | goto findBaseDir 99 | 100 | :baseDirFound 101 | set MAVEN_PROJECTBASEDIR=%WDIR% 102 | cd "%EXEC_DIR%" 103 | goto endDetectBaseDir 104 | 105 | :baseDirNotFound 106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 107 | cd "%EXEC_DIR%" 108 | 109 | :endDetectBaseDir 110 | 111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 112 | 113 | @setlocal EnableExtensions EnableDelayedExpansion 114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 116 | 117 | :endReadAdditionalConfig 118 | 119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 120 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" 121 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 122 | 123 | set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar" 124 | 125 | FOR /F "tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( 126 | IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B 127 | ) 128 | 129 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central 130 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data. 131 | if exist %WRAPPER_JAR% ( 132 | if "%MVNW_VERBOSE%" == "true" ( 133 | echo Found %WRAPPER_JAR% 134 | ) 135 | ) else ( 136 | if not "%MVNW_REPOURL%" == "" ( 137 | SET DOWNLOAD_URL="%MVNW_REPOURL%/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar" 138 | ) 139 | if "%MVNW_VERBOSE%" == "true" ( 140 | echo Couldn't find %WRAPPER_JAR%, downloading it ... 141 | echo Downloading from: %DOWNLOAD_URL% 142 | ) 143 | 144 | powershell -Command "&{"^ 145 | "$webclient = new-object System.Net.WebClient;"^ 146 | "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^ 147 | "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^ 148 | "}"^ 149 | "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^ 150 | "}" 151 | if "%MVNW_VERBOSE%" == "true" ( 152 | echo Finished downloading %WRAPPER_JAR% 153 | ) 154 | ) 155 | @REM End of extension 156 | 157 | @REM Provide a "standardized" way to retrieve the CLI args that will 158 | @REM work with both Windows and non-Windows executions. 159 | set MAVEN_CMD_LINE_ARGS=%* 160 | 161 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* 162 | if ERRORLEVEL 1 goto error 163 | goto end 164 | 165 | :error 166 | set ERROR_CODE=1 167 | 168 | :end 169 | @endlocal & set ERROR_CODE=%ERROR_CODE% 170 | 171 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost 172 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 173 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" 174 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" 175 | :skipRcPost 176 | 177 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 178 | if "%MAVEN_BATCH_PAUSE%" == "on" pause 179 | 180 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% 181 | 182 | exit /B %ERROR_CODE% 183 | -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 4.0.0 6 | 7 | org.springframework.boot 8 | spring-boot-starter-parent 9 | 2.3.2.RELEASE 10 | 11 | 12 | com.cos 13 | jwtex01 14 | 0.0.1-SNAPSHOT 15 | jwtex01 16 | Demo project for Spring Boot 17 | 18 | 19 | 8 20 | 21 | 22 | 23 | 24 | com.auth0 25 | java-jwt 26 | 3.4.1 27 | 28 | 29 | 30 | org.springframework.boot 31 | spring-boot-starter-data-jpa 32 | 33 | 34 | org.springframework.boot 35 | spring-boot-starter-security 36 | 37 | 38 | org.springframework.boot 39 | spring-boot-starter-web 40 | 41 | 42 | 43 | org.springframework.boot 44 | spring-boot-devtools 45 | runtime 46 | true 47 | 48 | 49 | mysql 50 | mysql-connector-java 51 | runtime 52 | 53 | 54 | org.projectlombok 55 | lombok 56 | true 57 | 58 | 59 | org.springframework.boot 60 | spring-boot-starter-test 61 | test 62 | 63 | 64 | org.junit.vintage 65 | junit-vintage-engine 66 | 67 | 68 | 69 | 70 | org.springframework.security 71 | spring-security-test 72 | test 73 | 74 | 75 | 76 | 77 | 78 | 79 | org.springframework.boot 80 | spring-boot-maven-plugin 81 | 82 | 83 | 84 | 85 | 86 | -------------------------------------------------------------------------------- /src/main/java/com/cos/jwtex01/Jwtex01Application.java: -------------------------------------------------------------------------------- 1 | package com.cos.jwtex01; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class Jwtex01Application { 8 | 9 | @Bean 10 | public BCryptPasswordEncoder passwordEncoder() { 11 | return new BCryptPasswordEncoder(); 12 | } 13 | 14 | public static void main(String[] args) { 15 | SpringApplication.run(Jwtex01Application.class, args); 16 | } 17 | 18 | } 19 | -------------------------------------------------------------------------------- /src/main/java/com/cos/jwtex01/config/CorsConfig.java: -------------------------------------------------------------------------------- 1 | package com.cos.jwtex01.config; 2 | 3 | import org.springframework.context.annotation.Bean; 4 | import org.springframework.context.annotation.Configuration; 5 | import org.springframework.web.cors.CorsConfiguration; 6 | import org.springframework.web.cors.UrlBasedCorsConfigurationSource; 7 | import org.springframework.web.filter.CorsFilter; 8 | 9 | @Configuration 10 | public class CorsConfig { 11 | 12 | @Bean 13 | public CorsFilter corsFilter() { 14 | UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); 15 | CorsConfiguration config = new CorsConfiguration(); 16 | config.setAllowCredentials(true); 17 | config.addAllowedOrigin("*"); // e.g. http://domain1.com 18 | config.addAllowedHeader("*"); 19 | config.addAllowedMethod("*"); 20 | 21 | source.registerCorsConfiguration("/api/**", config); 22 | return new CorsFilter(source); 23 | } 24 | 25 | } 26 | -------------------------------------------------------------------------------- /src/main/java/com/cos/jwtex01/config/SecurityConfig.java: -------------------------------------------------------------------------------- 1 | package com.cos.jwtex01.config; 2 | 3 | 4 | 5 | import org.springframework.beans.factory.annotation.Autowired; 6 | import org.springframework.context.annotation.Bean; 7 | import org.springframework.context.annotation.Configuration; 8 | import org.springframework.security.authentication.AuthenticationManager; 9 | import org.springframework.security.config.annotation.web.builders.HttpSecurity; 10 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 11 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 12 | import org.springframework.security.config.http.SessionCreationPolicy; 13 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 14 | 15 | import com.cos.jwtex01.config.jwt.JwtAuthenticationFilter; 16 | import com.cos.jwtex01.config.jwt.JwtAuthorizationFilter; 17 | import com.cos.jwtex01.repository.UserRepository; 18 | 19 | @Configuration 20 | @EnableWebSecurity // 시큐리티 활성화 -> 기본 스프링 필터체인에 등록 21 | public class SecurityConfig extends WebSecurityConfigurerAdapter{ 22 | 23 | @Autowired 24 | private UserRepository userRepository; 25 | 26 | @Autowired 27 | private CorsConfig corsConfig; 28 | 29 | @Override 30 | protected void configure(HttpSecurity http) throws Exception { 31 | http 32 | .addFilter(corsConfig.corsFilter()) 33 | .csrf().disable() 34 | .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) 35 | .and() 36 | .formLogin().disable() 37 | .httpBasic().disable() 38 | 39 | .addFilter(new JwtAuthenticationFilter(authenticationManager())) 40 | .addFilter(new JwtAuthorizationFilter(authenticationManager(), userRepository)) 41 | .authorizeRequests() 42 | .antMatchers("/api/v1/user/**") 43 | .access("hasRole('ROLE_USER') or hasRole('ROLE_MANAGER') or hasRole('ROLE_ADMIN')") 44 | .antMatchers("/api/v1/manager/**") 45 | .access("hasRole('ROLE_MANAGER') or hasRole('ROLE_ADMIN')") 46 | .antMatchers("/api/v1/admin/**") 47 | .access("hasRole('ROLE_ADMIN')") 48 | .anyRequest().permitAll(); 49 | } 50 | } 51 | 52 | 53 | 54 | 55 | 56 | 57 | -------------------------------------------------------------------------------- /src/main/java/com/cos/jwtex01/config/auth/PrincipalDetails.java: -------------------------------------------------------------------------------- 