[security-db-auth] 웹 기반 인가처리 실시간 반영 (URI 권한 변경 및 접근 요청 테스트)

Author: SeokRae

logs/local/securityErrLog.log

@@ -1,99 +1,115 @@
 package kr.seok.controller.admin;
 
 
+import kr.seok.domain.dto.ResourcesDto;
+import kr.seok.domain.entity.Resources;
+import kr.seok.domain.entity.Role;
+import kr.seok.domain.repository.RoleRepository;
+import kr.seok.security.metadatasource.UrlFilterInvocationSecurityMetadataSource;
+import kr.seok.service.ResourcesService;
+import kr.seok.service.RoleService;
+import org.modelmapper.ModelMapper;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
 
 @Controller
 public class ResourcesController {
 
-//	@Autowired
-//	private ResourcesService resourcesService;
+	@Autowired
+	private ResourcesService resourcesService;
 
-//	@Autowired
-//	private RoleRepository roleRepository;
+	@Autowired
+	private RoleRepository roleRepository;
 
-//	@Autowired
-//	private RoleService roleService;
+	@Autowired
+	private RoleService roleService;
 
 //	@Autowired
 //	private MethodSecurityService methodSecurityService;
 
-//	@Autowired
-//	private UrlFilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource;
+	@Autowired
+	private UrlFilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource;
 
 	@GetMapping(value="/admin/resources")
 	public String getResources(Model model) throws Exception {
 
-//		List<Resources> resources = resourcesService.getResources();
-//		model.addAttribute("resources", resources);
+		List<Resources> resources = resourcesService.getResources();
+		model.addAttribute("resources", resources);
 
 		return "admin/resource/list";
 	}
 
-//	@PostMapping(value="/admin/resources")
-//	public String createResources(ResourcesDto resourcesDto) throws Exception {
-//
-//		ModelMapper modelMapper = new ModelMapper();
-//		Role role = roleRepository.findByRoleName(resourcesDto.getRoleName());
-//		Set<Role> roles = new HashSet<>();
-//		roles.add(role);
-//		Resources resources = modelMapper.map(resourcesDto, Resources.class);
-//		resources.setRoleSet(roles);
-//
-//		resourcesService.createResources(resources);
-//
-//		if("url".equals(resourcesDto.getResourceType())){
-//			filterInvocationSecurityMetadataSource.reload();
-//		}else{
+	@PostMapping(value="/admin/resources")
+	public String createResources(ResourcesDto resourcesDto) throws Exception {
+
+		ModelMapper modelMapper = new ModelMapper();
+		Role role = roleRepository.findByRoleName(resourcesDto.getRoleName());
+		Set<Role> roles = new HashSet<>();
+		roles.add(role);
+		Resources resources = modelMapper.map(resourcesDto, Resources.class);
+		resources.setRoleSet(roles);
+
+		resourcesService.createResources(resources);
+
+		if("url".equals(resourcesDto.getResourceType())){
+			/* URL 권한 정보 입력시 reload */
+			filterInvocationSecurityMetadataSource.reload();
+		}else{
 //			methodSecurityService.addMethodSecured(resourcesDto.getResourceName(),resourcesDto.getRoleName());
-//		}
-//
-//		return "redirect:/admin/resources";
-//	}
-
-//	@GetMapping(value="/admin/resources/register")
-//	public String viewRoles(Model model) throws Exception {
-//
-//		List<Role> roleList = roleService.getRoles();
-//		model.addAttribute("roleList", roleList);
-//
-//		ResourcesDto resources = new ResourcesDto();
-//		Set<Role> roleSet = new HashSet<>();
-//		roleSet.add(new Role());
-//		resources.setRoleSet(roleSet);
-//		model.addAttribute("resources", resources);
-//
-//		return "admin/resource/detail";
-//	}
-
-//	@GetMapping(value="/admin/resources/{id}")
-//	public String getResources(@PathVariable String id, Model model) throws Exception {
-//
-//		List<Role> roleList = roleService.getRoles();
-//        model.addAttribute("roleList", roleList);
-//		Resources resources = resourcesService.getResources(Long.valueOf(id));
-//
-//		ModelMapper modelMapper = new ModelMapper();
-//		ResourcesDto resourcesDto = modelMapper.map(resources, ResourcesDto.class);
-//		model.addAttribute("resources", resourcesDto);
-//
-//		return "admin/resource/detail";
-//	}
-
-//	@GetMapping(value="/admin/resources/delete/{id}")
-//	public String removeResources(@PathVariable String id, Model model) throws Exception {
-//
-//		Resources resources = resourcesService.getResources(Long.valueOf(id));
-//		resourcesService.deleteResources(Long.valueOf(id));
-//
-//		if("url".equals(resources.getResourceType())) {
-//			filterInvocationSecurityMetadataSource.reload();
-//		}else{
+		}
+
+		return "redirect:/admin/resources";
+	}
+
+	@GetMapping(value="/admin/resources/register")
+	public String viewRoles(Model model) throws Exception {
+
+		List<Role> roleList = roleService.getRoles();
+		model.addAttribute("roleList", roleList);
+
+		ResourcesDto resources = new ResourcesDto();
+		Set<Role> roleSet = new HashSet<>();
+		roleSet.add(new Role());
+		resources.setRoleSet(roleSet);
+		model.addAttribute("resources", resources);
+
+		return "admin/resource/detail";
+	}
+
+	@GetMapping(value="/admin/resources/{id}")
+	public String getResources(@PathVariable String id, Model model) throws Exception {
+
+		List<Role> roleList = roleService.getRoles();
+        model.addAttribute("roleList", roleList);
+		Resources resources = resourcesService.getResources(Long.valueOf(id));
+
+		ModelMapper modelMapper = new ModelMapper();
+		ResourcesDto resourcesDto = modelMapper.map(resources, ResourcesDto.class);
+		model.addAttribute("resources", resourcesDto);
+
+		return "admin/resource/detail";
+	}
+
+	@GetMapping(value="/admin/resources/delete/{id}")
+	public String removeResources(@PathVariable String id, Model model) throws Exception {
+
+		Resources resources = resourcesService.getResources(Long.valueOf(id));
+		resourcesService.deleteResources(Long.valueOf(id));
+
+		if("url".equals(resources.getResourceType())) {
+			filterInvocationSecurityMetadataSource.reload();
+		}else{
 //			methodSecurityService.removeMethodSecured(resources.getResourceName());
-//		}
-//
-//		return "redirect:/admin/resources";
-//	}
+		}
+
+		return "redirect:/admin/resources";
+	}
 }

