default

Author: boorownie

README.md

@@ -1 +1 @@
-# spring-security-oauth2
+# spring-security

build.gradle

@@ -1,26 +1,29 @@
 plugins {
-    id 'org.springframework.boot' version '2.7.1'
-    id 'io.spring.dependency-management' version '1.0.11.RELEASE'
     id 'java'
+    id 'org.springframework.boot' version '3.3.4'
+    id 'io.spring.dependency-management' version '1.1.6'
 }
 
 group = 'nextstep'
 version = '0.0.1-SNAPSHOT'
-sourceCompatibility = '11'
+
+java {
+    toolchain {
+        languageVersion = JavaLanguageVersion.of(21)
+    }
+}
 
 repositories {
     mavenCentral()
 }
 
 dependencies {
-//    implementation 'org.springframework.boot:spring-boot-starter-security'
     implementation 'org.springframework.boot:spring-boot-starter-web'
+    implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
+    implementation 'org.springframework.boot:spring-boot-starter-aop'
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
-    testImplementation 'org.springframework.security:spring-security-test'
-
-    testImplementation 'io.rest-assured:rest-assured:4.4.0'
 }
 
-tasks.named('test') {
+test {
     useJUnitPlatform()
-}
+}

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.1-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
-zipStorePath=wrapper/dists
+zipStorePath=wrapper/dists

settings.gradle

@@ -1,13 +1,13 @@
-package nextstep;
+package nextstep.app;
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 
 @SpringBootApplication
-public class SecurityAuthenticationApplication {
+public class SecurityApplication {
 
     public static void main(String[] args) {
-        SpringApplication.run(SecurityAuthenticationApplication.class, args);
+        SpringApplication.run(SecurityApplication.class, args);
     }
 
 }

src/main/java/nextstep/SecurityAuthenticationApplication.java renamed to src/main/java/nextstep/app/SecurityApplication.java

@@ -0,0 +1,108 @@
+package nextstep.app;
+
+import nextstep.app.domain.Member;
+import nextstep.app.domain.MemberRepository;
+import nextstep.security.access.AnyRequestMatcher;
+import nextstep.security.access.MvcRequestMatcher;
+import nextstep.security.access.RequestMatcherEntry;
+import nextstep.security.access.hierarchicalroles.RoleHierarchy;
+import nextstep.security.access.hierarchicalroles.RoleHierarchyImpl;
+import nextstep.security.authentication.AuthenticationException;
+import nextstep.security.authentication.BasicAuthenticationFilter;
+import nextstep.security.authentication.UsernamePasswordAuthenticationFilter;
+import nextstep.security.authorization.*;
+import nextstep.security.config.DefaultSecurityFilterChain;
+import nextstep.security.config.DelegatingFilterProxy;
+import nextstep.security.config.FilterChainProxy;
+import nextstep.security.config.SecurityFilterChain;
+import nextstep.security.context.SecurityContextHolderFilter;
+import nextstep.security.userdetails.UserDetails;
+import nextstep.security.userdetails.UserDetailsService;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.EnableAspectJAutoProxy;
+import org.springframework.http.HttpMethod;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
+@EnableAspectJAutoProxy
+@Configuration
+public class SecurityConfig {
+
+    private final MemberRepository memberRepository;
+
+    public SecurityConfig(MemberRepository memberRepository) {
+        this.memberRepository = memberRepository;
+    }
+
+    @Bean
+    public DelegatingFilterProxy delegatingFilterProxy() {
+        return new DelegatingFilterProxy(filterChainProxy(List.of(securityFilterChain())));
+    }
+
+    @Bean
+    public FilterChainProxy filterChainProxy(List<SecurityFilterChain> securityFilterChains) {
+        return new FilterChainProxy(securityFilterChains);
+    }
+
+    @Bean
+    public SecuredMethodInterceptor securedMethodInterceptor() {
+        return new SecuredMethodInterceptor();
+    }
+
+    @Bean
+    public SecurityFilterChain securityFilterChain() {
+        return new DefaultSecurityFilterChain(
+                List.of(
+                        new SecurityContextHolderFilter(),
+                        new UsernamePasswordAuthenticationFilter(userDetailsService()),
+                        new BasicAuthenticationFilter(userDetailsService()),
+                        new AuthorizationFilter(requestAuthorizationManager())
+                )
+        );
+    }
+
+    @Bean
+    public RoleHierarchy roleHierarchy() {
+        return RoleHierarchyImpl.with()
+                .role("ADMIN").implies("USER")
+                .build();
+    }
+
+    @Bean
+    public RequestAuthorizationManager requestAuthorizationManager() {
+        List<RequestMatcherEntry<AuthorizationManager>> mappings = new ArrayList<>();
+        mappings.add(new RequestMatcherEntry<>(new MvcRequestMatcher(HttpMethod.GET, "/members"), new AuthorityAuthorizationManager(roleHierarchy(), "ADMIN")));
+        mappings.add(new RequestMatcherEntry<>(new MvcRequestMatcher(HttpMethod.GET, "/members/me"), new AuthorityAuthorizationManager(roleHierarchy(), "USER")));
+        mappings.add(new RequestMatcherEntry<>(new MvcRequestMatcher(HttpMethod.GET, "/search"), new PermitAllAuthorizationManager()));
+        mappings.add(new RequestMatcherEntry<>(AnyRequestMatcher.INSTANCE, new PermitAllAuthorizationManager()));
+        return new RequestAuthorizationManager(mappings);
+    }
+
+    @Bean
+    public UserDetailsService userDetailsService() {
+        return username -> {
+            Member member = memberRepository.findByEmail(username)
+                    .orElseThrow(() -> new AuthenticationException("존재하지 않는 사용자입니다."));
+
+            return new UserDetails() {
+                @Override
+                public String getUsername() {
+                    return member.getEmail();
+                }
+
+                @Override
+                public String getPassword() {
+                    return member.getPassword();
+                }
+
+                @Override
+                public Set<String> getAuthorities() {
+                    return member.getRoles();
+                }
+            };
+        };
+    }
+}

src/main/java/nextstep/app/SecurityConfig.java

@@ -7,4 +7,6 @@ public interface MemberRepository {
     Optional<Member> findByEmail(String email);
 
     List<Member> findAll();
+
+    Member save(Member member);
 }

src/main/java/nextstep/app/application/MemberUserDetailsService.java

@@ -10,7 +10,7 @@
 @Repository
 public class InmemoryMemberRepository implements MemberRepository {
     public static final Member ADMIN_MEMBER = new Member("[email protected]", "password", "a", "", Set.of("ADMIN"));
-    public static final Member USER_MEMBER = new Member("[email protected]", "password", "b", "", Collections.emptySet());
+    public static final Member USER_MEMBER = new Member("[email protected]", "password", "b", "", Set.of("USER"));
     private static final Map<String, Member> members = new HashMap<>();
 
     static {
@@ -27,4 +27,10 @@ public Optional<Member> findByEmail(String email) {
     public List<Member> findAll() {
         return members.values().stream().collect(Collectors.toUnmodifiableList());
     }
+
+    @Override
+    public Member save(Member member) {
+        members.put(member.getEmail(), member);
+        return member;
+    }
 }