officer/egovframe-msa-edu
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sonarqube plugin add && 보안점검 소스 수정

Browse Source
This commit is contained in:
shinmj
2021-11-17 15:04:40 +09:00
parent e58bac9e5b
commit b9252dee57
3 changed files with 41 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
backend/apigateway/build.gradle
View File

@@ -1,5 +1,6 @@
plugins { plugins {
id 'org.springframework.boot' version '2.4.5' id 'org.springframework.boot' version '2.4.5'
id "org.sonarqube" version "2.7"
id 'io.spring.dependency-management' version '1.0.11.RELEASE' id 'io.spring.dependency-management' version '1.0.11.RELEASE'
id 'java' id 'java'
} }

19
backend/apigateway/src/main/java/org/egovframe/cloud/apigateway/config/OpenApiDocConfig.java
View File

@@ -1,8 +1,10 @@
package org.egovframe.cloud.apigateway.config; package org.egovframe.cloud.apigateway.config;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection;
import java.util.List; import java.util.List;
import java.util.Optional;
import java.util.stream.Stream;
import org.springdoc.core.GroupedOpenApi; import org.springdoc.core.GroupedOpenApi;
import org.springdoc.core.SwaggerUiConfigParameters; import org.springdoc.core.SwaggerUiConfigParameters;
import org.springframework.cloud.gateway.route.RouteDefinition; import org.springframework.cloud.gateway.route.RouteDefinition;
@@ -20,11 +22,16 @@ public class OpenApiDocConfig {
List<GroupedOpenApi> groups = new ArrayList<>(); List<GroupedOpenApi> groups = new ArrayList<>();
List<RouteDefinition> definitions = locator.getRouteDefinitions().log("OpenApiDocConfig").collectList().block(); List<RouteDefinition> definitions = locator.getRouteDefinitions().log("OpenApiDocConfig").collectList().block();
definitions.stream().filter(routeDefinition -> routeDefinition.getId().matches(".*-service")).forEach(routeDefinition -> {
String name = routeDefinition.getId(); Optional.ofNullable(definitions)
swaggerUiConfigParameters.addGroup(name); .map(Collection::stream)
GroupedOpenApi.builder().pathsToMatch("/" + name + "/**").group(name).build(); .orElseGet(Stream::empty)
}); .filter(routeDefinition -> routeDefinition.getId().matches(".*-service"))
.forEach(routeDefinition -> {
String name = routeDefinition.getId();
swaggerUiConfigParameters.addGroup(name);
GroupedOpenApi.builder().pathsToMatch("/" + name + "/**").group(name).build();
});
return groups; return groups;
} }
} }

48
backend/apigateway/src/main/java/org/egovframe/cloud/apigateway/config/ReactiveAuthorization.java
View File