1 | package com.cos.jwtex01.config.auth; 2 | 3 | import java.util.ArrayList; 4 | import java.util.Collection; 5 | 6 | import org.springframework.security.core.GrantedAuthority; 7 | import org.springframework.security.core.userdetails.UserDetails; 8 | 9 | import com.cos.jwtex01.model.User; 10 | 11 | public class PrincipalDetails implements UserDetails{ 12 | 13 | private User user; 14 | 15 | public PrincipalDetails(User user){ 16 | this.user = user; 17 | } 18 | 19 | public User getUser() { 20 | return user; 21 | } 22 | 23 | @Override 24 | public String getPassword() { 25 | return user.getPassword(); 26 | } 27 | 28 | @Override 29 | public String getUsername() { 30 | return user.getUsername(); 31 | } 32 | 33 | @Override 34 | public boolean isAccountNonExpired() { 35 | return true; 36 | } 37 | 38 | @Override 39 | public boolean isAccountNonLocked() { 40 | return true; 41 | } 42 | 43 | @Override 44 | public boolean isCredentialsNonExpired() { 45 | return true; 46 | } 47 | 48 | @Override 49 | public boolean isEnabled() { 50 | return true; 51 | } 52 | 53 | @Override 54 | public Collection getAuthorities() { 55 | Collection authorities = new ArrayList(); 56 | user.getRoleList().forEach(r -> { 57 | authorities.add(()->{ return r;}); 58 | }); 59 | return authorities; 60 | } 61 | } 62 | -------------------------------------------------------------------------------- /src/main/java/com/cos/jwtex01/config/auth/PrincipalDetailsService.java: -------------------------------------------------------------------------------- 1 | package com.cos.jwtex01.config.auth; 2 | 3 | import org.springframework.security.core.userdetails.UserDetails; 4 | import org.springframework.security.core.userdetails.UserDetailsService; 5 | import org.springframework.security.core.userdetails.UsernameNotFoundException; 6 | import org.springframework.stereotype.Service; 7 | 8 | import com.cos.jwtex01.model.User; 9 | import com.cos.jwtex01.repository.UserRepository; 10 | 11 | import lombok.RequiredArgsConstructor; 12 | 13 | @Service 14 | @RequiredArgsConstructor 15 | public class PrincipalDetailsService implements UserDetailsService{ 16 | 17 | private final UserRepository userRepository; 18 | 19 | @Override 20 | public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 21 | System.out.println("PrincipalDetailsService : 진입"); 22 | User user = userRepository.findByUsername(username); 23 | 24 | // session.setAttribute("loginUser", user); 25 | return new PrincipalDetails(user); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/main/java/com/cos/jwtex01/config/jwt/JwtAuthenticationFilter.java: -------------------------------------------------------------------------------- 1 | package com.cos.jwtex01.config.jwt; 2 | 3 | import java.io.IOException; 4 | import java.util.Date; 5 | 6 | import javax.servlet.FilterChain; 7 | import javax.servlet.ServletException; 8 | import javax.servlet.http.Cookie; 9 | import javax.servlet.http.HttpServletRequest; 10 | import javax.servlet.http.HttpServletResponse; 11 | 12 | import org.springframework.context.annotation.Configuration; 13 | import org.springframework.security.authentication.AuthenticationManager; 14 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; 15 | import org.springframework.security.core.Authentication; 16 | import org.springframework.security.core.AuthenticationException; 17 | import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; 18 | 19 | import com.auth0.jwt.JWT; 20 | import com.auth0.jwt.algorithms.Algorithm; 21 | import com.cos.jwtex01.config.auth.PrincipalDetails; 22 | import com.cos.jwtex01.dto.LoginRequestDto; 23 | import com.fasterxml.jackson.databind.ObjectMapper; 24 | 25 | import lombok.RequiredArgsConstructor; 26 | 27 | @RequiredArgsConstructor 28 | public class JwtAuthenticationFilter extends UsernamePasswordAuthenticationFilter{ 29 | 30 | private final AuthenticationManager authenticationManager; 31 | 32 | // Authentication 객체 만들어서 리턴 => 의존 : AuthenticationManager 33 | // 인증 요청시에 실행되는 함수 => /login 34 | @Override 35 | public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) 36 | throws AuthenticationException { 37 | 38 | System.out.println("JwtAuthenticationFilter : 진입"); 39 | 40 | // request에 있는 username과 password를 파싱해서 자바 Object로 받기 41 | ObjectMapper om = new ObjectMapper(); 42 | LoginRequestDto loginRequestDto = null; 43 | try { 44 | loginRequestDto = om.readValue(request.getInputStream(), LoginRequestDto.class); 45 | } catch (Exception e) { 46 | e.printStackTrace(); 47 | } 48 | 49 | System.out.println("JwtAuthenticationFilter : "+loginRequestDto); 50 | 51 | // 유저네임패스워드 토큰 생성 52 | UsernamePasswordAuthenticationToken authenticationToken = 53 | new UsernamePasswordAuthenticationToken( 54 | loginRequestDto.getUsername(), 55 | loginRequestDto.getPassword()); 56 | 57 | System.out.println("JwtAuthenticationFilter : 토큰생성완료"); 58 | 59 | // authenticate() 함수가 호출 되면 인증 프로바이더가 유저 디테일 서비스의 60 | // loadUserByUsername(토큰의 첫번째 파라메터) 를 호출하고 61 | // UserDetails를 리턴받아서 토큰의 두번째 파라메터(credential)과 62 | // UserDetails(DB값)의 getPassword()함수로 비교해서 동일하면 63 | // Authentication 객체를 만들어서 필터체인으로 리턴해준다. 64 | 65 | // Tip: 인증 프로바이더의 디폴트 서비스는 UserDetailsService 타입 66 | // Tip: 인증 프로바이더의 디폴트 암호화 방식은 BCryptPasswordEncoder 67 | // 결론은 인증 프로바이더에게 알려줄 필요가 없음. 68 | Authentication authentication = 69 | authenticationManager.authenticate(authenticationToken); 70 | 71 | PrincipalDetails principalDetailis = (PrincipalDetails) authentication.getPrincipal(); 72 | System.out.println("Authentication : "+principalDetailis.getUser().getUsername()); 73 | return authentication; 74 | } 75 | 76 | // JWT Token 생성해서 response에 담아주기 77 | @Override 78 | protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, 79 | Authentication authResult) throws IOException, ServletException { 80 | 81 | PrincipalDetails principalDetailis = (PrincipalDetails) authResult.getPrincipal(); 82 | 83 | String jwtToken = JWT.create() 84 | .withSubject(principalDetailis.getUsername()) 85 | .withExpiresAt(new Date(System.currentTimeMillis()+JwtProperties.EXPIRATION_TIME)) 86 | .withClaim("id", principalDetailis.getUser().getId()) 87 | .withClaim("username", principalDetailis.getUser().getUsername()) 88 | .sign(Algorithm.HMAC512(JwtProperties.SECRET)); 89 | 90 | response.addHeader(JwtProperties.HEADER_STRING, JwtProperties.TOKEN_PREFIX+jwtToken); 91 | } 92 | 93 | } 94 | -------------------------------------------------------------------------------- /src/main/java/com/cos/jwtex01/config/jwt/JwtAuthorizationFilter.java: -------------------------------------------------------------------------------- 1 | package com.cos.jwtex01.config.jwt; 2 | 3 | import java.io.IOException; 4 | 5 | import javax.servlet.FilterChain; 6 | import javax.servlet.ServletException; 7 | import javax.servlet.http.HttpServletRequest; 8 | import javax.servlet.http.HttpServletResponse; 9 | 10 | import org.springframework.security.authentication.AuthenticationManager; 11 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; 12 | import org.springframework.security.core.Authentication; 13 | import org.springframework.security.core.context.SecurityContextHolder; 14 | import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; 15 | 16 | import com.auth0.jwt.JWT; 17 | import com.auth0.jwt.algorithms.Algorithm; 18 | import com.cos.jwtex01.config.auth.PrincipalDetails; 19 | import com.cos.jwtex01.model.User; 20 | import com.cos.jwtex01.repository.UserRepository; 21 | 22 | // 인가 23 | public class JwtAuthorizationFilter extends BasicAuthenticationFilter{ 24 | 25 | private UserRepository userRepository; 26 | 27 | public JwtAuthorizationFilter(AuthenticationManager authenticationManager, UserRepository userRepository) { 28 | super(authenticationManager); 29 | this.userRepository = userRepository; 30 | } 31 | 32 | @Override 33 | protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) 34 | throws