1-1단계 - OAuth 2.0 Login, 1-2단계 - 리팩터링 & OAuth 2.0 Resource 연동 리뷰 요청드립니다. (#13)

* feat: GithubLoginRedirectFilter 추가

* feat: GithubAuthenticationFilter 추가

* feat: 새로운 멤버인 경우 회원가입 로직 추가

* feat: 두 AuthentiactionFilter를 OAuth2AuthenticationFilter로 통합

* feat: 두 LoginRedirectFilter를 OAuth2LoginRedirectFilter로 통합

* feat: OAuth2AuthenticationFilter 로직 메서드로 추출

* feat: 클라이언트 관련 값 삭제

* fix: 불필요 주석 제거

* fix: 프로퍼티 값을 Map으로 받도록 수정

* fix: 네이밍 변경 (OAuth2Client -> ClientRegistration)

* fix: Factory 클래스를 OAuth2ClientRepository 클래스로 변경

* OAuth2ClientRepository 클래스는 클라이언트 정보만 가져오도록 수정
* RequestMatcher는 필터에서 사용하도록 수정

* fix: OAuth2AuthenticationProvider에서 회원가입 로직 제거

* fix: CLIENT_ID 수정

* fix: 회원가입 로직 제외

* fix: 불필요 주석 제거

Author: jukekxm

src/main/java/nextstep/app/OAuth2Property.java

@@ -0,0 +1,26 @@
+package nextstep.app;
+
+import nextstep.security.authentication.ClientRegistration;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+import java.util.Map;
+
+@Component
+@ConfigurationProperties(prefix = "oauth2")
+public class OAuth2Property {
+
+    private Map<String, ClientRegistration> clients;
+
+    public Map<String, ClientRegistration> getClients() {
+        return clients;
+    }
+
+    public void setClients(Map<String, ClientRegistration> clients) {
+        this.clients = clients;
+    }
+
+    public ClientRegistration getClient(String key) {
+        return clients.get(key);
+    }
+}

src/main/java/nextstep/app/SecurityConfig.java

@@ -1,22 +1,19 @@
 package nextstep.app;
 
-import nextstep.app.domain.Member;
 import nextstep.app.domain.MemberRepository;
+import nextstep.app.domain.MemberService;
 import nextstep.security.access.AnyRequestMatcher;
 import nextstep.security.access.MvcRequestMatcher;
 import nextstep.security.access.RequestMatcherEntry;
 import nextstep.security.access.hierarchicalroles.RoleHierarchy;
 import nextstep.security.access.hierarchicalroles.RoleHierarchyImpl;
-import nextstep.security.authentication.AuthenticationException;
-import nextstep.security.authentication.BasicAuthenticationFilter;
-import nextstep.security.authentication.UsernamePasswordAuthenticationFilter;
+import nextstep.security.authentication.*;
 import nextstep.security.authorization.*;
 import nextstep.security.config.DefaultSecurityFilterChain;
 import nextstep.security.config.DelegatingFilterProxy;
 import nextstep.security.config.FilterChainProxy;
 import nextstep.security.config.SecurityFilterChain;
 import nextstep.security.context.SecurityContextHolderFilter;
-import nextstep.security.userdetails.UserDetails;
 import nextstep.security.userdetails.UserDetailsService;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -25,16 +22,18 @@
 
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Set;
+import java.util.Map;
 
 @EnableAspectJAutoProxy
 @Configuration
 public class SecurityConfig {
 
     private final MemberRepository memberRepository;
+    private final OAuth2Property oAuth2Property;
 
-    public SecurityConfig(MemberRepository memberRepository) {
+    public SecurityConfig(MemberRepository memberRepository, OAuth2Property oAuth2Property) {
         this.memberRepository = memberRepository;
+        this.oAuth2Property = oAuth2Property;
     }
 
     @Bean
@@ -57,6 +56,8 @@ public SecurityFilterChain securityFilterChain() {
         return new DefaultSecurityFilterChain(
                 List.of(
                         new SecurityContextHolderFilter(),
+                        new OAuth2LoginRedirectFilter(oAuth2ClientRepository()),
+                        new OAuth2AuthenticationFilter(userDetailsService(), oAuth2ClientRepository()),
                         new UsernamePasswordAuthenticationFilter(userDetailsService()),
                         new BasicAuthenticationFilter(userDetailsService()),
                         new AuthorizationFilter(requestAuthorizationManager())
@@ -82,27 +83,16 @@ public RequestAuthorizationManager requestAuthorizationManager() {
     }
 
