2021-08-02

2021-08-02 17:02:06 +09:00
parent 7d3ad1cce0
commit d45139dd58
79 changed files with 1685 additions and 152 deletions
--- a/security-with-jpa/README.md
+++ b/security-with-jpa/README.md
@@ -0,0 +1,11 @@
+# Security Examples
+with Spring-boot + JPA
+
+이 [예제](https://github.com/elex-project/spring-boot-security-examples)를 먼저 봐야 합니다.
+
+
+
+---
+developed by Elex
+
+https://www.elex-project.com
--- a/security-with-jpa/build.gradle.kts
+++ b/security-with-jpa/build.gradle.kts
@@ -0,0 +1,33 @@
+/*
+ * Spring-boot Examples
+ *
+ * Copyright (c) 2021. Elex. All Rights Reserved.
+ * https://www.elex-project.com/
+ */
+
+plugins {
+    id("elex-spring-boot")
+
+    id("org.springframework.boot") version "2.5.3"
+    id("io.spring.dependency-management") version "1.0.11.RELEASE"
+}
+
+dependencies {
+    implementation("org.springframework.boot:spring-boot-starter-mustache")
+    implementation("org.springframework.boot:spring-boot-starter-web")
+
+    implementation ("org.springframework.boot:spring-boot-starter-security")
+    testImplementation ("org.springframework.security:spring-security-test")
+
+    implementation ("org.springframework.boot:spring-boot-starter-data-jpa")
+    runtimeOnly("com.h2database:h2")
+
+    compileOnly("org.projectlombok:lombok")
+    developmentOnly("org.springframework.boot:spring-boot-devtools")
+    runtimeOnly("org.mariadb.jdbc:mariadb-java-client")
+
+    annotationProcessor("org.springframework.boot:spring-boot-configuration-processor")
+    annotationProcessor("org.projectlombok:lombok")
+
+    testImplementation("org.springframework.boot:spring-boot-starter-test")
+}
--- a/security-with-jpa/src/main/java/kr/pe/elex/examples/Application.java
+++ b/security-with-jpa/src/main/java/kr/pe/elex/examples/Application.java
@@ -0,0 +1,45 @@
+/*
+ * Spring-boot Examples
+ *
+ * Copyright (c) 2021. Elex. All Rights Reserved.
+ * https://www.elex-project.com/
+ */
+
+package kr.pe.elex.examples;
+
+import kr.pe.elex.examples.model.User;
+import kr.pe.elex.examples.model.UserRepository;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.CommandLineRunner;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Component;
+
+@SpringBootApplication
+public class Application {
+
+	@Autowired
+	private UserRepository repository;
+	@Autowired
+	private PasswordEncoder passwordEncoder;
+
+	public static void main(String[] args) {
+		SpringApplication.run(Application.class, args);
+	}
+
+	/**
+	 * 실제 프로젝트에서는 입력 폼을 통해서 회원 가입을 하겠지만, ...
+	 *
+	 */
+	@Component
+	public class SetupUsers implements CommandLineRunner {
+
+		@Override
+		public void run(String... args) throws Exception {
+			User user = new User("Charlie", "user1", passwordEncoder.encode("pw1"));
+			repository.save(user);
+		}
+
+	}
+}
--- a/security-with-jpa/src/main/java/kr/pe/elex/examples/MyController.java
+++ b/security-with-jpa/src/main/java/kr/pe/elex/examples/MyController.java
@@ -0,0 +1,71 @@
+/*
+ * Spring-boot Examples
+ *
+ * Copyright (c) 2021. Elex. All Rights Reserved.
+ * https://www.elex-project.com/
+ */
+
+package kr.pe.elex.examples;
+
+import kr.pe.elex.examples.model.User;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+
+@Slf4j
+@Controller
+public class MyController {
+
+	/**
+	 * 로그인한 사용자 정보를 가져오려면, Authentication을 사용합니다.
+	 * 또는, @AuthenticationPrincipal를 사용합니다.
+	 *
+	 * @param authentication
+	 * @param model
+	 * @return
+	 */
+	@GetMapping({"/"})
+	public String index(Authentication authentication, Model model) {
+		if (null != authentication) {
+			User user = (User) (authentication.getPrincipal());
+			log.info("USER: {}", user.getName());
+
+			model.addAttribute("user", user);
+		} else {
+			log.info("NO USER: ");
+		}
+		return "home";
+	}
+
+	@GetMapping({"/login"})
+	public String login() {
+
+		return "login";
+	}
+
+	@GetMapping({"/info"})
+	public String info() {
+		return "normal_info";
+	}
+
+	/**
+	 * 로그인한 사용자 정보를 가져오기 위해, @AuthenticationPrincipal를 사용합니다.
