[임지영] 1단계 OAuth 2.0 Login, 리팩터링 & OAuth 2.0 Resource 연동 (#12)

* feat: 1-1 미션 페어 프로그래밍

* feat: antMatcher 클래스 추가

* feat: OAuth2RedirectFilter 추가

* feat: Oauth2 프로퍼티용 객체 추가

* refactor: 클래스 이름 변경

* feat: OAuth2RegistrationRepository 생성

* feat: EnableConfigurationProperties 설정 추가, test 이름 변경

* feat: application-test.yml 작성 후 OAuth2PropertiesRedirectFilterTest 테스트 통과

* feat: redirectFilter에 벤더사 설정이 없으면 404 반환한다

* feat: google oauth2 테스트 코드 추가

* feat: include 에 oauth2 추가

* feat: AntRequestMatcher 검증에 AntPathMatcher 사용하도록 변경

* feat: Registration 프로퍼티에 token-uri 추가

* feat: matchRedirectUrl redirectUrl 판단하도록 메소드 추가

* feat: /login/oauth/access_token WireMock 테스트 완료

* feat: OAuth2Parameter 클래스 추가

* feat: accessToken 가져오는 부분 클래스로 변경

* feat: OAuth2 용 UserDetailsService 추가

* feat: vendor 사 반환 코드 추가

* feat: vendor 사 List로 받을 수 있도록 변경

* feat: OAuth2UserDetailsAuthenticationToken 추가

* feat: oauth2UserDetailsServiceResolver 가 user 정보 가져오도록 변경

* feat: yml 파일 속성 추가

* feat: config 수정

* refactor: test 클래스명 변경

* feat: 인증 성공 처리용 OAuth2AuthenticationSuccessHandler 추가

* feat: OAuth2UserDetail 에 getAuthorities 추가

* feat: MemberService 추가

* feat: OAuth2AuthenticationSuccessHandlerImpl에 member 저장하는 코드 추가

* fix: OAuth2 인증후 로그인 유저처럼 동작하는지 확인하는 테스트 코드로 수정

* feat: google 용 OAuth2 서비스 추가

* feat: google 용 설정 추가

* fix: google 용 stub 객체 분리, 깨지는 테스트 수정

* refactor: @value 주입 생성자로 받도록 수정

* fix: 필요없는 코드 제거 및 수정

* feat: response-type 제거, OAuth2Parameter에 default 값 추가

* fix: OAuth2AccessTokenRequestProvider 인터페이스 삭제 후 구현체만 남김

* feat: UrlUtils 클래스 추가

* feat: ClientRegistrationRepository 인터페이스로 변경

* feat: getRedirectUrl 가져오는 부분 기본 url 쓰도록 수정

* feat: AbstractOAuth2UserDetailService 추가해 템플릿 메소드 패턴으로 중복 제거

* refactor: 안쓰는 import문  정리

---------

Co-authored-by: im.joy <[email protected]>

Author: sazzeo

.gitignore

@@ -35,3 +35,5 @@ out/
 
 ### VS Code ###
 .vscode/
+
+application-*.yml

src/main/java/nextstep/app/InMemoryClientRegistrationRepository.java

@@ -0,0 +1,24 @@
+package nextstep.app;
+
+import jakarta.annotation.Nullable;
+import nextstep.security.properties.ClientRegistrationRepository;
+import nextstep.security.properties.OAuth2Properties;
+import nextstep.security.properties.Registration;
+import org.springframework.stereotype.Component;
+
+@Component
+public class InMemoryClientRegistrationRepository implements ClientRegistrationRepository {
+
+    private final OAuth2Properties oAuth2Properties;
+
+    public InMemoryClientRegistrationRepository(final OAuth2Properties oAuth2Properties) {
+        this.oAuth2Properties = oAuth2Properties;
+    }
+
+    @Override
+    @Nullable
+    public Registration findRegistrationById(final String id) {
+        return oAuth2Properties.getRegistration(id);
+    }
+
+}

src/main/java/nextstep/app/SecurityApplication.java

@@ -1,9 +1,13 @@
 package nextstep.app;
 
+import nextstep.security.properties.OAuth2Properties;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+
 
 @SpringBootApplication
+@EnableConfigurationProperties(OAuth2Properties.class)
 public class SecurityApplication {
 
     public static void main(String[] args) {

src/main/java/nextstep/app/SecurityConfig.java

@@ -1,7 +1,9 @@
 package nextstep.app;
 
