jwt part1

2024-06-28 07:46:02 +09:00
parent 65988afb96
commit dd9f288c59
7 changed files with 209 additions and 2 deletions
--- a/cardatabase/pom.xml
+++ b/cardatabase/pom.xml
@@ -74,6 +74,24 @@ xsi:schemaLocation="https://maven.apache.org/POM/4.0.0 https://maven.apache.org/
 		</dependency>
 		-->
 		
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-api</artifactId>
+			<version>0.11.2</version>
+		</dependency>        
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-impl</artifactId>
+			<version>0.11.2</version>
+			<scope>runtime</scope>
+		</dependency>        
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt-jackson</artifactId>
+			<version>0.11.2</version>
+			<scope>runtime</scope>
+		</dependency>        
+		

 			
 	</dependencies>
--- a/cardatabase/src/main/java/com/packt/cardatabase/AuthenticationFilter.java
+++ b/cardatabase/src/main/java/com/packt/cardatabase/AuthenticationFilter.java
@@ -0,0 +1,45 @@
+package com.packt.cardatabase;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpHeaders;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import com.packt.cardatabase.service.JwtService;
+
+
+@Component
+public class AuthenticationFilter extends OncePerRequestFilter {
+
+	@Autowired
+	private JwtService jwtService;
+	
+	@Override
+	protected void doFilterInternal(HttpServletRequest request,
+			HttpServletResponse response,
+			FilterChain filterChain)
+		throws ServletException, java.io.IOException{
+		//Authorization 헤더에서 토큰을 가져옴
+		String jws = request.getHeader(HttpHeaders.AUTHORIZATION);
+		if (jws != null) {
+			//토큰을 확인하고 사용자를 얻음
+			String user = jwtService.getAuthUser(request);
+			//인증
+			Authentication authentication = new UsernamePasswordAuthenticationToken(user, null, java.util.Collections.emptyList());
+			
+			SecurityContextHolder.getContext().setAuthentication(authentication);
+		}
+		
+		filterChain.doFilter(request, response);
+	}
+}
--- a/cardatabase/src/main/java/com/packt/cardatabase/SecurityConfig.java
+++ b/cardatabase/src/main/java/com/packt/cardatabase/SecurityConfig.java
@@ -3,10 +3,13 @@ package com.packt.cardatabase;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
 //import org.springframework.security.core.userdetails.User;
 //import org.springframework.security.core.userdetails.UserDetails;
 //import org.springframework.security.core.userdetails.UserDetailsService;
@@ -14,7 +17,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 //import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 //deprecated 
 import org.springframework.security.web.SecurityFilterChain;
-
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

 import com.packt.cardatabase.service.UserDetailsServiceImpl;
@@ -25,6 +28,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 	@Autowired
 	private UserDetailsServiceImpl userDetailsService;
 	
+	@Autowired
+	private AuthenticationFilter authenticationFilter;
 	/*
    @SuppressWarnings("deprecation")
 	@Bean
@@ -43,5 +48,24 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 		auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
 		
 	}
+	
+	@Bean
+	public AuthenticationManager getAuthenticationManager() throws Exception {
+		return authenticationManager();
+	}
+	
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		http.csrf().disable()
+			.sessionManagement()
+			.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
+			.authorizeRequests()
+			// /login 엔드포인트에 대한 post 요청은 보호되지 않음
+			.antMatchers(HttpMethod.POST, "/login").permitAll()
+			// 다른 모든 요청은 보호됨
+			.anyRequest().authenticated().and()
+			.addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
+		
+	}