+	 *
+	 * @param user
+	 * @param model
+	 * @return
+	 */
+	@GetMapping({"/secure"})
+	public String secure(@AuthenticationPrincipal User user, Model model) {
+		if (null != user) {
+			log.info("USER: {}", user.getName());
+		} else {
+			log.info("NO USER!!");
+		}
+		model.addAttribute("user", user);
+		return "secure_info";
+	}
+}
--- a/security-with-jpa/src/main/java/kr/pe/elex/examples/SecurityConfig.java
+++ b/security-with-jpa/src/main/java/kr/pe/elex/examples/SecurityConfig.java
@@ -0,0 +1,72 @@
+/*
+ * Spring-boot Examples
+ *
+ * Copyright (c) 2021. Elex. All Rights Reserved.
+ * https://www.elex-project.com/
+ */
+
+package kr.pe.elex.examples;
+
+import org.jetbrains.annotations.NotNull;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+	@Autowired
+	private UserService userService;
+
+	@Override
+	protected void configure(@NotNull HttpSecurity http) throws Exception {
+		http.authorizeRequests()
+				.antMatchers("/", "/info", "/h2-console").permitAll() // 아무나 접근 가능
+				.antMatchers("/h2-console/**").permitAll() // H2콘솔을 쓰기 위해 추가했음
+				//.antMatchers("/admin").hasAnyRole("ADMIN")
+				.anyRequest().authenticated() // 그 외에는 인증해야 접근 가능
+				.and()
+				.formLogin()// 커스텀 로그인 폼
+				.loginPage("/login")
+				.usernameParameter("user_id") // 로그인 폼 매개변수명 지정
+				.passwordParameter("user_pw")
+				.permitAll()
+				.and()
+				.logout()// 로그아웃
+				.logoutSuccessUrl("/")
+				.permitAll()
+				//.and().httpBasic();
+				.and().csrf().ignoringAntMatchers("/h2-console/**")// H2콘솔을 쓰기 위해 추가했음
+				.and().headers().frameOptions().sameOrigin()// H2콘솔을 쓰기 위해 추가했음
+				//.and().csrf().disable()
+		;
+	}
+
+
+	@Override
+	protected void configure(@NotNull AuthenticationManagerBuilder auth) throws Exception {
+		auth.userDetailsService(userService)
+				.passwordEncoder(passwordEncoder())
+		/*auth.inMemoryAuthentication()
+				.withUser("user1")
+				.password("{noop}pw1")
+				.authorities("ROLE_USER")
+				.and()
+				.withUser("user2")
+				.password("{noop}pw2")
+				.authorities("ROLE_USER")*/
+		;
+	}
+
+	@Bean
+	public PasswordEncoder passwordEncoder() {
+		return new BCryptPasswordEncoder();
+	}
+}
--- a/security-with-jpa/src/main/java/kr/pe/elex/examples/UserService.java
+++ b/security-with-jpa/src/main/java/kr/pe/elex/examples/UserService.java
@@ -0,0 +1,37 @@
+/*
+ * Spring-boot Examples
+ *
+ * Copyright (c) 2021. Elex. All Rights Reserved.
+ * https://www.elex-project.com/
+ */
+
+package kr.pe.elex.examples;
+
+import kr.pe.elex.examples.model.User;
+import kr.pe.elex.examples.model.UserRepository;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+/**
+ * UserDetailsService를 구현해서 사용자를 조회할 수 있는 서비스를 만듭니다.
+ */
+@Slf4j
+@Service
+public class UserService implements UserDetailsService {
+	@Autowired
+	private UserRepository repository;
+
+	@Override
+	public UserDetails loadUserByUsername(final String username) throws UsernameNotFoundException {
+		final User user = repository.findByUsername(username);
+		if (null == user) {
+			throw new UsernameNotFoundException("Unable to find a user with " + username);
+		} else {
+			return user;
+		}
+	}
+}
--- a/security-with-jpa/src/main/java/kr/pe/elex/examples/WebConfig.java
+++ b/security-with-jpa/src/main/java/kr/pe/elex/examples/WebConfig.java
@@ -0,0 +1,28 @@
+/*
+ * Spring-boot Examples
+ *
+ * Copyright (c) 2021. Elex. All Rights Reserved.