@@ -2,6 +2,7 @@ package org.egovframe.cloud.apigateway.config;
import io.jsonwebtoken.ExpiredJwtException; import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts; import io.jsonwebtoken.Jwts;
import java.util.List;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
@@ -23,8 +24,7 @@ import reactor.core.publisher.Mono;
/** /**
* org.egovframe.cloud.apigateway.config.ReactiveAuthorization * org.egovframe.cloud.apigateway.config.ReactiveAuthorization
* <p> * <p>
* Spring Security 에 의해 요청 url에 대한 사용자 인가 서비스를 수행하는 클래스 * Spring Security 에 의해 요청 url에 대한 사용자 인가 서비스를 수행하는 클래스 요청에 대한 사용자의 권한여부 체크하여 true/false 리턴한다
* 요청에 대한 사용자의 권한여부 체크하여 true/false 리턴한다
* *
* @author 표준프레임워크센터 jaeyeolkim * @author 표준프레임워크센터 jaeyeolkim
* @version 1.0 * @version 1.0
@@ -54,8 +54,7 @@ public class ReactiveAuthorization implements ReactiveAuthorizationManager<Autho
public static final String REFRESH_TOKEN_URI = "/user-service" + "/api/v1/users/token/refresh"; public static final String REFRESH_TOKEN_URI = "/user-service" + "/api/v1/users/token/refresh";
/** /**
* 요청에 대한 사용자의 권한여부 체크하여 true/false 리턴한다 * 요청에 대한 사용자의 권한여부 체크하여 true/false 리턴한다 헤더에 토큰이 있으면 유효성을 체크한다.
* 헤더에 토큰이 있으면 유효성을 체크한다.
* *
* @param authentication * @param authentication
* @param context * @param context
@@ -63,27 +62,34 @@ public class ReactiveAuthorization implements ReactiveAuthorizationManager<Autho
* @see WebFluxSecurityConfig * @see WebFluxSecurityConfig
*/ */
@Override @Override
public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, AuthorizationContext context) { public Mono<AuthorizationDecision> check(Mono<Authentication> authentication,
AuthorizationContext context) {
ServerHttpRequest request = context.getExchange().getRequest(); ServerHttpRequest request = context.getExchange().getRequest();
RequestPath requestPath = request.getPath(); RequestPath requestPath = request.getPath();
HttpMethod httpMethod = request.getMethod(); HttpMethod httpMethod = request.getMethod();
String baseUrl = APIGATEWAY_HOST + AUTHORIZATION_URI + "?httpMethod=" + httpMethod + "&requestPath=" + requestPath; String baseUrl =
APIGATEWAY_HOST + AUTHORIZATION_URI + "?httpMethod=" + httpMethod + "&requestPath="
+ requestPath;
log.info("baseUrl={}", baseUrl); log.info("baseUrl={}", baseUrl);
String authorizationHeader = ""; String authorizationHeader = "";
if (request.getHeaders().containsKey(HttpHeaders.AUTHORIZATION)
&& StringUtils.hasLength( List<String> authorizations =
request.getHeaders().get(HttpHeaders.AUTHORIZATION).get(0)) request.getHeaders().containsKey(HttpHeaders.AUTHORIZATION) ?
&& !"undefined".equals(request.getHeaders().get(HttpHeaders.AUTHORIZATION).get(0)) request.getHeaders().get(HttpHeaders.AUTHORIZATION) : null;
if (authorizations != null && authorizations.size() > 0
&& StringUtils.hasLength(authorizations.get(0))
&& !"undefined".equals(authorizations.get(0))
) { ) {
try { try {
authorizationHeader = request.getHeaders().get(HttpHeaders.AUTHORIZATION).get(0); authorizationHeader = authorizations.get(0);
String jwt = authorizationHeader.replace("Bearer", ""); String jwt = authorizationHeader.replace("Bearer", "");
String subject = Jwts.parser().setSigningKey(TOKEN_SECRET) String subject = Jwts.parser().setSigningKey(TOKEN_SECRET)
.parseClaimsJws(jwt) .parseClaimsJws(jwt)
.getBody() .getBody()
.getSubject(); .getSubject();
// refresh token 요청 시 토큰 검증만 하고 인가 처리 한다. // refresh token 요청 시 토큰 검증만 하고 인가 처리 한다.
if (REFRESH_TOKEN_URI.equals(requestPath + "")) { if (REFRESH_TOKEN_URI.equals(requestPath + "")) {
@@ -105,16 +111,16 @@ public class ReactiveAuthorization implements ReactiveAuthorizationManager<Autho
} }
} }
Boolean granted = false; boolean granted = false;
try { try {
String token = authorizationHeader; // Variable used in lambda expression should be final or effectively final String token = authorizationHeader; // Variable used in lambda expression should be final or effectively final
Mono<Boolean> body = WebClient.create(baseUrl) Mono<Boolean> body = WebClient.create(baseUrl)
.get() .get()
.headers(httpHeaders -> { .headers(httpHeaders -> {
httpHeaders.add(HttpHeaders.AUTHORIZATION, token); httpHeaders.add(HttpHeaders.AUTHORIZATION, token);
}) })
.retrieve().bodyToMono(Boolean.class); .retrieve().bodyToMono(Boolean.class);
granted = body.block(); granted = body.blockOptional().orElse(false);
log.info("Security AuthorizationDecision granted={}", granted); log.info("Security AuthorizationDecision granted={}", granted);
} catch (Exception e) { } catch (Exception e) {
log.error("인가 서버에 요청 중 오류 : {}", e.getMessage()); log.error("인가 서버에 요청 중 오류 : {}", e.getMessage());