     @Bean
-    public UserDetailsService userDetailsService() {
-        return username -> {
-            Member member = memberRepository.findByEmail(username)
-                    .orElseThrow(() -> new AuthenticationException("존재하지 않는 사용자입니다."));
-
-            return new UserDetails() {
-                @Override
-                public String getUsername() {
-                    return member.getEmail();
-                }
-
-                @Override
-                public String getPassword() {
-                    return member.getPassword();
-                }
+    public OAuth2ClientRepository oAuth2ClientRepository() {
+        return new OAuth2ClientRepository(
+                Map.of(
+                        "google", oAuth2Property.getClient("google"),
+                        "github", oAuth2Property.getClient("github")
+                ));
+    }
 
-                @Override
-                public Set<String> getAuthorities() {
-                    return member.getRoles();
-                }
-            };
-        };
+    @Bean
+    public UserDetailsService userDetailsService() {
+        return new MemberService(memberRepository);
     }
 }

src/main/java/nextstep/app/domain/MemberService.java

@@ -0,0 +1,39 @@
+package nextstep.app.domain;
+
+import nextstep.security.authentication.AuthenticationException;
+import nextstep.security.userdetails.UserDetails;
+import nextstep.security.userdetails.UserDetailsService;
+
+import java.util.Set;
+
+public class MemberService implements UserDetailsService {
+
+    private final MemberRepository memberRepository;
+
+    public MemberService(MemberRepository memberRepository) {
+        this.memberRepository = memberRepository;
+    }
+
+    @Override
+    public UserDetails loadUserByUsername(String username) {
+        Member member = memberRepository.findByEmail(username)
+                .orElseThrow(() -> new AuthenticationException("존재하지 않는 사용자입니다."));
+
+        return new UserDetails() {
+            @Override
+            public String getUsername() {
+                return member.getEmail();
+            }
+
+            @Override
+            public String getPassword() {
+                return member.getPassword();
+            }
+
+            @Override
+            public Set<String> getAuthorities() {
+                return member.getRoles();
+            }
+        };
+    }
+}

src/main/java/nextstep/security/access/RegexRequestMatcher.java

@@ -0,0 +1,29 @@
+package nextstep.security.access;
+
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.http.HttpMethod;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+public class RegexRequestMatcher implements RequestMatcher {
+
+    private HttpMethod method;
+    private final Pattern pattern;
+
+    public RegexRequestMatcher(HttpMethod method, String pattern) {
+        this.method = method;
+        this.pattern = Pattern.compile(pattern);
+    }
+
+    @Override
+    public boolean matches(HttpServletRequest request) {
+        if (this.method != null && !this.method.name().equals(request.getMethod())) {
+            return false;
+        }
+
+        Matcher matcher = pattern.matcher(request.getRequestURI());
+        return matcher.matches();
+    }
+
+}

src/main/java/nextstep/security/authentication/AccessTokenResponseDTO.java

@@ -0,0 +1,23 @@
+package nextstep.security.authentication;
+
+public class AccessTokenResponseDTO {
+    private String access_token;
+    private String scope;
+    private String token_type;
+
+    public String getAccess_token() {
+        return access_token;
+    }
+
+    public String getScope() {
+        return scope;
+    }
+
+    public String getToken_type() {
+        return token_type;
+    }
+
+    public String getToken() {
+        return token_type + " " + access_token;
+    }
+}

src/main/java/nextstep/security/authentication/ClientRegistration.java

@@ -0,0 +1,81 @@
+package nextstep.security.authentication;
+
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+
+public class ClientRegistration {
+
+    private String clientId;
+    private String clientSecret;
+    private String tokenUri;
+    private String userInfoUri;
+    private String grantType;
+    private String redirectUri;
+    private String loginRedirectUri;
+
+    public String getUserInfoUri() {
+        return userInfoUri;
+    }
+
+    public void setUserInfoUri(String userInfoUri) {
+        this.userInfoUri = userInfoUri;
+    }
+
+    public String getTokenUri() {
+        return tokenUri;
+    }
+
+    public void setTokenUri(String tokenUri) {
+        this.tokenUri = tokenUri;
+    }
+
+    public String getClientSecret() {
+        return clientSecret;
+    }
+
+    public void setClientSecret(String clientSecret) {
+        this.clientSecret = clientSecret;
+    }
+
+    public String getClientId() {
+        return clientId;
+    }
+
+    public void setClientId(String clientId) {
+        this.clientId = clientId;
+    }
+
+    public String getRedirectUri() {
+        return redirectUri;
+    }
+
+    public void setRedirectUri(String redirectUri) {
+        this.redirectUri = redirectUri;
+    }
+
+    public String getGrantType() {
+        return grantType;
+    }
+
+    public void setGrantType(String grantType) {
+        this.grantType = grantType;
+    }
+
+    public String getLoginRedirectUri() {
+        return loginRedirectUri;
+    }
+
+    public void setLoginRedirectUri(String loginRedirectUri) {
+        this.loginRedirectUri = loginRedirectUri;
+    }
+
+    public MultiValueMap<String, String> getParamsForToken(String code) {
+        MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
+        params.add("code", code);
+        params.add("client_id", clientId);
+        params.add("client_secret", clientSecret);
+        params.add("grant_type", grantType);
+        params.add("redirect_uri", redirectUri);
+        return params;
+    }
+}