IOException, ServletException { 35 | String header = request.getHeader(JwtProperties.HEADER_STRING); 36 | if(header == null || !header.startsWith(JwtProperties.TOKEN_PREFIX)) { 37 | chain.doFilter(request, response); 38 | return; 39 | } 40 | System.out.println("header : "+header); 41 | String token = request.getHeader(JwtProperties.HEADER_STRING) 42 | .replace(JwtProperties.TOKEN_PREFIX, ""); 43 | 44 | // 토큰 검증 (이게 인증이기 때문에 AuthenticationManager도 필요 없음) 45 | // 내가 SecurityContext에 집적접근해서 세션을 만들때 자동으로 UserDetailsService에 있는 loadByUsername이 호출됨. 46 | String username = JWT.require(Algorithm.HMAC512(JwtProperties.SECRET)).build().verify(token) 47 | .getClaim("username").asString(); 48 | 49 | if(username != null) { 50 | User user = userRepository.findByUsername(username); 51 | 52 | // 인증은 토큰 검증시 끝. 인증을 하기 위해서가 아닌 스프링 시큐리티가 수행해주는 권한 처리를 위해 53 | // 아래와 같이 토큰을 만들어서 Authentication 객체를 강제로 만들고 그걸 세션에 저장! 54 | PrincipalDetails principalDetails = new PrincipalDetails(user); 55 | Authentication authentication = 56 | new UsernamePasswordAuthenticationToken( 57 | principalDetails, //나중에 컨트롤러에서 DI해서 쓸 때 사용하기 편함. 58 | null, // 패스워드는 모르니까 null 처리, 어차피 지금 인증하는게 아니니까!! 59 | principalDetails.getAuthorities()); 60 | 61 | // 강제로 시큐리티의 세션에 접근하여 값 저장 62 | SecurityContextHolder.getContext().setAuthentication(authentication); 63 | } 64 | 65 | chain.doFilter(request, response); 66 | } 67 | 68 | } 69 | -------------------------------------------------------------------------------- /src/main/java/com/cos/jwtex01/config/jwt/JwtProperties.java: -------------------------------------------------------------------------------- 1 | package com.cos.jwtex01.config.jwt; 2 | 3 | public interface JwtProperties { 4 | String SECRET = "조익현"; // 우리 서버만 알고 있는 비밀값 5 | int EXPIRATION_TIME = 864000000; // 10일 (1/1000초) 6 | String TOKEN_PREFIX = "Bearer "; 7 | String HEADER_STRING = "Authorization"; 8 | } 9 | -------------------------------------------------------------------------------- /src/main/java/com/cos/jwtex01/controller/RestApiController.java: -------------------------------------------------------------------------------- 1 | package com.cos.jwtex01.controller; 2 | 3 | import java.util.List; 4 | 5 | import org.springframework.security.core.Authentication; 6 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 7 | import org.springframework.web.bind.annotation.GetMapping; 8 | import org.springframework.web.bind.annotation.PostMapping; 9 | import org.springframework.web.bind.annotation.RequestBody; 10 | import org.springframework.web.bind.annotation.RequestMapping; 11 | import org.springframework.web.bind.annotation.RestController; 12 | 13 | import com.cos.jwtex01.config.auth.PrincipalDetails; 14 | import com.cos.jwtex01.model.User; 15 | import com.cos.jwtex01.repository.UserRepository; 16 | 17 | import lombok.RequiredArgsConstructor; 18 | 19 | @RestController 20 | @RequestMapping("api/v1") 21 | @RequiredArgsConstructor 22 | // @CrossOrigin // CORS 허용 23 | public class RestApiController { 24 | 25 | private final UserRepository userRepository; 26 | private final BCryptPasswordEncoder bCryptPasswordEncoder; 27 | 28 | // 모든 사람이 접근 가능 29 | @GetMapping("home") 30 | public String home() { 31 | return "

home

"; 32 | } 33 | 34 | // Tip : JWT를 사용하면 UserDetailsService를 호출하지 않기 때문에 @AuthenticationPrincipal 사용 불가능. 35 | // 왜냐하면 @AuthenticationPrincipal은 UserDetailsService에서 리턴될 때 만들어지기 때문이다. 36 | 37 | // 유저 혹은 매니저 혹은 어드민이 접근 가능 38 | @GetMapping("user") 39 | public String user(Authentication authentication) { 40 | PrincipalDetails principal = (PrincipalDetails) authentication.getPrincipal(); 41 | System.out.println("principal : "+principal.getUser().getId()); 42 | System.out.println("principal : "+principal.getUser().getUsername()); 43 | System.out.println("principal : "+principal.getUser().getPassword()); 44 | 45 | return "

user

"; 46 | } 47 | 48 | // 매니저 혹은 어드민이 접근 가능 49 | @GetMapping("manager/reports") 50 | public String reports() { 51 | return "

