From 4c5a9efcc4adfab9af87ccce5af3b34b80407f97 Mon Sep 17 00:00:00 2001 From: cho Date: Thu, 8 Jan 2026 11:12:10 +0900 Subject: [PATCH] =?UTF-8?q?CA=20Token=20=EC=B2=98=EB=A6=AC=20=EC=B6=94?= =?UTF-8?q?=EA=B0=80=20=EB=B0=8F=20=EC=BD=94=EB=93=9C=EC=A0=95=EB=A6=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- elink-online-common | 2 +- elink-online-core | 2 +- elink-online-core-jpa | 2 +- elink-online-emsclient | 2 +- elink-online-transformer | 2 +- .../custom/BearerTokenContoller.java | 17 +--- .../authserver/custom/BearerTokenFilter.java | 77 --------------- .../authserver/custom/BearerTokenInfo.java | 49 ---------- .../authserver/custom/BearerTokenService.java | 97 ------------------- 9 files changed, 6 insertions(+), 244 deletions(-) delete mode 100644 src/main/java/com/eactive/eai/authserver/custom/BearerTokenFilter.java delete mode 100644 src/main/java/com/eactive/eai/authserver/custom/BearerTokenInfo.java delete mode 100644 src/main/java/com/eactive/eai/authserver/custom/BearerTokenService.java diff --git a/elink-online-common b/elink-online-common index 8d21eba..7d5fb8a 160000 --- a/elink-online-common +++ b/elink-online-common @@ -1 +1 @@ -Subproject commit 8d21eba5e8dc25d11ad315aa4559566cd3623bba +Subproject commit 7d5fb8afe4383d91c0061cbc8697c96f98a6e186 diff --git a/elink-online-core b/elink-online-core index 0f148e9..75e3d34 160000 --- a/elink-online-core +++ b/elink-online-core @@ -1 +1 @@ -Subproject commit 0f148e997ec808e01a013baa8ca7b0053a69fe22 +Subproject commit 75e3d3451c0965ad7bbf88a469211afb75f3dc5f diff --git a/elink-online-core-jpa b/elink-online-core-jpa index 2cd9c29..ea932d1 160000 --- a/elink-online-core-jpa +++ b/elink-online-core-jpa @@ -1 +1 @@ -Subproject commit 2cd9c29d4df228c1ffd7ed6471c8245510b19213 +Subproject commit ea932d1fddecd1f1fa8fc52959bcc6cfb455434a diff --git a/elink-online-emsclient b/elink-online-emsclient index f68423b..7cd000f 160000 --- a/elink-online-emsclient +++ b/elink-online-emsclient @@ -1 +1 @@ -Subproject commit f68423b40ecb5076990739f09f87ec62f7fd17ae +Subproject commit 7cd000f6927095a87d622c921ffe944a3802f3d7 diff --git a/elink-online-transformer b/elink-online-transformer index c3e2de4..c3234b6 160000 --- a/elink-online-transformer +++ b/elink-online-transformer @@ -1 +1 @@ -Subproject commit c3e2de482be0fa692a5133cf77e0e3dc86357b6e +Subproject commit c3234b623479a675ef869bddfc83318373539ac7 diff --git a/src/main/java/com/eactive/eai/authserver/custom/BearerTokenContoller.java b/src/main/java/com/eactive/eai/authserver/custom/BearerTokenContoller.java index d3d547f..44e32de 100644 --- a/src/main/java/com/eactive/eai/authserver/custom/BearerTokenContoller.java +++ b/src/main/java/com/eactive/eai/authserver/custom/BearerTokenContoller.java @@ -19,6 +19,7 @@ import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; import com.eactive.eai.adapter.http.dynamic.filter.JwtAuthException; +import com.eactive.eai.authserver.service.BearerTokenService; import com.eactive.eai.authserver.service.OAuth2Manager; import com.eactive.eai.common.util.Logger; import com.eactive.eai.common.util.MessageUtil; @@ -85,22 +86,6 @@ public class BearerTokenContoller { } } -// // 서비스용 Bearer Token 발급 -// @PostMapping("/service") -// public ResponseEntity issueFileToken(@RequestBody Map req) { -// String fileId = req.get("fileid"); -// -// String token = tokenService.generateFileToken(fileId); -// -// Map tokenMap = new HashMap<>(); -// tokenMap.put("token_type", "Bearer"); -// tokenMap.put("file_token", token); -// tokenMap.put("expires_in", "599"); -// tokenMap.put("expires_on", "1575593514"); -// tokenMap.put("resource", fileId); -// -// return ResponseEntity.ok(tokenMap); -// } private void veryfyClient(ClientDetails clientDetails, String clientSecret, Set