Spring Security 변경
This commit is contained in:
@@ -10,6 +10,7 @@ import com.eactive.testmaster.api.service.MockRouteService;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.data.domain.Page;
|
||||
import org.springframework.data.domain.Pageable;
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.ModelMap;
|
||||
import org.springframework.validation.BindingResult;
|
||||
@@ -50,6 +51,7 @@ public class MockRouteMgmtController {
|
||||
public static final String MOCK_ROUTE_LIST_VIEW = "redirect:/mgmt/routes/list_view.do";
|
||||
|
||||
@GetMapping("/list_view.do")
|
||||
@Secured("ROLE_MANAGE_ROUTE")
|
||||
public ModelAndView listView(@ModelAttribute("mockRouteSearch") MockRouteSearch mockRouteSearch, Pageable pageable) {
|
||||
ModelAndView mav = new ModelAndView("page/routes/mockRouteList");
|
||||
Page<MockRoute> page = mockRouteService.findAll(mockRouteSearch.buildSpecification(), pageable);
|
||||
@@ -61,6 +63,7 @@ public class MockRouteMgmtController {
|
||||
}
|
||||
|
||||
@GetMapping("/create_view.do")
|
||||
@Secured("ROLE_MANAGE_ROUTE")
|
||||
public ModelAndView createView() {
|
||||
ModelAndView mav = new ModelAndView(MOCK_ROUTE_EDIT);
|
||||
MockRouteRegisterDTO defaultRoute = new MockRouteRegisterDTO();
|
||||
@@ -72,6 +75,7 @@ public class MockRouteMgmtController {
|
||||
}
|
||||
|
||||
@GetMapping("/update_view.do")
|
||||
@Secured("ROLE_MANAGE_ROUTE")
|
||||
public ModelAndView updateView(@RequestParam("id") Long id) {
|
||||
|
||||
ModelAndView mav = new ModelAndView(MOCK_ROUTE_EDIT);
|
||||
@@ -82,6 +86,7 @@ public class MockRouteMgmtController {
|
||||
}
|
||||
|
||||
@PostMapping("/clone_view.do")
|
||||
@Secured("ROLE_MANAGE_ROUTE")
|
||||
public ModelAndView cloneView(@RequestParam("id") Long id) {
|
||||
|
||||
ModelAndView mav = new ModelAndView(MOCK_ROUTE_EDIT);
|
||||
@@ -94,6 +99,7 @@ public class MockRouteMgmtController {
|
||||
}
|
||||
|
||||
@PostMapping("/register.do")
|
||||
@Secured("ROLE_MANAGE_ROUTE")
|
||||
public String register(@ModelAttribute("mockRoute") MockRouteRegisterDTO dto, BindingResult bindingResult, ModelMap model) {
|
||||
|
||||
if (dto == null) {
|
||||
@@ -116,6 +122,7 @@ public class MockRouteMgmtController {
|
||||
|
||||
|
||||
@PostMapping("/update.do")
|
||||
@Secured("ROLE_MANAGE_ROUTE")
|
||||
public String update(@RequestParam("id") String id,
|
||||
@ModelAttribute("mockRoute") MockRouteUpdateDTO dto,
|
||||
BindingResult bindingResult, ModelMap model) {
|
||||
@@ -144,6 +151,7 @@ public class MockRouteMgmtController {
|
||||
|
||||
|
||||
@PostMapping("/delete.do")
|
||||
@Secured("ROLE_MANAGE_ROUTE")
|
||||
public String delete(@RequestParam("checkedIdForDel") List<String> ids) {
|
||||
for (String id : ids) {
|
||||
MockRoute mockRoute = mockRouteService.findById(Long.parseLong(id));
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
package com.eactive.testmaster.client.controller;
|
||||
|
||||
import com.eactive.testmaster.server.entity.Server;
|
||||
import com.eactive.testmaster.server.entity.ServerRepository;
|
||||
import com.eactive.testmaster.server.repository.ServerRepository;
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.ModelMap;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
@@ -18,6 +19,7 @@ public class ApiClientPageController {
|
||||
}
|
||||
|
||||
@GetMapping("/mgmt/api_tester.do")
|
||||
@Secured("ROLE_API_TESTER")
|
||||
public String testView(ModelMap model) {
|
||||
|
||||
List<Server> servers = serverRepository.findAllByEnabledIs(true);
|
||||
|
||||
@@ -6,15 +6,19 @@ import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class PortalConfigSecurity extends WebSecurityConfigurerAdapter {
|
||||
@EnableGlobalMethodSecurity(securedEnabled = true)
|
||||
public class PortalConfigSecurity {
|
||||
|
||||
private final PortalAuthenticationFailureHandler authenticationFailureHandler;
|
||||
|
||||
@@ -41,34 +45,49 @@ public class PortalConfigSecurity extends WebSecurityConfigurerAdapter {
|
||||
return registrationBean;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
|
||||
http.headers().frameOptions().disable();//spring security 와 h2-console 같이 사용.
