#4 로그인 권한 추가 및 시큐리티 수정

작동은 하지만
아직도 토큰을 발급 받은 상태에서
액션 메소드를 호출할때 인가 에러가 발생함

Author: Gun-taek

src/main/java/vigo/com/viewgorithm/config/SecurityConfig.java

@@ -1,5 +1,4 @@
 package vigo.com.viewgorithm.config;
-
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -13,26 +12,22 @@
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import vigo.com.viewgorithm.user.jwt.JwtTokenProvider;
 import vigo.com.viewgorithm.user.jwt.JwtAuthenticationFilter;
-
 @Configuration
 @EnableWebSecurity
 @RequiredArgsConstructor
-
 public class SecurityConfig {
-
     //AuthenticationManager가 인자로 받을 AuthenticationConfiguraion 객체 생성자 주입
     private final AuthenticationConfiguration authenticationConfiguration;
     private final JwtTokenProvider jwtTokenProvider;
-
     @Bean
     public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
-
         return configuration.getAuthenticationManager();
     }
 
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         // csrf disable => csrf protect disable
+
         http
                 .csrf(AbstractHttpConfigurer::disable)
                 // form 로그인 방식 disable
@@ -52,4 +47,4 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .sessionManagement((session) -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
         return http.build();
     }
-}
+}

src/main/java/vigo/com/viewgorithm/user/join/api/dto/UserDto.java

@@ -3,6 +3,8 @@
 
 import lombok.Builder;
 import lombok.Data;
+import vigo.com.viewgorithm.user.join.domain.Role;
+
 import java.util.Date;
 
 @Data
@@ -16,7 +18,7 @@ public class UserDto {
     private String email;
     private Date createdAt;
 
-    // role 을 위한 userType
-    private String userType;
+    // Role
+    private Role role;
 
 }

src/main/java/vigo/com/viewgorithm/user/join/domain/CustomUserDetails.java

@@ -10,56 +10,47 @@
 public class CustomUserDetails implements UserDetails {
 
     private final User userEntity;
-    // 생성자
+
     public CustomUserDetails(User userEntity) {
         this.userEntity = userEntity;
     }
-    // getAuthorities = 사용자 권한 반환하는 인터페이스 함수
 
     @Override
     public Collection<? extends GrantedAuthority> getAuthorities() {
         Collection<GrantedAuthority> authorities = new ArrayList<>();
-        // ArrayList 를 사용하여 권한을 저장하는 collection
+        authorities.add(() -> "ROLE_USER");
 
-        // 사용자 권한 설정
-        switch (userEntity.getUserType()) {
-            case "user":
-                authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
-                break;
-            case "admin":
-                authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
-                break;
-        }
+//        System.out.println(authorities);
         return authorities;
     }
 
     @Override
     public String getPassword() {
-        return null;
+        return userEntity.getPassword();
     }
 
     @Override
     public String getUsername() {
-        return null;
+        return userEntity.getUsername();
     }
 
     @Override
     public boolean isAccountNonExpired() {
-        return false;
+        return true; // 사용자 계정 만료 여부
     }
 
     @Override
     public boolean isAccountNonLocked() {
-        return false;
+        return true; // 사용자 계정 잠김 여부
     }
 
     @Override
     public boolean isCredentialsNonExpired() {
-        return false;
+        return true; // 사용자 자격 증명 만료 여부
     }
 
     @Override
     public boolean isEnabled() {
-        return false;
+        return true; // 사용자 활성화 여부
     }
 }

src/main/java/vigo/com/viewgorithm/user/join/domain/Role.java

@@ -0,0 +1,11 @@
+package vigo.com.viewgorithm.user.join.domain;
+
+
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+
+@Getter
+@RequiredArgsConstructor
+public enum Role {
+    ROLE_USER
+}

src/main/java/vigo/com/viewgorithm/user/join/domain/User.java

@@ -40,12 +40,10 @@ public class User implements UserDetails {
     @Temporal(TemporalType.TIMESTAMP)
     private Date createdAt;
 
-    @Column(name="user_type")
-    private String userType;
+    @Enumerated(EnumType.STRING)
+    private Role role;
 
 
-//    @Enumerated(EnumType.STRING)
-//    private Authority authority;
 
     @PrePersist
     protected void onCreate() {

src/main/java/vigo/com/viewgorithm/user/join/service/JoinService.java

@@ -4,6 +4,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
+import vigo.com.viewgorithm.user.join.domain.Role;
 import vigo.com.viewgorithm.user.join.domain.User;
 import vigo.com.viewgorithm.user.join.api.dto.UserDto;
 import vigo.com.viewgorithm.user.join.domain.repository.UserRepository;
@@ -30,6 +31,7 @@ public String userJoin(UserDto userDto) {
                 .sex(userDto.getSex())
                 .email(userDto.getEmail())
                 .createdAt(userDto.getCreatedAt())
+                .role(Role.ROLE_USER)
                 .build();
         // save
         userRepository.save(user);

src/main/java/vigo/com/viewgorithm/user/jwt/JwtTokenProvider.java

@@ -44,7 +44,7 @@ public JwtDto generateToken(Authentication authentication) {
         Date accessTokenExpiresIn = new Date(now + 86400000);
         String accessToken = Jwts.builder()
                 .setSubject(authentication.getName())
-                .claim("user", authorities)
+                .claim("auth", authorities)
                 .setExpiration(accessTokenExpiresIn)
                 .signWith(key, SignatureAlgorithm.HS256)
                 .compact();
@@ -67,16 +67,15 @@ public Authentication getAuthentication(String accessToken) {
         // Jwt 토큰 복호화
         Claims claims = parseClaims(accessToken);
 
-        if (claims.get("user") == null) {
+        if (claims.get("auth") == null) {
             throw new RuntimeException("권한 정보가 없는 토큰입니다.");
         }
 
         // 클레임에서 권한 정보 가져오기
-        Collection<? extends GrantedAuthority> authorities = Arrays.stream(claims.get("user").toString().split(","))
+        Collection<? extends GrantedAuthority> authorities = Arrays.stream(claims.get("auth").toString().split(","))
                 .map(SimpleGrantedAuthority::new)
                 .collect(Collectors.toList());
 
-
         // UserDetails 객체를 만들어서 Authentication return
         // UserDetails: interface, User: UserDetails를 구현한 class
         UserDetails principal = new User(claims.getSubject(), "", authorities);

src/main/resources/data.sql

@@ -10,8 +10,7 @@ insert into algorithm_category (algorithm_name, category_name)
 values ("Quick", "Sort");
 
 -- 로그인 Test (유저 아이디 insert문)
-insert into user (birth,created_at ,email,name,password,sex,user_id, user_type)
-values("1999-08-06",now(),"kuntek1953@naver.com", "이건택", "1111", "M", "kuntek1953", "user");
+