(코드는 계속해서 수정 중,,,,틀린 부분 있을 가능성 다분,,,기록용,,,)
build.gradle
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
}
application.yml
security:
oauth2:
client:
registration:
google:
client-id: "보안 주의!"
client-secret: "보안 주의!"
scope: profile, email
redirect-uri: http://localhost:8080/login/oauth2/code/google
provider:
google:
authorization-uri: https://accounts.google.com/o/oauth2/auth
token-uri: https://oauth2.googleapis.com/token
user-info-uri: https://www.googleapis.com/oauth2/v2/userinfoyml 파일은 꼭 .gitignore로 관리해서 개인의 키나 비밀번호가 유출되지 않도록 하는 것이 좋다!!! 특히 AWS 관련 정보,,, 진짜 찾아보면 과금 폭탄 맞는 사람이 여럿 보인다.
client-id, secret를 받기 위해서는 여기로 가보시라....!
LoginDTO
package com.example.demo.dto;
import lombok.Getter;
import lombok.Setter;
@Getter
@Setter
public class LoginDTO {
String id;
String email;
String nickname;
}
LoginService
package com.example.demo.service;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.stereotype.Service;
import java.util.Collections;
import java.util.Map;
@Service
public class LoginService extends DefaultOAuth2UserService {
private static final String ALLOWED_DOMAIN = "@dgu.ac.kr";
@Override
public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
OAuth2User oAuth2User = super.loadUser(userRequest);
// 사용자 정보를 추가로 처리
Map<String, Object> attributes = oAuth2User.getAttributes();
String email = (String) attributes.get("email");
// 이메일 도메인 검증
if (!email.endsWith(ALLOWED_DOMAIN)) {
throw new OAuth2AuthenticationException("허용되지 않는 이메일 도메인입니다.");
}
// 사용자 정보를 포함한 커스터마이징된 OAuth2User 객체 생성
return new DefaultOAuth2User(
Collections.singleton(new SimpleGrantedAuthority("ROLE_USER")),
attributes,
"email"
);
}
}LoginController
package com.example.demo.controller;
import com.example.demo.dto.LoginDTO;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
@Controller
public class LoginController {
@GetMapping("/login")
public String login() {
return "loginPage"; // Ensure this matches the name of your loginPage.html file
}
@GetMapping("/home")
public String home(Model model, @AuthenticationPrincipal OAuth2User principal) {
if (principal != null) {
String id = principal.getAttribute("sub");
String email = principal.getAttribute("email");
String nickname = principal.getAttribute("name");
LoginDTO loginDTO = new LoginDTO();
loginDTO.setId(id);
loginDTO.setEmail(email);
loginDTO.setNickname(nickname);
model.addAttribute("user", loginDTO);
} else {
model.addAttribute("user", null);
}
return "home";
}
}OAuth2ClientConfig
package com.example.demo;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.client.*;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
@Configuration
public class OAuth2ClientConfig {
@Value("${spring.security.oauth2.client.registration.google.client-id}")
private String clientId;
@Value("${spring.security.oauth2.client.registration.google.client-secret}")
private String clientSecret;
@Bean
public ClientRegistrationRepository clientRegistrationRepository() {
ClientRegistration registration = ClientRegistration.withRegistrationId("google")
.clientId(clientId)
.clientSecret(clientSecret)
.scope("profile", "email")
.authorizationUri("https://accounts.google.com/o/oauth2/auth")
.tokenUri("https://oauth2.googleapis.com/token")
.userInfoUri("https://www.googleapis.com/oauth2/v2/userinfo")
.redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.clientName("Google")
.build();
return new InMemoryClientRegistrationRepository(registration);
}
@Bean
public OAuth2AuthorizedClientService authorizedClientService(ClientRegistrationRepository clientRegistrationRepository) {
return new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository);
}
@Bean
public OAuth2AuthorizedClientRepository authorizedClientRepository(OAuth2AuthorizedClientService authorizedClientService) {
return new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(authorizedClientService);
}
@Bean
public OAuth2AuthorizedClientManager authorizedClientManager(
ClientRegistrationRepository clientRegistrationRepository,
OAuth2AuthorizedClientRepository authorizedClientRepository) {
OAuth2AuthorizedClientProvider authorizedClientProvider = OAuth2AuthorizedClientProviderBuilder.builder()
.authorizationCode()
.refreshToken()
.clientCredentials()
.password()
.build();
DefaultOAuth2AuthorizedClientManager authorizedClientManager =
new DefaultOAuth2AuthorizedClientManager(clientRegistrationRepository, authorizedClientRepository);
authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
return authorizedClientManager;
}
}SecurityConfig
package com.example.demo;
import com.example.demo.service.LoginService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private LoginService loginService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/login", "/oauth2/**").permitAll()
.anyRequest().authenticated()
.and()
.oauth2Login()
.loginPage("/login")
.defaultSuccessUrl("/home")
.failureUrl("/login?error=true")
.userInfoEndpoint()
.userService(loginService);
}
}- SecurityConfig: Spring Security 설정을 관리하며, 애플리케이션의 보안 규칙과 인증/인가 절차를 정의
- OAuth2ClientConfig: OAuth2 클라이언트 설정을 관리하며, 구글 등의 외부 인증 제공자와의 상호작용을 위한 설정을 정의
이것저것 학습 기록장