에러 포맷 통일.
This commit is contained in:
+122
@@ -0,0 +1,122 @@
|
||||
package com.eactive.eai.authserver.config;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.time.LocalDateTime;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
|
||||
|
||||
import com.eactive.eai.authserver.dao.TokenIssuanceLogDAO;
|
||||
import com.eactive.eai.authserver.service.OAuth2Manager;
|
||||
import com.eactive.eai.authserver.vo.ClientVO;
|
||||
import com.eactive.eai.common.logger.EAIDBLogControl;
|
||||
import com.eactive.eai.common.util.Logger;
|
||||
import com.eactive.eai.common.util.MessageUtil;
|
||||
import com.eactive.eai.data.entity.onl.authserver.TokenIssuanceLog;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
|
||||
public class CustomOAuth2AuthenticationEntryPoint extends OAuth2AuthenticationEntryPoint {
|
||||
|
||||
static Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
|
||||
|
||||
private final ObjectMapper objectMapper = new ObjectMapper();
|
||||
|
||||
private final TokenIssuanceLogDAO tokenIssuanceLogDAO;
|
||||
|
||||
public CustomOAuth2AuthenticationEntryPoint(TokenIssuanceLogDAO dao) {
|
||||
this.tokenIssuanceLogDAO = dao;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void commence(HttpServletRequest request,
|
||||
HttpServletResponse response,
|
||||
AuthenticationException authException) throws IOException {
|
||||
|
||||
try {
|
||||
RequestContextData data = new RequestContextData();
|
||||
data.setClientId(request.getParameter("client_id"));
|
||||
data.setIpAddress(extractIpAddress(request));
|
||||
data.setGrantType(request.getParameter("grant_type"));
|
||||
data.setScope(request.getParameter("scope"));
|
||||
data.setUsername(request.getParameter("username"));
|
||||
data.setResource(request.getParameter("resource"));
|
||||
|
||||
RequestContextData.ThreadLocalRequestContext.set(data);
|
||||
logTokenIssuance(false,false, authException.getMessage(), null);
|
||||
} finally {
|
||||
RequestContextData.ThreadLocalRequestContext.clear();
|
||||
}
|
||||
|
||||
response.setContentType("application/json;charset=UTF-8");
|
||||
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
|
||||
String errorMessage = MessageUtil.makeJsonErrorMessage(MessageUtil.ERROR_CODE_AUTH_FAIL, authException.getMessage());
|
||||
|
||||
response.getWriter().write(errorMessage);
|
||||
response.getWriter().flush();
|
||||
}
|
||||
|
||||
private String extractIpAddress(HttpServletRequest request) {
|
||||
String ipAddress = request.getHeader("X-Forwarded-For");
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getHeader("Proxy-Client-IP");
|
||||
}
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getHeader("WL-Proxy-Client-IP");
|
||||
}
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getHeader("HTTP_CLIENT_IP");
|
||||
}
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getHeader("HTTP_X_FORWARDED_FOR");
|
||||
}
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getRemoteAddr();
|
||||
}
|
||||
return ipAddress;
|
||||
}
|
||||
|
||||
private void logTokenIssuance(boolean isSuccess, boolean isRestrictionExempt, String resultMessage, String accessToken) {
|
||||
try {
|
||||
if (!EAIDBLogControl.isEnable()) {
|
||||
logger.warn("DB logging is disabled. Skipping token issuance logging.");
|
||||
return;
|
||||
}
|
||||
RequestContextData data = RequestContextData.ThreadLocalRequestContext.get();
|
||||
OAuth2Manager.getInstance();
|
||||
|
||||
TokenIssuanceLog log = new TokenIssuanceLog();
|
||||