+ * https://www.elex-project.com/
+ */
+
+package kr.pe.elex.examples;
+
+import kr.pe.elex.examples.model.User;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Slf4j
+@Configuration
+public class WebConfig implements WebMvcConfigurer {
+	/*
+	@Override
+	public void addViewControllers(@NotNull ViewControllerRegistry registry) {
+		registry.addViewController("/login");
+	}
+	*/
+
+}
--- a/security-with-jpa/src/main/java/kr/pe/elex/examples/model/User.java
+++ b/security-with-jpa/src/main/java/kr/pe/elex/examples/model/User.java
@@ -0,0 +1,76 @@
+/*
+ * Spring-boot Examples
+ *
+ * Copyright (c) 2021. Elex. All Rights Reserved.
+ * https://www.elex-project.com/
+ */
+
+package kr.pe.elex.examples.model;
+
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import lombok.Setter;
+import lombok.ToString;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import javax.persistence.*;
+import java.util.*;
+
+/**
+ * UserDetails를 구현해서 데이터 모델을 만듭니다.
+ */
+@Table(name = "User")
+@Entity
+@Getter
+@Setter
+@RequiredArgsConstructor
+@ToString
+public class User implements UserDetails {
+	@Column(nullable = false)
+	@Id
+	@GeneratedValue(strategy = GenerationType.AUTO)
+	private Long id;
+
+	private String username;
+	private String password;
+	private String name;
+	private String role;
+	private boolean enabled;
+
+	public User(String name, String username, String password){
+		this();
+		this.username = username;
+		this.password = password;
+		this.name = name;
+		this.role = "ROLE_USER";
+		this.enabled = true;
+
+	}
+
+	@Override
+	public Collection<? extends GrantedAuthority> getAuthorities() {
+		return Arrays.asList(new SimpleGrantedAuthority(role));
+	}
+
+	@Override
+	public boolean isAccountNonExpired() {
+		return true;
+	}
+
+	@Override
+	public boolean isAccountNonLocked() {
+		return true;
+	}
+
+	@Override
+	public boolean isCredentialsNonExpired() {
+		return true;
+	}
+
+	@Override
+	public boolean isEnabled() {
+		return enabled;
+	}
+}
--- a/security-with-jpa/src/main/java/kr/pe/elex/examples/model/UserRepository.java
+++ b/security-with-jpa/src/main/java/kr/pe/elex/examples/model/UserRepository.java
@@ -0,0 +1,16 @@
+/*
+ * Spring-boot Examples
+ *
+ * Copyright (c) 2021. Elex. All Rights Reserved.
+ * https://www.elex-project.com/
+ */
+
+package kr.pe.elex.examples.model;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+@Repository
+public interface UserRepository extends JpaRepository<User, Long> {
+	User findByUsername(String username);
+}
--- a/security-with-jpa/src/main/java/kr/pe/elex/examples/package-info.java
+++ b/security-with-jpa/src/main/java/kr/pe/elex/examples/package-info.java
@@ -0,0 +1,8 @@
+/*
+ * Spring-boot Examples
+ *
+ * Copyright (c) 2021. Elex. All Rights Reserved.
+ * https://www.elex-project.com/
+ */
+
+package kr.pe.elex.examples;
--- a/security-with-jpa/src/main/resources/application.yaml
+++ b/security-with-jpa/src/main/resources/application.yaml
@@ -0,0 +1,17 @@
+spring:
+  application:
+    name: My spring-boot project
+  mustache:
+    expose-request-attributes: true # 뷰에서 CSRF를 뿌려주기 위해서 필요합니다.
+  h2:
+    console:
+      enabled: true
+  datasource:
+    url: jdbc:h2:mem:testdb
+    driverClassName: org.h2.Driver
+    username: sa
+    password: pw
+  jpa:
+    database-platform: org.hibernate.dialect.H2Dialect
+server:
+  port: 8080
--- a/security-with-jpa/src/main/resources/banner.txt
+++ b/security-with-jpa/src/main/resources/banner.txt
@@ -0,0 +1,10 @@
+   ('-.              ('-.  ) (`-.
+ _(  OO)           _(  OO)  ( OO ).
+(,------.,--.     (,------.(_/.  \_)-.
