officer/egovframe-msa-edu
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: contribution branch 반영

Browse Source
This commit is contained in:
yongfire38
2024-05-27 17:44:12 +09:00
parent 8c1401b6c0
commit f082637aac
47 changed files with 905 additions and 11905 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
backend/user-service/build.gradle
View File

@@ -1,14 +1,14 @@
plugins {
id 'org.springframework.boot' version '2.7.0'
id "org.sonarqube" version "2.7"
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
id 'org.springframework.boot' version '2.7.12'
id 'org.sonarqube' version '3.5.0.2730'
id 'io.spring.dependency-management' version '1.1.0'
// querydsl
id 'com.ewerk.gradle.plugins.querydsl' version '1.0.10'
id 'java'
}
group = 'org.egovframe.cloud'
version = '0.1'
version = '1.0.0'
sourceCompatibility = '1.8'
configurations {
@@ -23,14 +23,14 @@ repositories {
}
ext {
set('springCloudVersion', "2021.0.3")
set('log4j2.version', "2.17.2") // log4j 보안 패치
set('springCloudVersion', '2021.0.7')
set('log4j2.version', '2.20.0') // log4j 보안 패치
}
dependencies {
// implementation files('../../module-common/build/libs/module-common-0.1.jar') // 공통 모듈, @ComponentScan(basePackages={"org.egovframe.cloud"}) 추가해야 적용된다
implementation 'org.egovframe.cloud:module-common:0.1'
implementation('org.egovframe.rte:org.egovframe.rte.fdl.cmmn:4.1.0') {
// implementation files('../module-common/build/libs/module-common-4.2.0-plain.jar') // 공통 모듈, @ComponentScan(basePackages={"org.egovframe.cloud"}) 추가해야 적용된다
implementation 'org.egovframe.cloud:module-common:4.2.0'
implementation('org.egovframe.rte:org.egovframe.rte.fdl.cmmn:4.2.0') {
exclude group: 'org.egovframe.rte', module: 'org.egovframe.rte.fdl.logging'
}
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
@@ -50,9 +50,9 @@ dependencies {
implementation 'org.apache.tomcat.embed:tomcat-embed-core:9.0.73'
implementation 'org.apache.tomcat.embed:tomcat-embed-el:9.0.73'
implementation 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.73'
implementation 'net.logstash.logback:logstash-logback-encoder:7.2' // logstash logback
implementation 'mysql:mysql-connector-java'
implementation 'io.jsonwebtoken:jjwt:0.9.1'
implementation 'net.logstash.logback:logstash-logback-encoder:7.4' // logstash logback
implementation 'mysql:mysql-connector-java:8.0.33'
implementation 'io.jsonwebtoken:jjwt:0.9.1'
// querydsl
implementation 'com.querydsl:querydsl-jpa:5.0.0'
annotationProcessor 'com.querydsl:querydsl-apt:5.0.0'
@@ -61,10 +61,10 @@ dependencies {
implementation 'org.ehcache:ehcache'
implementation 'javax.cache:cache-api' // expiry를 위해 필요
implementation 'com.google.api-client:google-api-client:1.35.1'
implementation 'com.google.api-client:google-api-client:2.2.0'
// openapi docs
implementation 'org.springdoc:springdoc-openapi-webmvc-core:1.6.9'
implementation 'org.springdoc:springdoc-openapi-webmvc-core:1.7.0'
annotationProcessor "org.springframework.boot:spring-boot-configuration-processor"
// lombok
@@ -73,11 +73,12 @@ dependencies {
testImplementation 'org.projectlombok:lombok'
testAnnotationProcessor 'org.projectlombok:lombok'
testImplementation 'com.h2database:h2'
testImplementation 'com.github.gavlyukovskiy:p6spy-spring-boot-starter:1.8.0'
testImplementation 'com.github.gavlyukovskiy:p6spy-spring-boot-starter:1.8.1'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation 'org.springframework.security:spring-security-test'
implementation 'org.javassist:javassist:3.29.0-GA'
implementation 'org.webjars:webjars-locator-core:0.53'
}
dependencyManagement {

86
backend/user-service/src/main/java/org/egovframe/cloud/userservice/config/SecurityConfig.java
View File

@@ -2,12 +2,13 @@ package org.egovframe.cloud.userservice.config;
import lombok.RequiredArgsConstructor;
import org.egovframe.cloud.userservice.service.user.UserService;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import static org.egovframe.cloud.common.config.GlobalConstant.SECURITY_PERMITALL_ANTPATTERNS;
@@ -31,57 +32,50 @@ import static org.egovframe.cloud.common.config.GlobalConstant.SECURITY_PERMITAL
*/
@RequiredArgsConstructor
@EnableWebSecurity // Spring Security 설정들을 활성화시켜 준다
public class SecurityConfig extends WebSecurityConfigurerAdapter {
public class SecurityConfig {
private final TokenProvider tokenProvider;
private final UserService userService;
private final BCryptPasswordEncoder bCryptPasswordEncoder;
@Bean
AuthenticationManager authenticationManager(AuthenticationConfiguration authConfiguration) throws Exception {
return authConfiguration.getAuthenticationManager();
}
/**
* 스프링 시큐리티 설정
*
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.headers().frameOptions().disable()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 토큰 사용하기 때문에 세션은 비활성화
.and()
.authorizeRequests()
.antMatchers(SECURITY_PERMITALL_ANTPATTERNS).permitAll()
.anyRequest().access("@authorizationService.isAuthorization(request, authentication)") // 호출 시 권한 인가 데이터 확인
.and()
.addFilter(getAuthenticationFilter())
.logout()
.logoutSuccessUrl("/");
}
/**
* 로그인 인증정보를 받아 토큰을 발급할 수 있도록 필터를 등록해준다.
*
* @return
* @throws Exception
*/
private AuthenticationFilter getAuthenticationFilter() throws Exception {
return new AuthenticationFilter(authenticationManager(), tokenProvider, userService);
}
/**
* 인증 관련 - 로그인 처리
* DB 에서 조회하여 일치하는지 체크한다.
*
* @param auth
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// userService.loadUserByUsername 메소드
auth.userDetailsService(userService).passwordEncoder(bCryptPasswordEncoder);
}
@Bean
public SecurityFilterChain configure(HttpSecurity http) throws Exception {
AuthenticationManager authenticationManager = authenticationManager(http.getSharedObject(AuthenticationConfiguration.class));
/**
* 로그인 인증정보를 받아 토큰을 발급할 수 있도록 필터를 등록해준다.
*
* @return
* @throws Exception
*/
AuthenticationFilter authenticationFilter = new AuthenticationFilter(authenticationManager, tokenProvider, userService);
http
.csrf().disable().headers().frameOptions().disable()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 토큰 사용하기 때문에 세션은 비활성화
.and()
.authorizeRequests()
.antMatchers(SECURITY_PERMITALL_ANTPATTERNS).permitAll()
.anyRequest().access("@authorizationService.isAuthorization(request, authentication)") // 호출 시 권한 인가 데이터 확인
.and()
.addFilter(authenticationFilter)
.logout()
.logoutSuccessUrl("/");
return http.build();
}
}

5
backend/user-service/src/main/resources/logback-spring.xml
View File

@@ -1,5 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<!DOCTYPE xml>
<Configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
@@ -45,4 +46,4 @@
</root>
</springProfile>
</configuration>
</Configuration>