String clientId = data.getClientId();
|
||||
log.setClientId(clientId);
|
||||
|
||||
if(StringUtils.isNotBlank(clientId)) {
|
||||
ClientVO clientVO = OAuth2Manager.getInstance().getClientInfo(clientId);
|
||||
log.setAppName(clientVO.getClientName());
|
||||
log.setOrgId(clientVO.getOrgId());
|
||||
log.setOrgName(clientVO.getOrgName());
|
||||
}
|
||||
|
||||
log.setGrantType(data.getGrantType());
|
||||
log.setScope(data.getScope());
|
||||
log.setIpAddress(data.getIpAddress());
|
||||
log.setSuccessYn(isSuccess ? "Y" : "N");
|
||||
log.setIssuanceDateTime(LocalDateTime.now());
|
||||
log.setRestrictionExemptYn(isRestrictionExempt ? "Y" : "N");
|
||||
log.setResultMessage(resultMessage);
|
||||
log.setAccessToken(accessToken); // Add access token value to the log
|
||||
|
||||
logger.info("Token request[/oauth/token or /oauth2/token] => clientId: {}, grantType: {}, scope: {}",
|
||||
clientId, data.getGrantType(), data.getScope());
|
||||
|
||||
tokenIssuanceLogDAO.saveTokenIssuanceLog(log);
|
||||
} catch (Throwable th) {
|
||||
logger.error("Error while logging token issuance: " + th.getMessage(), th);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+131
@@ -0,0 +1,131 @@
|
||||
package com.eactive.eai.authserver.config;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.time.LocalDateTime;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
|
||||
import org.springframework.web.servlet.HandlerExceptionResolver;
|
||||
import org.springframework.web.servlet.ModelAndView;
|
||||
|
||||
import com.eactive.eai.authserver.dao.TokenIssuanceLogDAO;
|
||||
import com.eactive.eai.authserver.service.OAuth2Manager;
|
||||
import com.eactive.eai.authserver.vo.ClientVO;
|
||||
import com.eactive.eai.common.logger.EAIDBLogControl;
|
||||
import com.eactive.eai.common.util.Logger;
|
||||
import com.eactive.eai.common.util.MessageUtil;
|
||||
import com.eactive.eai.data.entity.onl.authserver.TokenIssuanceLog;
|
||||
|
||||
@Configuration
|
||||
@Order(Ordered.HIGHEST_PRECEDENCE) // 다른 HandlerExceptionResolver보다 우선 적용
|
||||
public class CustomTokenEndpointExceptionResolver implements HandlerExceptionResolver {
|
||||
|
||||
static Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
|
||||
|
||||
@Autowired
|
||||
private TokenIssuanceLogDAO tokenIssuanceLogDAO;
|
||||
|
||||
@Override
|
||||
public ModelAndView resolveException(HttpServletRequest request, HttpServletResponse response, Object handler,
|
||||
Exception ex) {
|
||||
|
||||
// OAuth2 Token 요청 grant_type 누락 시
|
||||
if (ex instanceof InvalidRequestException) {
|
||||
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
|
||||
|
||||
String errorMessage = MessageUtil.makeJsonErrorMessage(MessageUtil.ERROR_CODE_AUTH_FAIL, ex.getMessage());
|
||||
|
||||
try {
|
||||
|
||||
RequestContextData data = new RequestContextData();
|
||||
data.setClientId(request.getParameter("client_id"));
|
||||
data.setIpAddress(extractIpAddress(request));
|
||||
data.setGrantType(request.getParameter("grant_type"));
|
||||
data.setScope(request.getParameter("scope"));
|
||||
data.setUsername(request.getParameter("username"));
|
||||
data.setResource(request.getParameter("resource"));
|
||||
|
||||
RequestContextData.ThreadLocalRequestContext.set(data);
|
||||
logTokenIssuance(false, false, errorMessage, null);
|
||||
response.setContentType("application/json;charset=UTF-8");
|
||||
response.getWriter().write(errorMessage);
|
||||
response.getWriter().flush();
|
||||
} catch (IOException e) {
|