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.formLogin()
|
||||
.authenticationManager(portalAuthenticationManager)
|
||||
// .authorizeRequests(authorizeRequests -> authorizeRequests.antMatchers("/h2-console/",
|
||||
// "/css/",
|
||||
// "/html/",
|
||||
// "/images/",
|
||||
// "/img/",
|
||||
// "/js/",
|
||||
// "/login",
|
||||
// "/intro.do",
|
||||
// "/join.do",
|
||||
// "/actionLogin.do",
|
||||
// "/search_id.do",
|
||||
// "/admin_register_view.do",
|
||||
// "/admin_register.do",
|
||||
// "/reset_password.do",
|
||||
// "/forgot_password.do")
|
||||
// .permitAll()
|
||||
// .anyRequest()
|
||||
// .authenticated())
|
||||
.formLogin(form -> form
|
||||
.loginPage("/login")
|
||||
.usernameParameter("id")
|
||||
.passwordParameter("password")
|
||||
.loginProcessingUrl("/actionLogin.do")
|
||||
.successHandler(authenticationSuccessHandler)
|
||||
.failureHandler(authenticationFailureHandler)
|
||||
.and()
|
||||
.logout().logoutUrl("/actionLogout.do").logoutSuccessUrl("/")
|
||||
.and().authorizeRequests() // 권한요청 처리 설정 메서드
|
||||
.antMatchers("/h2-console/**").permitAll() // 누구나 h2-console 접속 허용
|
||||
.and()
|
||||
.csrf()
|
||||
.requireCsrfProtectionMatcher(new AntPathRequestMatcher("/mgmt/**", "POST"))
|
||||
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
|
||||
.successHandler(authenticationSuccessHandler))
|
||||
.logout(logout -> logout
|
||||
.logoutRequestMatcher(new AntPathRequestMatcher("/actionLogout.do", "GET"))
|
||||
.logoutSuccessUrl("/"))
|
||||
.csrf(csrf -> csrf
|
||||
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
|
||||
.ignoringAntMatchers("/h2-console/**")
|
||||
).headers(headers -> headers.frameOptions().sameOrigin())
|
||||
.sessionManagement(session -> session
|
||||
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
|
||||
.sessionFixation()
|
||||
.changeSessionId()
|
||||
);
|
||||
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@Override
|
||||
@Bean
|
||||
public PortalAuthenticationManager authenticationManager() {
|
||||
return portalAuthenticationManager;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
package com.eactive.testmaster.config;
|
||||
|
||||
import com.eactive.testmaster.common.interceptor.AuthenticInterceptor;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.Ordered;
|
||||
@@ -8,13 +10,12 @@ import org.springframework.data.domain.PageRequest;
|
||||
import org.springframework.data.web.PageableHandlerMethodArgumentResolver;
|
||||
import org.springframework.http.CacheControl;
|
||||
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
|
||||
import org.springframework.web.servlet.config.annotation.*;
|
||||
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
|
||||
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||
import org.springframework.web.servlet.resource.PathResourceResolver;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
@Configuration
|
||||
@EnableWebMvc
|
||||
public class WebMvcConfig implements WebMvcConfigurer {
|
||||
@@ -26,20 +27,6 @@ public class WebMvcConfig implements WebMvcConfigurer {
|
||||
WebMvcConfigurer.super.addViewControllers(registry);
|
||||
}
|
||||
|
||||
private List<String> listAdminAuthPattern() {
|
||||
List<String> patterns = new ArrayList<>();
|
||||
patterns.add("/mgmt/users/*.do");
|
||||
patterns.add("/mgmt/servers/*.do");
|
||||
return patterns;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public AuthenticInterceptor authenticInterceptor() {
|
||||
AuthenticInterceptor authenticInterceptor = new AuthenticInterceptor();
|
||||
authenticInterceptor.setAdminAuthPatternList(listAdminAuthPattern());
|
||||
return authenticInterceptor;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
|
||||
resolvers.add(pageableHandlerMethodArgumentResolver());
|
||||
@@ -53,34 +40,6 @@ public class WebMvcConfig implements WebMvcConfigurer {