scopeSet) throws JwtAuthException { if (!StringUtils.equals(clientDetails.getClientSecret(), clientSecret)) { throw new JwtAuthException("invalid_client", "Bad client credentials(client_secret is empty or not match)"); diff --git a/src/main/java/com/eactive/eai/authserver/custom/BearerTokenFilter.java b/src/main/java/com/eactive/eai/authserver/custom/BearerTokenFilter.java deleted file mode 100644 index 5ccb70c..0000000 --- a/src/main/java/com/eactive/eai/authserver/custom/BearerTokenFilter.java +++ /dev/null @@ -1,77 +0,0 @@ -package com.eactive.eai.authserver.custom; - -import java.io.IOException; -import java.util.Arrays; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.json.simple.JSONObject; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.stereotype.Component; -import org.springframework.web.filter.OncePerRequestFilter; - -import com.eactive.eai.adapter.http.dynamic.filter.JwtAuthException; -import com.eactive.eai.common.util.Logger; -import com.eactive.eai.common.util.MessageUtil; - -@Component -public class BearerTokenFilter extends OncePerRequestFilter{ - - public static Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT); - private final BearerTokenService tokenService; - - public static final String ERROR_AUTHENTICATION_FAIL = "E.AUTHENTICATION_FAIL"; - public static final String ERROR_AUTHORIZATION_FAIL = "E.AUTHORIZATION_FAIL"; - public static final String ERROR_TOKEN_EXPIRED = "E.TOKEN_EXPIRED"; - - public BearerTokenFilter(BearerTokenService tokenService) { - this.tokenService = tokenService; - } - - @Override - protected void doFilterInternal(HttpServletRequest request, - HttpServletResponse response, - FilterChain filterChain) throws IOException, ServletException { - try { - String auth = request.getHeader("Authorization"); - - if (auth != null && auth.startsWith("Bearer ")) { - String token = auth.substring(7); - - String clientId = null; - String fileId = null; - - if (tokenService.validateCA(token)) { - clientId = tokenService.getClientIdFromCA(token); - } else { - throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Access token is invalid or expired"); - } - -// if (fileId != null) { -// UsernamePasswordAuthenticationToken authentication = -// new UsernamePasswordAuthenticationToken(fileId, null, Arrays.asList()); -// SecurityContextHolder.getContext().setAuthentication(authentication); -// } - } - - filterChain.doFilter(request, response); - } catch (JwtAuthException jae) { - logger.debug(jae.getMessage()); - String errorJson = MessageUtil.makeJsonErrorMessage(MessageUtil.ERROR_CODE_AUTH_FAIL, jae.getMessage()); - response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); - response.setContentType("application/json;charset=UTF-8"); - response.getWriter().write(errorJson); - } catch (Exception e) { - logger.error(e.getMessage()); - String errorJson = MessageUtil.makeJsonErrorMessage(MessageUtil.ERROR_CODE_AP_ERROR, e.getMessage()); - response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - response.setContentType("application/json;charset=UTF-8"); - response.getWriter().write(errorJson); - } - } -} - diff --git a/src/main/java/com/eactive/eai/authserver/custom/BearerTokenInfo.java b/src/main/java/com/eactive/eai/authserver/custom/BearerTokenInfo.java deleted file mode 100644 index e5a37fb..0000000 --- a/src/main/java/com/eactive/eai/authserver/custom/BearerTokenInfo.java +++ /dev/null @@ -1,49 +0,0 @@ -package com.eactive.eai.authserver.custom; - -import java.util.Set; - -import com.fasterxml.jackson.annotation.JsonProperty; - -public class BearerTokenInfo { - @JsonProperty("client_id") - private String clientId; - private Long expiresIn; - private Long expiresAt; - private Set scopeSet; - - public String getClientId() { - return