||||
e.printStackTrace();
|
||||
} finally {
|
||||
RequestContextData.ThreadLocalRequestContext.clear();
|
||||
}
|
||||
|
||||
return new ModelAndView();
|
||||
}
|
||||
|
||||
// 다른 예외는 다른 HandlerExceptionResolver에게 위임
|
||||
return null;
|
||||
}
|
||||
|
||||
private String extractIpAddress(HttpServletRequest request) {
|
||||
String ipAddress = request.getHeader("X-Forwarded-For");
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getHeader("Proxy-Client-IP");
|
||||
}
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getHeader("WL-Proxy-Client-IP");
|
||||
}
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getHeader("HTTP_CLIENT_IP");
|
||||
}
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getHeader("HTTP_X_FORWARDED_FOR");
|
||||
}
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getRemoteAddr();
|
||||
}
|
||||
return ipAddress;
|
||||
}
|
||||
|
||||
private void logTokenIssuance(boolean isSuccess, boolean isRestrictionExempt, String resultMessage,
|
||||
String accessToken) {
|
||||
try {
|
||||
if (!EAIDBLogControl.isEnable()) {
|
||||
logger.warn("DB logging is disabled. Skipping token issuance logging.");
|
||||
return;
|
||||
}
|
||||
RequestContextData data = RequestContextData.ThreadLocalRequestContext.get();
|
||||
OAuth2Manager.getInstance();
|
||||
|
||||
TokenIssuanceLog log = new TokenIssuanceLog();
|
||||
String clientId = data.getClientId();
|
||||
log.setClientId(clientId);
|
||||
|
||||
if (StringUtils.isNotBlank(clientId)) {
|
||||
ClientVO clientVO = OAuth2Manager.getInstance().getClientInfo(clientId);
|
||||
log.setAppName(clientVO.getClientName());
|
||||
log.setOrgId(clientVO.getOrgId());
|
||||
log.setOrgName(clientVO.getOrgName());
|
||||
}
|
||||
|
||||
log.setGrantType(data.getGrantType());
|
||||
log.setScope(data.getScope());
|
||||
log.setIpAddress(data.getIpAddress());
|
||||
log.setSuccessYn(isSuccess ? "Y" : "N");
|
||||
log.setIssuanceDateTime(LocalDateTime.now());
|
||||
log.setRestrictionExemptYn(isRestrictionExempt ? "Y" : "N");
|
||||
log.setResultMessage(resultMessage);
|
||||
log.setAccessToken(accessToken); // Add access token value to the log
|
||||
|
||||
logger.info("Token request[/oauth/token or /oauth2/token] => clientId: {}, grantType: {}, scope: {}",
|
||||
clientId, data.getGrantType(), data.getScope());
|
||||
|
||||
tokenIssuanceLogDAO.saveTokenIssuanceLog(log);
|
||||
} catch (Throwable th) {
|
||||
logger.error("Error while logging token issuance: " + th.getMessage(), th);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,39 @@
|
||||
package com.eactive.eai.authserver.config;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.ApplicationListener;
|
||||
import org.springframework.context.event.ContextRefreshedEvent;
|
||||
import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import com.eactive.eai.authserver.dao.TokenIssuanceLogDAO;
|
||||
|
||||
@Component
|
||||
public class OAuth2FilterCustomizer implements ApplicationListener<ContextRefreshedEvent> {
|
||||
|
||||
private boolean initialized = false;
|
||||
|
||||
@Autowired
|
||||
private TokenIssuanceLogDAO tokenIssuanceLogDAO;
|
||||
|
||||
@Override
|
||||
public void onApplicationEvent(ContextRefreshedEvent event) {
|
||||
if (initialized) return;
|
||||
|
||||
Filter springSecurityFilterChain = event.getApplicationContext()
|
||||
.getBean("springSecurityFilterChain", Filter.class);
|
||||
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) springSecurityFilterChain;
|
||||
|