|
||||
return pageableHandlerMethodArgumentResolver;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addInterceptors(InterceptorRegistry registry) {
|
||||
registry.addInterceptor(authenticInterceptor())
|
||||
.addPathPatterns(
|
||||
"/",
|
||||
"/mgmt/**/*.do")
|
||||
.excludePathPatterns(
|
||||
"/h2-console/**",
|
||||
"/css/**",
|
||||
"/html/**",
|
||||
"/images/**",
|
||||
"/img/**",
|
||||
"/js/**",
|
||||
"/login",
|
||||
"/intro.do",
|
||||
"/join.do",
|
||||
"/user_register.do",
|
||||
"/actionLogin.do",
|
||||
"/check_id.do",
|
||||
"/search_id.do",
|
||||
"/admin_register_view.do",
|
||||
"/admin_register.do",
|
||||
"/request_register_auth.do",
|
||||
"/reset_password.do",
|
||||
"/forgot_password.do"
|
||||
);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addResourceHandlers(ResourceHandlerRegistry registry) {
|
||||
|
||||
|
||||
@@ -8,6 +8,7 @@ import com.eactive.testmaster.server.service.ServerMgmtService;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.data.domain.Page;
|
||||
import org.springframework.data.domain.Pageable;
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.ModelMap;
|
||||
import org.springframework.validation.BindingResult;
|
||||
@@ -40,6 +41,7 @@ public class ServerMgmtController {
|
||||
public static final String SERVER_LIST_VIEW = "redirect:/mgmt/servers/list_view.do";
|
||||
|
||||
@GetMapping("/list_view.do")
|
||||
@Secured("ROLE_MANAGE_SERVER")
|
||||
public String listView(@ModelAttribute("serverSearch") ServerSearch serverSearch,
|
||||
ModelMap model,
|
||||
Pageable pageable) {
|
||||
@@ -53,6 +55,7 @@ public class ServerMgmtController {
|
||||
}
|
||||
|
||||
@GetMapping("/create_view.do")
|
||||
@Secured("ROLE_MANAGE_SERVER")
|
||||
public String createView(ModelMap model) {
|
||||
ServerDTO defaultServer = new ServerDTO();
|
||||
model.addAttribute(SERVER, defaultServer);
|
||||
@@ -60,6 +63,7 @@ public class ServerMgmtController {
|
||||
}
|
||||
|
||||
@GetMapping("/update_view.do")
|
||||
@Secured("ROLE_MANAGE_SERVER")
|
||||
public String updateView(ModelMap model, @RequestParam("id") Long id) {
|
||||
Server found = serverMgmtService.findById(id);
|
||||
ServerDTO server = serverMapper.map(found);
|
||||
@@ -68,6 +72,7 @@ public class ServerMgmtController {
|
||||
}
|
||||
|
||||
@PostMapping("/register.do")
|
||||
@Secured("ROLE_MANAGE_SERVER")
|
||||
public String register(@ModelAttribute(SERVER) ServerDTO dto,
|
||||
BindingResult bindingResult,
|
||||
ModelMap model) {
|
||||
@@ -89,6 +94,7 @@ public class ServerMgmtController {
|
||||
}
|
||||
|
||||
@PostMapping("/update.do")
|
||||
@Secured("ROLE_MANAGE_SERVER")
|
||||
public String update(@ModelAttribute(SERVER) ServerDTO dto,
|
||||
BindingResult bindingResult,
|
||||
ModelMap model) {
|
||||
@@ -110,6 +116,7 @@ public class ServerMgmtController {
|
||||
}
|
||||
|
||||
@PostMapping("/delete.do")
|
||||
@Secured("ROLE_MANAGE_SERVER")
|
||||
public String delete(@RequestParam("checkedIdForDel") List<String> checkedIdForDel) {
|
||||
for (String id : checkedIdForDel) {
|
||||
serverMgmtService.delete(Long.parseLong(id));
|
||||
|
||||
@@ -11,6 +11,7 @@ import org.springframework.data.domain.Pageable;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.ui.ModelMap;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.ModelAttribute;
|
||||
@@ -18,7 +19,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/mgmt/servers")
|
||||
@RequestMapping("/servers")
|
||||
public class ServerRestController {
|
||||
|
||||
private final ServerMgmtService serverMgmtService;
|
||||
@@ -31,6 +32,7 @@ public class ServerRestController {
|
||||
}
|
||||
|
||||
@GetMapping("/list.do")
|
||||
@Secured("ROLE_API_TESTER")
|
||||
public ResponseEntity<List<ServerDTO>> listView(@ModelAttribute("serverSearch") ServerSearch serverSearch, ModelMap model, Pageable pageable) {