+import nextstep.app.application.MemberService;
 import nextstep.app.domain.Member;
 import nextstep.app.domain.MemberRepository;
+import nextstep.app.oauth2.OAuth2AuthenticationSuccessHandlerImpl;
 import nextstep.security.access.AnyRequestMatcher;
 import nextstep.security.access.MvcRequestMatcher;
 import nextstep.security.access.RequestMatcherEntry;
@@ -15,7 +17,13 @@
 import nextstep.security.config.DelegatingFilterProxy;
 import nextstep.security.config.FilterChainProxy;
 import nextstep.security.config.SecurityFilterChain;
+import nextstep.security.context.HttpSessionSecurityContextRepository;
 import nextstep.security.context.SecurityContextHolderFilter;
+import nextstep.security.oauth2.OAuth2AuthenticationFilter;
+import nextstep.security.oauth2.OAuth2AuthenticationSuccessHandler;
+import nextstep.security.oauth2.OAuth2RedirectFilter;
+import nextstep.security.oauth2.userdetails.OAuth2UserDetailsService;
+import nextstep.security.properties.ClientRegistrationRepository;
 import nextstep.security.userdetails.UserDetails;
 import nextstep.security.userdetails.UserDetailsService;
 import org.springframework.context.annotation.Bean;
@@ -32,17 +40,26 @@
 public class SecurityConfig {
 
     private final MemberRepository memberRepository;
+    private final ClientRegistrationRepository clientRegistrationRepository;
+    private final List<OAuth2UserDetailsService> oAuth2UserDetailsServices;
 
-    public SecurityConfig(MemberRepository memberRepository) {
+    private final MemberService memberService;
+
+    public SecurityConfig(final MemberRepository memberRepository,
+                          final InMemoryClientRegistrationRepository clientRegistrationRepository,
+                          final List<OAuth2UserDetailsService> oAuth2UserDetailsServices,
+                          final MemberService memberService) {
         this.memberRepository = memberRepository;
+        this.clientRegistrationRepository = clientRegistrationRepository;
+        this.oAuth2UserDetailsServices = oAuth2UserDetailsServices;
+        this.memberService = memberService;
     }
 
     @Bean
     public DelegatingFilterProxy delegatingFilterProxy() {
         return new DelegatingFilterProxy(filterChainProxy(List.of(securityFilterChain())));
     }
 
-    @Bean
     public FilterChainProxy filterChainProxy(List<SecurityFilterChain> securityFilterChains) {
         return new FilterChainProxy(securityFilterChains);
     }
@@ -54,21 +71,25 @@ public SecuredMethodInterceptor securedMethodInterceptor() {
 
     @Bean
     public SecurityFilterChain securityFilterChain() {
-        return new DefaultSecurityFilterChain(
-                List.of(
-                        new SecurityContextHolderFilter(),
-                        new UsernamePasswordAuthenticationFilter(userDetailsService()),
-                        new BasicAuthenticationFilter(userDetailsService()),
-                        new AuthorizationFilter(requestAuthorizationManager())
-                )
-        );
+        return new DefaultSecurityFilterChain(List.of(new SecurityContextHolderFilter(httpSessionSecurityContextRepository()),
+                new UsernamePasswordAuthenticationFilter(userDetailsService()),
+                new BasicAuthenticationFilter(userDetailsService()),
+                new OAuth2RedirectFilter(clientRegistrationRepository),
+                new OAuth2AuthenticationFilter(
+                        clientRegistrationRepository,
+                        oAuth2AuthenticationSuccessHandler(),
+                        oAuth2UserDetailsServices),
+                new AuthorizationFilter(requestAuthorizationManager())));
+    }
+
+    @Bean
+    public HttpSessionSecurityContextRepository httpSessionSecurityContextRepository() {
+        return new HttpSessionSecurityContextRepository();
     }
 
     @Bean
     public RoleHierarchy roleHierarchy() {
-        return RoleHierarchyImpl.with()
-                .role("ADMIN").implies("USER")
-                .build();
+        return RoleHierarchyImpl.with().role("ADMIN").implies("USER").build();
     }
 