||||
filterChainProxy.getFilterChains().stream()
|
||||
.flatMap(chain -> chain.getFilters().stream())
|
||||
.filter(filter -> filter instanceof ClientCredentialsTokenEndpointFilter)
|
||||
.forEach(filter -> ((ClientCredentialsTokenEndpointFilter) filter)
|
||||
.setAuthenticationEntryPoint(new CustomOAuth2AuthenticationEntryPoint(tokenIssuanceLogDAO)));
|
||||
|
||||
initialized = true;
|
||||
}
|
||||
}
|
||||
@@ -1,12 +1,16 @@
|
||||
package com.eactive.eai.authserver.custom;
|
||||
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.json.simple.JSONObject;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.oauth2.provider.ClientDetails;
|
||||
import org.springframework.util.MultiValueMap;
|
||||
@@ -19,10 +23,15 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import com.eactive.eai.adapter.http.dynamic.filter.JwtAuthException;
|
||||
import com.eactive.eai.authserver.config.RequestContextData;
|
||||
import com.eactive.eai.authserver.dao.TokenIssuanceLogDAO;
|
||||
import com.eactive.eai.authserver.service.BearerTokenService;
|
||||
import com.eactive.eai.authserver.service.OAuth2Manager;
|
||||
import com.eactive.eai.authserver.vo.ClientVO;
|
||||
import com.eactive.eai.common.logger.EAIDBLogControl;
|
||||
import com.eactive.eai.common.util.Logger;
|
||||
import com.eactive.eai.common.util.MessageUtil;
|
||||
import com.eactive.eai.data.entity.onl.authserver.TokenIssuanceLog;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/auth/oauth/v2")
|
||||
@@ -31,6 +40,9 @@ public class BearerTokenContoller {
|
||||
public static Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
|
||||
private final BearerTokenService tokenService;
|
||||
|
||||
@Autowired
|
||||
private TokenIssuanceLogDAO tokenIssuanceLogDAO;
|
||||
|
||||
public BearerTokenContoller(BearerTokenService tokenService) {
|
||||
this.tokenService = tokenService;
|
||||
}
|
||||
@@ -39,7 +51,7 @@ public class BearerTokenContoller {
|
||||
value = "/token",
|
||||
method = {RequestMethod.POST, RequestMethod.GET}
|
||||
)
|
||||
public ResponseEntity<?> issueCAToken(@RequestParam MultiValueMap<String, String> req) throws JwtAuthException {
|
||||
public ResponseEntity<?> issueCAToken(HttpServletRequest request, @RequestParam MultiValueMap<String, String> req) throws JwtAuthException {
|
||||
JSONObject resObject = new JSONObject();
|
||||
|
||||
try {
|
||||
@@ -48,6 +60,16 @@ public class BearerTokenContoller {
|
||||
String clientSecret = req.getFirst("client_secret");
|
||||
String scopes = req.getFirst("scope");
|
||||
|
||||
RequestContextData data = new RequestContextData();
|
||||
data.setClientId(request.getParameter("client_id"));
|
||||
data.setIpAddress(extractIpAddress(request));
|
||||
data.setGrantType(request.getParameter("grant_type"));
|
||||
data.setScope(request.getParameter("scope"));
|
||||
data.setUsername(request.getParameter("username"));
|
||||
data.setResource(request.getParameter("resource"));
|
||||
|
||||
RequestContextData.ThreadLocalRequestContext.set(data);
|
||||
|
||||
logger.info("Token request[/auth/oauth/v2/token] => clientId: {}, grantType: {}, scope: {}",
|
||||
clientId, grantType, scopes);
|
||||
|
||||
@@ -84,15 +106,76 @@ public class BearerTokenContoller {
|
||||
// ... and so on for all key-value pairs
|
||||
resObject.putAll(tokenMap);
|
||||
|
||||
logTokenIssuance(true,false, resObject.toJSONString(), token);
|
||||
|
||||
return ResponseEntity.ok(resObject);
|
||||
} catch (JwtAuthException e) {
|
||||