+ |  .---'|  |.-')  |  .---' \  `.'  /
+ |  |    |  | OO ) |  |      \     /\
+(|  '--. |  |`-' |(|  '--.    \   \ |
+ |  .--'(|  '---.' |  .--'   .'    \_)
+ |  `---.|      |  |  `---. /  .'.  \
+ `------'`------'  `------''--'   '--'
+powered by ELEX
--- a/security-with-jpa/src/main/resources/logback-spring.xml
+++ b/security-with-jpa/src/main/resources/logback-spring.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ Spring-boot Examples
+  ~
+  ~ Copyright (c) 2021. Elex. All Rights Reserved.
+  ~ https://www.elex-project.com/
+  -->
+
+<configuration>
+	<include resource="org/springframework/boot/logging/logback/defaults.xml"/>
+	<include resource="org/springframework/boot/logging/logback/console-appender.xml"/>
+
+	<springProperty name="LOG_DIR" source="logging.path"
+	                defaultValue="${user.home}/logs"/>
+	<property name="LOG_PATH" value="${LOG_DIR}/stephanie.log"/>
+
+	<appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+		<encoder>
+			<pattern>${CONSOLE_LOG_PATTERN}</pattern>
+		</encoder>
+	</appender>
+
+	<appender name="ROLLING-FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+		<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+			<charset>UTF-8</charset>
+			<pattern>${FILE_LOG_PATTERN}</pattern>
+		</encoder>
+		<file>${LOG_PATH}</file>
+		<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+			<fileNamePattern>${LOG_DIR}/sebastian_%d{yyyy-MM-dd}_%i.log.gz</fileNamePattern>
+			<timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+				<maxFileSize>10MB</maxFileSize>
+			</timeBasedFileNamingAndTriggeringPolicy>
+			<maxHistory>60</maxHistory>
+		</rollingPolicy>
+	</appender>
+
+	<root level="verbose">
+		<appender-ref ref="CONSOLE"/>
+		<appender-ref ref="ROLLING-FILE"/>
+	</root>
+
+</configuration>
--- a/security-with-jpa/src/main/resources/templates/home.mustache
+++ b/security-with-jpa/src/main/resources/templates/home.mustache
@@ -0,0 +1,15 @@
+<h1>홈</h1>
+<p>테스트 페이지입니다.</p>
+{{#user}}
+	안녕, {{name}}.
+
+	<form action="/logout" method="POST">
+		{{! CSRF 토큰이 없으면 에러 남. }}
+		<input type="hidden" name="_csrf" value="{{_csrf.token}}">
+		<button type="submit">로그아웃</button>
+	</form>
+{{/user}}
+{{^user}}
+
+{{/user}}
+{{> links}}
--- a/security-with-jpa/src/main/resources/templates/links.mustache
+++ b/security-with-jpa/src/main/resources/templates/links.mustache
@@ -0,0 +1,7 @@
+<div>
+	<a href="/">홈</a> |
+	<a href="/info">일반</a> |
+	<a href="/secure">중요</a> |
+	<a href="/login">로그인</a> |
+	<a href="/h2-console">DB</a>
+</div>
--- a/security-with-jpa/src/main/resources/templates/login.mustache
+++ b/security-with-jpa/src/main/resources/templates/login.mustache
@@ -0,0 +1,11 @@
+<h1>로그인</h1>
+<form action="/login" method="POST">
+	<label for="user_id">ID:</label>
+	<input type="text" name="user_id" id="user_id"/>
+	<label for="user_pw">PW:</label>
+	<input type="password" name="user_pw" id="user_pw"/>
+	<input type="hidden" name="_csrf" value="{{_csrf.token}}">
+	<input type="submit" value="로그인"/>
+</form>
+
+{{> links}}
--- a/security-with-jpa/src/main/resources/templates/normal_info.mustache
+++ b/security-with-jpa/src/main/resources/templates/normal_info.mustache
@@ -0,0 +1,3 @@
+<h1>아무나 볼 수 있는 페이지</h1>
+<p>This page doesn't contain any Important messages.</p>
+{{> links}}
--- a/security-with-jpa/src/main/resources/templates/secure_info.mustache
+++ b/security-with-jpa/src/main/resources/templates/secure_info.mustache
@@ -0,0 +1,4 @@
+<h1>로그인해야 볼 수 있는 페이지</h1>
+<p>This page contains a Important message.</p>
+{{#user}}Hello, {{name}}{{/user}}
+{{> links}}