     @Bean
@@ -84,8 +105,7 @@ public RequestAuthorizationManager requestAuthorizationManager() {
     @Bean
     public UserDetailsService userDetailsService() {
         return username -> {
-            Member member = memberRepository.findByEmail(username)
-                    .orElseThrow(() -> new AuthenticationException("존재하지 않는 사용자입니다."));
+            Member member = memberRepository.findByEmail(username).orElseThrow(() -> new AuthenticationException("존재하지 않는 사용자입니다."));
 
             return new UserDetails() {
                 @Override
@@ -105,4 +125,11 @@ public Set<String> getAuthorities() {
             };
         };
     }
+
+    @Bean
+    public OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler() {
+        return new OAuth2AuthenticationSuccessHandlerImpl(
+                httpSessionSecurityContextRepository(),
+                memberService);
+    }
 }

src/main/java/nextstep/app/application/MemberService.java

@@ -0,0 +1,23 @@
+package nextstep.app.application;
+
+import nextstep.app.domain.MemberRepository;
+import nextstep.app.payload.Oauth2MemberSaveDto;
+import org.springframework.stereotype.Service;
+
+@Service
+public class MemberService {
+    private final MemberRepository memberRepository;
+
+    public MemberService(final MemberRepository memberRepository) {
+        this.memberRepository = memberRepository;
+    }
+
+    public void saveOauth2Member(Oauth2MemberSaveDto dto) {
+        var member = memberRepository.findByEmail(dto.email());
+        if (member.isPresent()) {
+            return;
+        }
+        memberRepository.save(dto.toMember());
+    }
+
+}

src/main/java/nextstep/app/config/WebConfig.java

@@ -0,0 +1,13 @@
+package nextstep.app.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.client.RestTemplate;
+
+@Configuration
+public class WebConfig {
+    @Bean
+    public RestTemplate restTemplate() {
+        return new RestTemplate();
+    }
+}

src/main/java/nextstep/app/oauth2/GithubOAuth2UserDetailService.java

@@ -0,0 +1,41 @@
+package nextstep.app.oauth2;
+
+import nextstep.security.oauth2.userdetails.AbstractOAuth2UserDetailsService;
+import nextstep.security.oauth2.userdetails.OAuth2UserDetails;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import java.util.Map;
+import java.util.Set;
+
+@Component
+public class GithubOAuth2UserDetailService extends AbstractOAuth2UserDetailsService {
+    private final String userUrl;
+
+    public GithubOAuth2UserDetailService(
+            @Value("${app.oauth2.github.user-url}") final String userUrl
+    ) {
+        this.userUrl = userUrl;
+    }
+
+    @Override
+    protected OAuth2UserDetails createOauth2UserDetails(final Map<String, Object> userResponse) {
+        var email = (String) userResponse.get("email");
+        var name = (String) userResponse.get("name");
+        var avatarUrl = (String) userResponse.get("avatar_url");
+
+        return new OAuth2UserDetailsImpl(email, Map.of("name", name,
+                "avatarUrl", avatarUrl),
+                Set.of("USER"));
+    }
+
+    @Override
+    protected String getUserUrl() {
+        return this.userUrl;
+    }
+
+    @Override
+    public String getVendor() {
+        return "github";
+    }
+}

src/main/java/nextstep/app/oauth2/GoogleOAuth2UserDetailService.java

@@ -0,0 +1,38 @@
+package nextstep.app.oauth2;
+
+import nextstep.security.oauth2.userdetails.AbstractOAuth2UserDetailsService;
+import nextstep.security.oauth2.userdetails.OAuth2UserDetails;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import java.util.Map;
+import java.util.Set;
+
+@Component
+public class GoogleOAuth2UserDetailService extends AbstractOAuth2UserDetailsService {
+    private final String userUrl;
+
+    public GoogleOAuth2UserDetailService(@Value("${app.oauth2.google.user-url}") final String userUrl) {
+        this.userUrl = userUrl;
+    }
+
+    @Override
+    protected OAuth2UserDetails createOauth2UserDetails(final Map<String, Object> userResponse) {
+        var email = (String) userResponse.get("email");
+        var name = (String) userResponse.get("name");
+        var picture = (String) userResponse.get("picture");
+
+        return new OAuth2UserDetailsImpl(email, Map.of("name", name, "avatarUrl", picture), Set.of("USER"));
+
+    }
+
+    @Override
+    protected String getUserUrl() {
+        return this.userUrl;
+    }
+
+    @Override
+    public String getVendor() {
+        return "google";
+    }
+}