logger.error(e);
|
||||
String errorJson = MessageUtil.makeJsonErrorMessage(MessageUtil.ERROR_CODE_AUTH_FAIL, e.getMessage());
|
||||
logTokenIssuance(false ,false, e.getMessage(), null);
|
||||
return ResponseEntity.status(401).body(errorJson);
|
||||
} catch (Exception e) {
|
||||
logger.error(e);
|
||||
String errorJson = MessageUtil.makeJsonErrorMessage(MessageUtil.ERROR_CODE_AP_ERROR, e.getMessage());
|
||||
logTokenIssuance(false ,false, e.getMessage(), null);
|
||||
return ResponseEntity.status(500).body(errorJson);
|
||||
}finally {
|
||||
RequestContextData.ThreadLocalRequestContext.clear();
|
||||
}
|
||||
}
|
||||
|
||||
private String extractIpAddress(HttpServletRequest request) {
|
||||
String ipAddress = request.getHeader("X-Forwarded-For");
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getHeader("Proxy-Client-IP");
|
||||
}
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getHeader("WL-Proxy-Client-IP");
|
||||
}
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getHeader("HTTP_CLIENT_IP");
|
||||
}
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getHeader("HTTP_X_FORWARDED_FOR");
|
||||
}
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getRemoteAddr();
|
||||
}
|
||||
return ipAddress;
|
||||
}
|
||||
|
||||
private void logTokenIssuance(boolean isSuccess, boolean isRestrictionExempt, String resultMessage, String accessToken) {
|
||||
try {
|
||||
if (!EAIDBLogControl.isEnable()) {
|
||||
logger.warn("DB logging is disabled. Skipping token issuance logging.");
|
||||
return;
|
||||
}
|
||||
RequestContextData data = RequestContextData.ThreadLocalRequestContext.get();
|
||||
OAuth2Manager.getInstance();
|
||||
|
||||
TokenIssuanceLog log = new TokenIssuanceLog();
|
||||
String clientId = data.getClientId();
|
||||
log.setClientId(clientId);
|
||||
|
||||
if(StringUtils.isNotBlank(clientId)) {
|
||||
ClientVO clientVO = OAuth2Manager.getInstance().getClientInfo(clientId);
|
||||
log.setAppName(clientVO.getClientName());
|
||||
log.setOrgId(clientVO.getOrgId());
|
||||
log.setOrgName(clientVO.getOrgName());
|
||||
}
|
||||
|
||||
log.setGrantType(data.getGrantType());
|
||||
log.setScope(data.getScope());
|
||||
log.setIpAddress(data.getIpAddress());
|
||||
log.setSuccessYn(isSuccess ? "Y" : "N");
|
||||
log.setIssuanceDateTime(LocalDateTime.now());
|
||||
log.setRestrictionExemptYn(isRestrictionExempt ? "Y" : "N");
|
||||
log.setResultMessage(resultMessage);
|
||||
log.setAccessToken(accessToken); // Add access token value to the log
|
||||
|
||||
tokenIssuanceLogDAO.saveTokenIssuanceLog(log);
|
||||
} catch (Throwable th) {
|
||||
logger.error("Error while logging token issuance: " + th.getMessage(), th);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -96,6 +96,17 @@ public class KjbMGOAuth2Controller {
|
||||
logger.debug(tokenRequest.toString());
|
||||
}
|
||||
|
||||
RequestContextData data = new RequestContextData();
|
||||
data.setClientId(tokenRequest.getClientId());
|
||||
data.setIpAddress(extractIpAddress(request));
|
||||
data.setGrantType(tokenRequest.getGrantType());
|
||||
data.setScope(tokenRequest.getScope());
|
||||
data.setUsername("none");
|
||||
data.setResource("none");
|
||||
|
||||
RequestContextData.ThreadLocalRequestContext.set(data);
|
||||
|
||||
|
||||
KjbMGOAuth2AccessTokenResponse responseToken = new KjbMGOAuth2AccessTokenResponse();
|
||||
try {
|
||||
if (!StringUtils.equals(tokenRequest.getGrantType(), "client_credentials")) {
|
||||
