officer/egovframe-msa-edu
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sonarqube plugin add && 보안점검 소스 수정(user-service)

Browse Source
This commit is contained in:
shinmj
2021-11-17 16:45:11 +09:00
parent b9252dee57
commit 2b7177659d
8 changed files with 101 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
backend/user-service/build.gradle
View File

@@ -1,5 +1,6 @@
plugins {
id 'org.springframework.boot' version '2.4.5'
id "org.sonarqube" version "2.7"
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
// querydsl
id 'com.ewerk.gradle.plugins.querydsl' version '1.0.10'

9
backend/user-service/src/main/java/org/egovframe/cloud/userservice/api/role/dto/AuthorizationUpdateRequestDto.java
View File

@@ -1,5 +1,6 @@
package org.egovframe.cloud.userservice.api.role.dto;
import lombok.Builder;
import lombok.Getter;
import javax.validation.constraints.NotBlank;
@@ -49,4 +50,12 @@ public class AuthorizationUpdateRequestDto {
@NotNull(message = "{authorization.sortSeq} {err.required}")
private Integer sortSeq;
@Builder
public AuthorizationUpdateRequestDto(String authorizationName, String urlPatternValue,
String httpMethodCode, Integer sortSeq) {
this.authorizationName = authorizationName;
this.urlPatternValue = urlPatternValue;
this.httpMethodCode = httpMethodCode;
this.sortSeq = sortSeq;
}
}

5
backend/user-service/src/main/java/org/egovframe/cloud/userservice/config/AuthenticationFilter.java
View File

@@ -108,9 +108,6 @@ public class AuthenticationFilter extends UsernamePasswordAuthenticationFilter {
} catch (IOException e) {
log.error(e.getLocalizedMessage());
throw new RuntimeException(e);
} catch (Exception e) {
log.error(e.getLocalizedMessage());
throw e;
}
}
@@ -190,7 +187,7 @@ public class AuthenticationFilter extends UsernamePasswordAuthenticationFilter {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse.setStatus(e.getErrorCode().getStatus());
log.error("AuthenticationFilter doFilter error: {}", e.getMessage());
} catch (Exception e) {
} catch (ServletException | IOException e) {
SecurityContextHolder.getContext().setAuthentication(null);
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());

4
backend/user-service/src/main/java/org/egovframe/cloud/userservice/config/TokenProvider.java
View File

@@ -130,9 +130,11 @@ public class TokenProvider {
// 사용자가 있으면 access token 을 새로 발급하여 리턴한다.
String accessToken = createAccessToken(user.getRoleKey(), user.getUserId());
String filteredRefreshToken = refreshToken.replaceAll("\r", "").replaceAll("\n", "");
// Header에 토큰 세팅
response.addHeader(TOKEN_ACCESS_KEY, accessToken);
response.addHeader(TOKEN_REFRESH_KEY, refreshToken);
response.addHeader(TOKEN_REFRESH_KEY, filteredRefreshToken);
response.addHeader(TOKEN_USER_ID, user.getUserId());
return accessToken;
}

3
backend/user-service/src/main/java/org/egovframe/cloud/userservice/domain/role/Authorization.java
View File

@@ -5,6 +5,7 @@ import com.fasterxml.jackson.annotation.ObjectIdGenerators;
import lombok.Builder;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.ToString;
import org.egovframe.cloud.servlet.domain.BaseEntity;
import org.hibernate.annotations.OnDelete;
import org.hibernate.annotations.OnDeleteAction;
@@ -34,6 +35,7 @@ import java.util.List;
@NoArgsConstructor
@Entity
@JsonIdentityInfo(generator = ObjectIdGenerators.IntSequenceGenerator.class)
@ToString
public class Authorization extends BaseEntity {
/**
@@ -70,6 +72,7 @@ public class Authorization extends BaseEntity {
/**
* 권한 인가 엔티티
*/
@ToString.Exclude
@OneToMany(mappedBy = "authorization", fetch = FetchType.LAZY, cascade = CascadeType.ALL, orphanRemoval = true)
@OnDelete(action = OnDeleteAction.CASCADE)
private List<RoleAuthorization> roleAuthorizations;

60
backend/user-service/src/main/java/org/egovframe/cloud/userservice/service/role/AuthorizationService.java
View File