src/main/java/nextstep/app/oauth2/OAuth2AuthenticationSuccessHandlerImpl.java

@@ -0,0 +1,43 @@
+package nextstep.app.oauth2;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import nextstep.app.application.MemberService;
+import nextstep.app.payload.Oauth2MemberSaveDto;
+import nextstep.security.authentication.Authentication;
+import nextstep.security.authentication.OAuth2UserDetailsAuthenticationToken;
+import nextstep.security.context.HttpSessionSecurityContextRepository;
+import nextstep.security.context.SecurityContext;
+import nextstep.security.context.SecurityContextHolder;
+import nextstep.security.oauth2.OAuth2AuthenticationSuccessHandler;
+
+import java.io.IOException;
+public class OAuth2AuthenticationSuccessHandlerImpl implements OAuth2AuthenticationSuccessHandler {
+    private final HttpSessionSecurityContextRepository securityContextRepository;
+    private final MemberService memberService;
+
+    public OAuth2AuthenticationSuccessHandlerImpl(final HttpSessionSecurityContextRepository securityContextRepository,
+                                                  final MemberService memberService) {
+        this.securityContextRepository = securityContextRepository;
+        this.memberService = memberService;
+    }
+
+    @Override
+    public void onSuccess(final HttpServletRequest request, final HttpServletResponse response, final Authentication authentication) throws IOException {
+        if (authentication instanceof OAuth2UserDetailsAuthenticationToken authToken) {
+            var otherDetails = authToken.getOAuth2OtherDetails();
+            memberService.saveOauth2Member(new Oauth2MemberSaveDto(
+                    (String) authToken.getPrincipal(),
+                    otherDetails.get("name"),
+                    otherDetails.get("avatar_url")
+            ));
+        } else {
+            throw new IllegalArgumentException("유효한 토큰타입이 아닙니다.");
+        }
+
+        SecurityContext context = new SecurityContext(authentication);
+        SecurityContextHolder.setContext(context);
+        securityContextRepository.saveContext(context, request, response);
+        response.sendRedirect("/");
+    }
+}

src/main/java/nextstep/app/oauth2/OAuth2UserDetailsImpl.java

@@ -0,0 +1,24 @@
+package nextstep.app.oauth2;
+
+import nextstep.security.oauth2.userdetails.OAuth2UserDetails;
+
+import java.util.Map;
+import java.util.Set;
+
+public record OAuth2UserDetailsImpl(String userName, Map<String, String> details, Set<String> authorities) implements OAuth2UserDetails {
+
+    @Override
+    public String getUsername() {
+        return this.userName;
+    }
+
+    @Override
+    public Map<String, String> getOthers() {
+        return this.details;
+    }
+
+    @Override
+    public Set<String> getAuthorities() {
+        return this.authorities;
+    }
+}

src/main/java/nextstep/app/payload/Oauth2MemberSaveDto.java

@@ -0,0 +1,21 @@
+package nextstep.app.payload;
+
+import nextstep.app.domain.Member;
+
+import java.util.Set;
+
+public record Oauth2MemberSaveDto(
+        String email,
+        String name,
+        String imageUrl) {
+
+    public Member toMember() {
+        return new Member(
+                email,
+                null,
+                name,
+                imageUrl,
+                Set.of("USER")
+        );
+    }
+}

src/main/java/nextstep/security/access/AntRequestMatcher.java

@@ -0,0 +1,25 @@
+package nextstep.security.access;
+
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.http.HttpMethod;
+import org.springframework.util.AntPathMatcher;
+
+public class AntRequestMatcher implements RequestMatcher {
+    private final HttpMethod method;
+    private final String pattern;
+    private final AntPathMatcher antPathMatcher = new AntPathMatcher();
+
+    public AntRequestMatcher(HttpMethod method, String pattern) {
+        this.method = method;
+        this.pattern = pattern;
+    }
+
+    @Override
+    public boolean matches(HttpServletRequest request) {
+        if (this.method != null && !this.method.name().equals(request.getMethod())) {
+            return false;
+        }
+        String requestURI = request.getRequestURI();
+        return antPathMatcher.match(pattern, requestURI);
+    }
+}