logs/local/securityLog.log

@@ -0,0 +1,25 @@
+package kr.seok.domain.dto;
+
+import kr.seok.domain.entity.Role;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.util.Set;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class ResourcesDto {
+
+    private String id;
+    private String resourceName;
+    private String httpMethod;
+    private int orderNum;
+    private String resourceType;
+    private String roleName;
+    private Set<Role> roleSet;
+
+}

security-db-auth/src/main/java/kr/seok/controller/admin/ResourcesController.java

@@ -25,7 +25,6 @@
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.access.AccessDeniedHandler;
-import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
 import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
@@ -120,8 +119,8 @@ public AuthenticationManager authenticationManagerBean() throws Exception {
 
     /* DB 기반으로 URL Resource, 권한을 관리하기 위한 FilterInvocationSecurityMetadataSource 구현체 */
     @Bean
-    public FilterInvocationSecurityMetadataSource urlFilterInvocationSecurityMetadataSource() throws Exception {
-        return new UrlFilterInvocationSecurityMetadataSource(urlResourcesMapFactoryBean().getObject());
+    public UrlFilterInvocationSecurityMetadataSource urlFilterInvocationSecurityMetadataSource() throws Exception {
+        return new UrlFilterInvocationSecurityMetadataSource(urlResourcesMapFactoryBean().getObject(), securityResourceService);
     }
 
     private UrlResourcesMapFactoryBean urlResourcesMapFactoryBean() {

security-db-auth/src/main/java/kr/seok/domain/dto/ResourcesDto.java

@@ -1,5 +1,6 @@
 package kr.seok.security.metadatasource;
 
+import kr.seok.security.service.SecurityResourceService;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
@@ -14,9 +15,14 @@
 public class UrlFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
 
     private LinkedHashMap<RequestMatcher, List<ConfigAttribute>> requestMap;
+    private SecurityResourceService securityResourceService;
+
+    public UrlFilterInvocationSecurityMetadataSource(
+            LinkedHashMap<RequestMatcher, List<ConfigAttribute>> resourcesMap
+            , SecurityResourceService securityResourceService) {
 