reports

"; 52 | } 53 | 54 | // 어드민이 접근 가능 55 | @GetMapping("admin/users") 56 | public List users(){ 57 | return userRepository.findAll(); 58 | } 59 | 60 | @PostMapping("join") 61 | public String join(@RequestBody User user) { 62 | user.setPassword(bCryptPasswordEncoder.encode(user.getPassword())); 63 | user.setRoles("ROLE_USER"); 64 | userRepository.save(user); 65 | return "회원가입완료"; 66 | } 67 | 68 | } 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | -------------------------------------------------------------------------------- /src/main/java/com/cos/jwtex01/dto/LoginRequestDto.java: -------------------------------------------------------------------------------- 1 | package com.cos.jwtex01.dto; 2 | 3 | import lombok.Data; 4 | 5 | @Data 6 | public class LoginRequestDto { 7 | private String username; 8 | private String password; 9 | } 10 | -------------------------------------------------------------------------------- /src/main/java/com/cos/jwtex01/model/User.java: -------------------------------------------------------------------------------- 1 | package com.cos.jwtex01.model; 2 | 3 | import javax.persistence.*; 4 | 5 | import lombok.Data; 6 | 7 | import java.util.ArrayList; 8 | import java.util.Arrays; 9 | import java.util.List; 10 | 11 | @Entity 12 | @Data 13 | public class User { 14 | 15 | @Id 16 | @GeneratedValue(strategy = GenerationType.AUTO) 17 | private long id; 18 | private String username; 19 | private String password; 20 | private String roles; 21 | 22 | // ENUM으로 안하고 ,로 해서 구분해서 ROLE을 입력 -> 그걸 파싱!! 23 | public List getRoleList(){ 24 | if(this.roles.length() > 0){ 25 | return Arrays.asList(this.roles.split(",")); 26 | } 27 | return new ArrayList<>(); 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /src/main/java/com/cos/jwtex01/repository/UserRepository.java: -------------------------------------------------------------------------------- 1 | package com.cos.jwtex01.repository; 2 | 3 | import org.springframework.data.jpa.repository.JpaRepository; 4 | 5 | import com.cos.jwtex01.model.User; 6 | 7 | public interface UserRepository extends JpaRepository{ 8 | User findByUsername(String username); 9 | } 10 | -------------------------------------------------------------------------------- /src/main/resources/application.yml: -------------------------------------------------------------------------------- 1 | server: 2 | port: 8080 3 | servlet: 4 | context-path: / 5 | encoding: 6 | charset: UTF-8 7 | enabled: true 8 | force: true 9 | 10 | spring: 11 | datasource: 12 | driver-class-name: com.mysql.cj.jdbc.Driver 13 | url: jdbc:mysql://localhost:3306/security?serverTimezone=Asia/Seoul 14 | username: cos 15 | password: cos1234 16 | 17 | jpa: 18 | hibernate: 19 | ddl-auto: update #create update none 20 | naming: 21 | physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl 22 | show-sql: true 23 | -------------------------------------------------------------------------------- /src/test/java/com/cos/jwtex01/Jwtex01ApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.cos.jwtex01; 2 | 3 | import org.junit.jupiter.api.Test; 4 | import org.springframework.boot.test.context.SpringBootTest; 5 | 6 | @SpringBootTest 7 | class Jwtex01ApplicationTests { 8 | 9 | @Test 10 | void contextLoads() { 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /src/test/java/com/cos/jwtex01/Test1.java: -------------------------------------------------------------------------------- 1 | package com.cos.jwtex01; 2 | 3 | import java.util.Arrays; 4 | import java.util.List; 5 | 6 | import org.junit.jupiter.api.Test; 7 | 8 | public class Test1 { 9 | 10 | @Test 11 | public void 컬렉션_테스트() { 12 | String[] str = {"ROLE_USER", "ROLE_ADMIN", "ROLE_MANAGER"}; 13 | List list = Arrays.asList(str); 14 | for (String s : list) { 15 | System.out.println(s); 16 | } 17 | } 18 | } 19 | --------------------------------------------------------------------------------