|
||||
Page<Server> page = serverMgmtService.findAll(serverSearch.buildSpecification(), pageable);
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
|
||||
@@ -10,6 +10,7 @@ import com.eactive.testmaster.user.service.StaffUserService;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.data.domain.Page;
|
||||
import org.springframework.data.domain.Pageable;
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.ModelMap;
|
||||
import org.springframework.validation.BindingResult;
|
||||
@@ -36,6 +37,7 @@ public class UserMgmtController {
|
||||
}
|
||||
|
||||
@GetMapping("/list_view.do")
|
||||
@Secured("ROLE_MANAGE_USER")
|
||||
public String userList(@ModelAttribute("userSearch") UserSearch userSearch,
|
||||
ModelMap model,
|
||||
Pageable pageable) {
|
||||
@@ -49,12 +51,14 @@ public class UserMgmtController {
|
||||
}
|
||||
|
||||
@GetMapping("/create_view.do")
|
||||
@Secured("ROLE_MANAGE_USER")
|
||||
public String createView(ModelMap model) {
|
||||
model.addAttribute("user", new StaffUser());
|
||||
return STAFF_USER_EDIT;
|
||||
}
|
||||
|
||||
@GetMapping("/update_view.do")
|
||||
@Secured("ROLE_MANAGE_USER")
|
||||
public String updateView(ModelMap model,
|
||||
@RequestParam("userId") String userId) {
|
||||
|
||||
@@ -64,6 +68,7 @@ public class UserMgmtController {
|
||||
}
|
||||
|
||||
@PostMapping("/register.do")
|
||||
@Secured("ROLE_MANAGE_USER")
|
||||
public String register(@ModelAttribute("user") UserRegisterDTO user,
|
||||
BindingResult bindingResult,
|
||||
ModelMap model) {
|
||||
@@ -86,6 +91,7 @@ public class UserMgmtController {
|
||||
|
||||
|
||||
@PostMapping("/update.do")
|
||||
@Secured("ROLE_MANAGE_USER")
|
||||
public String update(@RequestParam("esntlId") String esntlId,
|
||||
@ModelAttribute("user") UserUpdateDTO user,
|
||||
BindingResult bindingResult,
|
||||
@@ -109,6 +115,7 @@ public class UserMgmtController {
|
||||
|
||||
|
||||
@PostMapping("/delete.do")
|
||||
@Secured("ROLE_MANAGE_USER")
|
||||
public String delete(@ModelAttribute UserSearch modelSearch) {
|
||||
modelSearch.getCheckedIdForDel().forEach(id -> {
|
||||
if (!SecurityUtil.getCurrentUserEsntlId().equals(id)) { // 자기 자신은 삭제 불가
|
||||
|
||||
@@ -2,6 +2,9 @@ package com.eactive.testmaster.user.entity;
|
||||
|
||||
import com.eactive.testmaster.common.entity.Auditable;
|
||||
import com.eactive.testmaster.common.entity.EnabledStatus;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import org.hibernate.annotations.Type;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
@@ -15,6 +18,7 @@ import java.util.Collection;
|
||||
|
||||
@MappedSuperclass
|
||||
public abstract class User extends Auditable implements Serializable, UserDetails {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
@@ -123,11 +127,18 @@ public abstract class User extends Auditable implements Serializable, UserDetail
|
||||
@Override
|
||||
@Transient
|
||||
public Collection<? extends GrantedAuthority> getAuthorities() {
|
||||
if (userSecurity != null) {
|
||||
return Arrays.asList(new SimpleGrantedAuthority(this.userSecurity));
|
||||
} else {
|
||||
return Arrays.asList(new SimpleGrantedAuthority("ROLE_USER"));
|
||||
List<GrantedAuthority> authorities = new ArrayList<>();
|
||||
authorities.add(new SimpleGrantedAuthority(Objects.requireNonNullElse(userSecurity, "ROLE_USER")));
|
||||
|
||||
if (this.userSecurity.equals("ROLE_ADMIN")) {
|
||||
authorities.add(new SimpleGrantedAuthority("ROLE_MANAGE_ROUTE"));
|
||||
authorities.add(new SimpleGrantedAuthority("ROLE_MANAGE_SERVER"));
|
||||
authorities.add(new SimpleGrantedAuthority("ROLE_MANAGE_USER"));
|
||||
}
|
||||
|
||||
authorities.add(new SimpleGrantedAuthority("ROLE_API_TESTER"));
|
||||
|
||||
return authorities;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
Reference in New Issue
Block a user