 }
--- a/cardatabase/src/main/java/com/packt/cardatabase/domain/AccountCredentials.java
+++ b/cardatabase/src/main/java/com/packt/cardatabase/domain/AccountCredentials.java
@@ -0,0 +1,24 @@
+package com.packt.cardatabase.domain;
+
+public class AccountCredentials {
+	private String username;
+	private String password;
+	
+	public String getUsername() {
+		return username;
+	}
+
+	public String getPassword() {
+		return password;
+	}
+
+	public void setPassword(String password) {
+		this.password = password;
+	}
+
+	public void setUsername(String username) {
+		this.username = username;
+	}
+	
+
+}
--- a/cardatabase/src/main/java/com/packt/cardatabase/domain/UserRepository.java
+++ b/cardatabase/src/main/java/com/packt/cardatabase/domain/UserRepository.java
@@ -2,8 +2,9 @@ package com.packt.cardatabase.domain;

 import java.util.Optional;
 import org.springframework.data.repository.CrudRepository;
+import org.springframework.data.rest.core.annotation.RepositoryRestResource;

-
+@RepositoryRestResource(exported=false)
 public interface UserRepository extends CrudRepository<User, Long>{

 	Optional<User> findByUsername(String username);
--- a/cardatabase/src/main/java/com/packt/cardatabase/service/JwtService.java
+++ b/cardatabase/src/main/java/com/packt/cardatabase/service/JwtService.java
@@ -0,0 +1,48 @@
+package com.packt.cardatabase.service;
+
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.security.Keys;
+import java.security.Key;
+import org.springframework.http.HttpHeaders;
+import org.springframework.stereotype.Component;
+import javax.servlet.http.HttpServletRequest;
+import java.util.Date;
+
+@Component
+public class JwtService {
+	static final long EXPIRATIONTIME = 8640000; //1일을 밀리초로 계산한값
+	static final String PREFIX = "Bearer";
+	//비밀키 생성 , 시연용도
+	//애플리케이션 구성에서 읽을수 있음
+	static final Key key = Keys.secretKeyFor(SignatureAlgorithm.HS256);
+	
+	//서명된 JWT 토큰생성
+	public String getToken(String username) {
+		String token = Jwts.builder()
+				.setSubject(username)
+				.setExpiration(new Date(System.currentTimeMillis()+EXPIRATIONTIME))
+				.signWith(key)
+				.compact();
+		
+		return token;
+	}
+	
+	//요청권한부여 헤더에서 토큰을 가져와
+	//토큰을 확인하고 사용자 이름을 얻음
+	public String getAuthUser(HttpServletRequest request) {
+		String token = request.getHeader(HttpHeaders.AUTHORIZATION);
+		if (token != null) {
+			String user = Jwts.parserBuilder()
+					.setSigningKey(key)
+					.build()
+					.parseClaimsJws(token.replace(PREFIX, ""))
+					.getBody()
+					.getSubject();
+			if (user != null)
+				return user;
+		}
+		return null;
+	}
+
+}
--- a/cardatabase/src/main/java/com/packt/cardatabase/web/LoginController.java
+++ b/cardatabase/src/main/java/com/packt/cardatabase/web/LoginController.java
@@ -0,0 +1,47 @@
+package com.packt.cardatabase.web;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.packt.cardatabase.domain.AccountCredentials;
+import com.packt.cardatabase.service.JwtService;
+
+@RestController
+public class LoginController {
+	@Autowired
+	private JwtService jwtService;
+	
+	@Autowired
+	AuthenticationManager authenticationManager;
+	
+	@RequestMapping(value="/login", method=RequestMethod.POST)
+	public ResponseEntity<?> getToken(@RequestBody AccountCredentials credentials){
+		//토큰을 생성하고 응답의 Authorization 해더로 보냄
+		UsernamePasswordAuthenticationToken creds =
+				new UsernamePasswordAuthenticationToken(
+				credentials.getUsername(),
+				credentials.getPassword());
+		
+		Authentication auth = authenticationManager.authenticate(creds);
+		
+		//토큰생성
+		String jwts = jwtService.getToken(auth.getName());
+		
+		//생성된 토큰으로 응답을 생성
+		return ResponseEntity.ok()
+				.header(HttpHeaders.AUTHORIZATION, "Bearer " + jwts)
+				.header(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, "Authorization")
+				.build();
+		
+	}
+
+}