@@ -158,22 +169,47 @@ public class KjbMGOAuth2Controller {
|
||||
// 성공 시 JSON 문자열로 변환하여 반환
|
||||
ObjectMapper mapper = new ObjectMapper();
|
||||
String successJson = mapper.writeValueAsString(responseToken);
|
||||
|
||||
return ResponseEntity.ok(successJson);
|
||||
|
||||
} catch (JwtAuthException e) {
|
||||
String errorJson = MessageUtil.makeJsonErrorMessage(MessageUtil.ERROR_CODE_AUTH_FAIL, e.getMessage());
|
||||
int statusCode = NumberUtils.toInt(StringUtils.left(e.getCode(), 3), HttpStatus.UNAUTHORIZED.value());
|
||||
logTokenIssuance(false ,false, e.getMessage(), null);
|
||||
return ResponseEntity.status(statusCode).body(errorJson);
|
||||
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage());
|
||||
String errorJson = MessageUtil.makeJsonErrorMessage(MessageUtil.ERROR_CODE_AUTH_FAIL, "Unauthorized. [Unknown]");
|
||||
logTokenIssuance(false ,false, e.getMessage(), null);
|
||||
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(errorJson);
|
||||
}finally {
|
||||
RequestContextData.ThreadLocalRequestContext.clear();
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
private String extractIpAddress(HttpServletRequest request) {
|
||||
String ipAddress = request.getHeader("X-Forwarded-For");
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getHeader("Proxy-Client-IP");
|
||||
}
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getHeader("WL-Proxy-Client-IP");
|
||||
}
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getHeader("HTTP_CLIENT_IP");
|
||||
}
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getHeader("HTTP_X_FORWARDED_FOR");
|
||||
}
|
||||
if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
|
||||
ipAddress = request.getRemoteAddr();
|
||||
}
|
||||
return ipAddress;
|
||||
}
|
||||
|
||||
private void verifyClient(ClientDetails clientDetails, String clientId, String clientSecret, Set<String> scopeSet)
|
||||
throws JwtAuthException {
|
||||
|
||||
@@ -219,35 +255,6 @@ public class KjbMGOAuth2Controller {
|
||||
return BeanUtils.getBean("tokenEndpoint", TokenEndpoint.class);
|
||||
}
|
||||
|
||||
private class TokenIssuanceLogEnhancer implements TokenEnhancer {
|
||||
@Override
|
||||
public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
|
||||
if (!EAIDBLogControl.isEnable()) {
|
||||
logger.warn("DB logging is disabled. Skipping token issuance logging.");
|
||||
return accessToken;
|
||||
}
|
||||
|
||||
String clientId = authentication.getOAuth2Request().getClientId();
|
||||
LocalDateTime startDateTime = LocalDateTime.now().minusHours(24);
|
||||
|
||||
int recentTokenCount = tokenIssuanceLogDAO.findRecentLogsForRestrictionCount(clientId, startDateTime);
|
||||
|
||||
try {
|
||||
ClientVO clientVO = OAuth2Manager.getInstance().getClientInfo(clientId);
|
||||
int dailyTokenLimit = clientVO.getDailyTokenLimit();
|
||||
if (dailyTokenLimit > 0 && recentTokenCount >= dailyTokenLimit) {
|
||||
throw new IssueLimitOAuth2Exception("Token issuance limit exceeded for this client");
|
||||
}
|
||||
|
||||
// JWT 변환 이후의 최종 토큰 값 로깅
|
||||
logTokenIssuance(true, false, "Token issued successfully", accessToken.getValue());
|
||||
} catch (DAOException e) {
|
||||
logger.warn("cannot find clientVo - " + clientId);
|
||||
}
|
||||
return accessToken;
|
||||
}
|
||||
}
|
||||
|
||||
private void logTokenIssuance(boolean isSuccess, boolean isRestrictionExempt, String resultMessage, String accessToken) {
|
||||
try {
|
||||
if (!EAIDBLogControl.isEnable()) {
|
||||
|
||||
Reference in New Issue
Block a user