-    public UrlFilterInvocationSecurityMetadataSource(LinkedHashMap<RequestMatcher, List<ConfigAttribute>> resourcesMap) {
         this.requestMap = resourcesMap;
+        this.securityResourceService = securityResourceService;
     }
     /**
      *
@@ -55,4 +61,17 @@ public Collection<ConfigAttribute> getAllConfigAttributes() {
     public boolean supports(Class<?> clazz) {
         return FilterInvocation.class.isAssignableFrom(clazz);
     }
+
+    public void reload() {
+        LinkedHashMap<RequestMatcher, List<ConfigAttribute>> reLoadedResourceList = securityResourceService.getResourceList();
+        Iterator<Map.Entry<RequestMatcher, List<ConfigAttribute>>> iterator = reLoadedResourceList.entrySet().iterator();
+        /* 현재 프로젝트에 적용되고 있는 변수의 값을 비운다. */
+        requestMap.clear();
+
+        while(iterator.hasNext()) {
+            Map.Entry<RequestMatcher, List<ConfigAttribute>> entry = iterator.next();
+            requestMap.put(entry.getKey(), entry.getValue());
+        }
+
+    }
 }

security-db-auth/src/main/java/kr/seok/security/config/SecurityConfig.java

@@ -0,0 +1,17 @@
+package kr.seok.service;
+
+
+import kr.seok.domain.entity.Resources;
+
+import java.util.List;
+
+public interface ResourcesService {
+
+    Resources getResources(long id);
+
+    List<Resources> getResources();
+
+    void createResources(Resources Resources);
+
+    void deleteResources(long id);
+}

security-db-auth/src/main/java/kr/seok/security/metadatasource/UrlFilterInvocationSecurityMetadataSource.java

@@ -0,0 +1,16 @@
+package kr.seok.service;
+
+import kr.seok.domain.entity.Role;
+
+import java.util.List;
+
+public interface RoleService {
+
+    Role getRole(long id);
+
+    List<Role> getRoles();
+
+    void createRole(Role role);
+
+    void deleteRole(long id);
+}

security-db-auth/src/main/java/kr/seok/service/ResourcesService.java

@@ -0,0 +1,39 @@
+package kr.seok.service.impl;
+
+import kr.seok.domain.entity.Resources;
+import kr.seok.service.ResourcesService;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.domain.Sort;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.util.List;
+
+@Slf4j
+@Service
+public class ResourcesServiceImpl implements ResourcesService {
+
+    @Autowired
+    private kr.seok.domain.repository.ResourcesRepository ResourcesRepository;
+
+    @Transactional
+    public Resources getResources(long id) {
+        return ResourcesRepository.findById(id).orElse(new Resources());
+    }
+
+    @Transactional
+    public List<Resources> getResources() {
+        return ResourcesRepository.findAll(Sort.by(Sort.Order.asc("orderNum")));
+    }
+
+    @Transactional
+    public void createResources(Resources resources){
+        ResourcesRepository.save(resources);
+    }
+
+    @Transactional
+    public void deleteResources(long id) {
+        ResourcesRepository.deleteById(id);
+    }
+}

security-db-auth/src/main/java/kr/seok/service/RoleService.java

@@ -0,0 +1,41 @@
+package kr.seok.service.impl;
+
+import kr.seok.domain.entity.Role;
+import kr.seok.domain.repository.RoleRepository;
+import kr.seok.service.RoleService;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.util.List;
+
+@Slf4j
+@Service
+public class RoleServiceImpl implements RoleService {
+
+    @Autowired
+    private RoleRepository roleRepository;
+
+    @Transactional
+    public Role getRole(long id) {
+        return roleRepository.findById(id).orElse(new Role());
+    }
+
+    @Transactional
+    public List<Role> getRoles() {
+
+        return roleRepository.findAll();
+    }
+
+    @Transactional
+    public void createRole(Role role){
+
+        roleRepository.save(role);
+    }
+
+    @Transactional
+    public void deleteRole(long id) {
+        roleRepository.deleteById(id);
+    }
+}