src/main/java/nextstep/security/authentication/OAuth2AuthenticationFilter.java

@@ -0,0 +1,89 @@
+package nextstep.security.authentication;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import nextstep.security.access.RegexRequestMatcher;
+import nextstep.security.context.HttpSessionSecurityContextRepository;
+import nextstep.security.context.SecurityContext;
+import nextstep.security.context.SecurityContextHolder;
+import nextstep.security.userdetails.UserDetailsService;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.ResponseEntity;
+import org.springframework.util.MultiValueMap;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.util.List;
+
+public class OAuth2AuthenticationFilter extends OncePerRequestFilter {
+
+    private final RestTemplate restTemplate = new RestTemplate();
+    private static final RegexRequestMatcher OAUTH2_AUTHENTICATION_REQUEST_MATCHER = new RegexRequestMatcher(HttpMethod.GET, "/login/oauth2/code/.*");
+    private final HttpSessionSecurityContextRepository securityContextRepository = new HttpSessionSecurityContextRepository();
+    private final AuthenticationManager authenticationManager;
+    private final OAuth2ClientRepository oAuth2ClientRepository;
+
+    public OAuth2AuthenticationFilter(UserDetailsService userDetailsService, OAuth2ClientRepository oAuth2ClientRepository) {
+        this.authenticationManager = new ProviderManager(
+                List.of(new OAuth2AuthenticationProvider(userDetailsService)));
+        this.oAuth2ClientRepository = oAuth2ClientRepository;
+    }
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+
+        if (!OAUTH2_AUTHENTICATION_REQUEST_MATCHER.matches(request)) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+
+        String clientRegistrationId = extractRegistrationId(request);
+        ClientRegistration clientRegistration = oAuth2ClientRepository.findByRegistrationId(clientRegistrationId);
+        if (clientRegistration == null) {
+            throw new AuthenticationException();
+        }
+
+        String code = request.getParameter("code");
+        String token = getAccessToken(clientRegistration, code);
+        UserProfile userProfile = getUserProfile(token, clientRegistration);
+
+        UsernamePasswordAuthenticationToken unauthenticated = UsernamePasswordAuthenticationToken.unauthenticated(userProfile.getEmail(), null);
+        Authentication authenticated = authenticationManager.authenticate(unauthenticated);
+        saveSecurityContext(request, response, authenticated);
+
+        response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
+        response.sendRedirect("/");
+    }
+
+    private static String extractRegistrationId(HttpServletRequest request) {
+        return request.getRequestURI().substring("/login/oauth2/code/".length());
+    }
+
+    private String getAccessToken(ClientRegistration clientRegistration, String code) {
+        String tokenUri = clientRegistration.getTokenUri();
+        MultiValueMap<String, String> paramsForToken = clientRegistration.getParamsForToken(code);
+        AccessTokenResponseDTO tokenResponse = restTemplate.postForObject(tokenUri, paramsForToken, AccessTokenResponseDTO.class);
+        return tokenResponse.getToken();
+    }
+
+    private UserProfile getUserProfile(String token, ClientRegistration clientRegistration) {
+        HttpHeaders headers = new HttpHeaders();
+        headers.set("Authorization", token);
+        HttpEntity<Object> httpEntity = new HttpEntity<>(headers);
+        String userInfoUri = clientRegistration.getUserInfoUri();
+        ResponseEntity<UserProfile> userProfileDTOResponseEntity = restTemplate.exchange(userInfoUri, HttpMethod.GET, httpEntity, UserProfile.class);
+        return userProfileDTOResponseEntity.getBody();
+    }
+
+    private void saveSecurityContext(HttpServletRequest request, HttpServletResponse response, Authentication authenticated) {
+        SecurityContext context = SecurityContextHolder.createEmptyContext();
+        context.setAuthentication(authenticated);
+        SecurityContextHolder.setContext(context);
+        securityContextRepository.saveContext(context, request, response);
+    }
+}