clientId; - } - - public void setClientId(String clientId) { - this.clientId = clientId; - } - - public Long getExpiresIn() { - return expiresIn; - } - - public void setExpiresIn(Long expiresIn) { - this.expiresIn = expiresIn; - } - - public Long getExpiresAt() { - return expiresAt; - } - - public void setExpiresAt(Long expiresIn) { - this.expiresAt = System.currentTimeMillis() + (expiresIn * 1000); - } - - public Set getScopeSet() { - return scopeSet; - } - - public void setScopeSet(Set scopeSet) { - this.scopeSet = scopeSet; - } - - public boolean isExpired() { - return System.currentTimeMillis() > expiresAt; - } -} diff --git a/src/main/java/com/eactive/eai/authserver/custom/BearerTokenService.java b/src/main/java/com/eactive/eai/authserver/custom/BearerTokenService.java deleted file mode 100644 index 3b01368..0000000 --- a/src/main/java/com/eactive/eai/authserver/custom/BearerTokenService.java +++ /dev/null @@ -1,97 +0,0 @@ -package com.eactive.eai.authserver.custom; - -import java.security.SecureRandom; -import java.util.Map; -import java.util.Set; -import java.util.UUID; -import java.util.concurrent.ConcurrentHashMap; -import java.util.stream.Collectors; -import java.util.stream.IntStream; - -import org.springframework.stereotype.Service; - -@Service -public class BearerTokenService { - - // CA 토큰 저장소 - private final Map CATokenStore = new ConcurrentHashMap<>(); - - // File 토큰 저장소 - private final Map fileTokenStore = new ConcurrentHashMap<>(); - -// // FileTransfer 토큰 저장소 -// private final Map fileTransferTokenStore = new ConcurrentHashMap<>(); - - public String generateCAToken(String clientId, Long expiresIn, Set scopeSet) { - String token = UUID.randomUUID().toString(); - - BearerTokenInfo CATokenInfo = new BearerTokenInfo(); - CATokenInfo.setClientId(clientId); - CATokenInfo.setExpiresIn(expiresIn); - CATokenInfo.setExpiresAt(expiresIn); - CATokenInfo.setScopeSet(scopeSet); - - CATokenStore.put(token, CATokenInfo); - - return token; - } - - public String generateFileToken(String fileId) { - //String token = UUID.randomUUID().toString().replace("-", ""); - String token = generateTokenString(987); - fileTokenStore.put(token, fileId); - return token; - } - -// public String generateFileTransferToken(String fileId) { -// //String token = UUID.randomUUID().toString().replace("-", ""); -// String token = generateTokenString(654); -// fileTransferTokenStore.put(token, fileId); -// return token; -// } - - public boolean validateCA(String token) { - BearerTokenInfo CATokenInfo = CATokenStore.get(token); - if (CATokenInfo == null) return false; - - if (CATokenInfo.isExpired()) { - CATokenStore.remove(token); - return false; - } - return CATokenStore.containsKey(token); - } - - public boolean validateFile(String token) { - return fileTokenStore.containsKey(token); - } - -// public boolean validateFileTransfer(String token) { -// return fileTransferTokenStore.containsKey(token); -// } - - public String getClientIdFromCA(String token) { - BearerTokenInfo CATokenInfo = CATokenStore.get(token); - return CATokenInfo.getClientId(); - } - - public String getFileIdFromFile(String token) { - return fileTokenStore.get(token); - } - -// public String getFileIdFromFileTransfer(String token) { -// return fileTransferTokenStore.get(token); -// } - - private static final String CHARACTERS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; - private static final SecureRandom secureRandom = new SecureRandom(); - - public static String generateTokenString(int length) { - // Java 8의 IntStream과 Collectors.joining을 사용한 효율적인 방법 - return IntStream.range(0, length) - .map(i -> secureRandom.nextInt(CHARACTERS.length())) - .mapToObj(CHARACTERS::charAt) - .map(String::valueOf) - .collect(Collectors.joining()); - } -} -