@@ -219,33 +219,8 @@ public class AuthorizationService extends AbstractService {
@Transactional
public AuthorizationResponseDto update(Integer authorizationNo, AuthorizationUpdateRequestDto requestDto) {
Authorization entity = findAuthorization(authorizationNo);
// 정렬 순서가 변경된 경우 사이 구간 정렬 순서 조정
Integer beforeSortSeq = entity.getSortSeq();
Integer afterSortSeq = requestDto.getSortSeq();
Integer startSortSeq = null;
Integer endSortSeq = null;
int increaseSortSeq = 0;
if (beforeSortSeq == null && afterSortSeq != null) {
startSortSeq = afterSortSeq;
increaseSortSeq = 1;
} else if (beforeSortSeq != null && afterSortSeq == null) {
startSortSeq = beforeSortSeq + 1;
increaseSortSeq = -1;
} else if (beforeSortSeq != null && afterSortSeq != null && beforeSortSeq.compareTo(afterSortSeq) != 0) {
if (beforeSortSeq.compareTo(afterSortSeq) > 0) {
startSortSeq = afterSortSeq;
endSortSeq = beforeSortSeq - 1;
increaseSortSeq = 1;
} else {
startSortSeq = beforeSortSeq + 1;
endSortSeq = afterSortSeq;
increaseSortSeq = -1;
}
}
if (startSortSeq != null || endSortSeq != null) {
authorizationRepository.updateSortSeq(startSortSeq, endSortSeq, increaseSortSeq);
}
updateSortSeq(entity, requestDto);
// 수정
entity.update(requestDto.getAuthorizationName(), requestDto.getUrlPatternValue(), requestDto.getHttpMethodCode(), requestDto.getSortSeq());
@@ -255,6 +230,39 @@ public class AuthorizationService extends AbstractService {
return new AuthorizationResponseDto(entity);
}
/**
* 정렬순서 update
*
* @param entity 인가 엔티티
* @param requestDto 인가 수정 요청 DTO
*/
private void updateSortSeq(Authorization entity, AuthorizationUpdateRequestDto requestDto) {
// 정렬 순서가 변경된 경우 사이 구간 정렬 순서 조정
Integer beforeSortSeq = entity.getSortSeq();
Integer afterSortSeq = requestDto.getSortSeq();
if (beforeSortSeq == null) {
authorizationRepository.updateSortSeq(afterSortSeq, null, 1);
return;
}
if (afterSortSeq == null) {
authorizationRepository.updateSortSeq(beforeSortSeq+1, null, -1);
return;
}
int compareTo = beforeSortSeq.compareTo(afterSortSeq);
if (compareTo > 0) {
authorizationRepository.updateSortSeq(afterSortSeq, beforeSortSeq-1, 1);
return;
}
if (compareTo < 0) {
authorizationRepository.updateSortSeq(beforeSortSeq+1, afterSortSeq, -1);
return;
}
}
/**
* 인가 삭제
* 권한 인가도 같이 삭제됨

33
backend/user-service/src/main/java/org/egovframe/cloud/userservice/service/user/UserService.java
View File

@@ -452,8 +452,8 @@ public class UserService extends AbstractService implements UserDetailsService {
User entity = findUserVerify(userId, requestDto);
entity.updatePassword(passwordEncoder.encode(requestDto.getNewPassword())); // 비밀번호 수정
} catch (Exception e) {
e.printStackTrace();
} catch (IllegalArgumentException e) {
log.error(e.getLocalizedMessage());
throw e;
}
@@ -472,8 +472,6 @@ public class UserService extends AbstractService implements UserDetailsService {
findUserVerifyPassword(userId, password);
} catch (BusinessMessageException e) {
return false;
} catch (Exception e) {
return false;
}
return true;
@@ -848,34 +846,11 @@ public class UserService extends AbstractService implements UserDetailsService {
.build();
user.setSocial(providerCode, providerId);
if (user != null) {
userRepository.save(user);
}
}
return user == null ? null : new UserResponseDto(user);
}
/**
* 임의 비밀번호 10자리 생성
*
* @return String 비밀번호
*/
private String makeRandomPassword() {
char[] terms = new char[]{
'1', '2', '3', '4', '5', '6', '7', '8', '9', '0',
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
'!', '@', '#', '$', '%', '^', '&', '*', '(', ')'};
StringBuilder sb = new StringBuilder();
for (int i = 0; i < 10; i++) {
int index = (int) (Math.random() * terms.length);
sb.append(terms[index]);
}
return sb.toString();
return new UserResponseDto(user);
}
}

45
backend/user-service/src/test/java/org/egovframe/cloud/userservice/api/role/AuthorizationApiControllerTest.java
View File

@@ -1,6 +1,8 @@
package org.egovframe.cloud.userservice.api.role;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.egovframe.cloud.userservice.api.role.dto.AuthorizationUpdateRequestDto;
import org.egovframe.cloud.userservice.domain.role.Authorization;
import org.egovframe.cloud.userservice.domain.role.AuthorizationRepository;
import org.egovframe.cloud.userservice.domain.role.RoleAuthorization;
@@ -306,6 +308,49 @@ class AuthorizationApiControllerTest {
deleteTestData(authorizationNo);
}
@Test
@WithMockUser(roles = "ADMIN")
void 인가_정렬순서_변경() throws Exception {
// given
insertTestDatas();
testDatas.stream().forEach(System.out::println);
Authorization authorization = testDatas.get(4);
assertThat(authorization.getSortSeq()).isEqualTo(5);
AuthorizationUpdateRequestDto requestDto = AuthorizationUpdateRequestDto.builder()
.authorizationName(authorization.getAuthorizationName())
.httpMethodCode(authorization.getHttpMethodCode())
.urlPatternValue(authorization.getUrlPatternValue())
.sortSeq(7)
.build();
// when
ResultActions resultActions = mvc.perform(MockMvcRequestBuilders.put(URL + "/" + authorization.getAuthorizationNo())
.accept(MediaType.APPLICATION_JSON)
.contentType("application/json;charset=UTF-8")
.content(objectMapper.writeValueAsString(requestDto)));
// then
resultActions
.andDo(MockMvcResultHandlers.print())
.andExpect(MockMvcResultMatchers.status().isOk());
Optional<Authorization> optional = selectData(authorization.getAuthorizationNo());
assertThat(optional.isPresent()).isTrue();
Authorization updateAuthorization = optional.get();
assertThat(updateAuthorization.getSortSeq()).isEqualTo(7);
List<Authorization> all = authorizationRepository.findAll();
all.stream().forEach(System.out::println);
deleteTestDatas();
}
/**
* 인가 삭제 테스트
*/