Spring : 구글 로그인 세션 만들기

구글 로그인 세션 만들기

https://developers.google.com/identity/sign-in/web/sign-in?hl=ko


OAuth 클라이언트 ID 만들기

http://localhost:8080/ex7/login/oauth2/code/google

 

 

JSON 다운로드

#OAuth2 include
spring.profiles.include = oauth

 

💡 **My Additional information**

spring.security.oauth2.client.registration.google.client-id=776858494674-fvo383dker0jierot3pjciiaon2lluqn.apps.googleusercontent.com
spring.security.oauth2.client.registration.google.client-secret=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
spring.security.oauth2.client.registration.google.scope=email

src/main/resources/application-oauth.properties File 생성하기

    //소셜 로그인
    httpSecurity.oauth2Login(new Customizer<OAuth2LoginConfigurer<HttpSecurity>>() {
      @Override
      public void customize(OAuth2LoginConfigurer<HttpSecurity> httpSecurityOAuth2LoginConfigurer) {
        httpSecurityOAuth2LoginConfigurer.successHandler(new AuthenticationSuccessHandler() {
          @Override
          public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
            response.sendRedirect(request.getContextPath()+"/sample/all");
          }
        });
      }
    });
@Log4j2
@Service
public class ClubOAuth2userDetailsService extends DefaultOAuth2UserService {

  @Override
  public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
//    String clientName = userRequest.getClientRegistration().getClientName();
//    log.info("ClientName >> ",clientName);
//    log.info("info_from_google >> ", userRequest.getAdditionalParameters());
//    OAuth2User oAuth2User = super.loadUser(userRequest);
//    oAuth2User.getAttributes().forEach((k,v) ->{log.info(k+":"+v);});

    OAuth2UserService<OAuth2UserRequest, OAuth2User> delegate = new DefaultOAuth2UserService();
    OAuth2User oAuth2User = delegate.loadUser(userRequest);  //서비스에서 가져온 유저 정보를 담음
    return super.loadUser(userRequest);
  }
   private SocialType getSocialType(String registrationId){
    if(SocialType.NAVER.name().equals(registrationId)){
      return SocialType.NAVER;
    }
    if(SocialType.KAKAO.name().equals(registrationId)){
      return SocialType.KAKAO;
    }
    return SocialType.GOOGLE;
  }
  private  enum SocialType{
    KAKAO,NAVER,GOOGLE
  }
}

자바bean이 되어야 와이어링이 되고 전체에서 사용이 가능함

@Log4j2
@Service
@RequiredArgsConstructor
public class ClubOAuth2userDetailsService extends DefaultOAuth2UserService {
  private final ClubMemberRepository clubMemberRepository;
  private final PasswordEncoder passwordEncoder; //

  @Override
  public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
    log.info("============= userRequest: " + userRequest);
    OAuth2UserService<OAuth2UserRequest, OAuth2User> delegate =
        new DefaultOAuth2UserService();
    OAuth2User oAuth2User = delegate.loadUser(userRequest); //서비스에서 가져온 유저정보
    String registrationId = userRequest.getClientRegistration().getRegistrationId();
    SocialType socialType = getSocialType(registrationId.trim().toString());
    String userNameAttributeName = userRequest.getClientRegistration()
        .getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
    log.info("userNameAttributeName >> " + userNameAttributeName);
    Map<String, Object> attributes = oAuth2User.getAttributes();
    for (Map.Entry<String, Object> entry : attributes.entrySet()) {
      System.out.println(entry.getKey() + ":" + entry.getValue());
    }
    String email = null;
    if (socialType.name().equals("GOOGLE"))
      email = oAuth2User.getAttribute("email");
    log.info("Email: " + email);
    ClubMember clubMember = saveSocialMember(email);
    ClubMemberAuthDTO clubMemberAuthDTO = new ClubMemberAuthDTO(
        clubMember.getEmail(),
        clubMember.getPassword(),
        clubMember.getCno(),
        true,
        clubMember.getRoleSet().stream().map(
                role -> new SimpleGrantedAuthority("ROLE_" + role.name()))
            .collect(Collectors.toList())
        , attributes
    );
    clubMemberAuthDTO.setFromSocial(clubMember.isFromSocial());
    clubMemberAuthDTO.setName(clubMember.getName());
    log.info("clubMemberAuthDTO: " + clubMemberAuthDTO);
    return clubMemberAuthDTO;
  }

OAuth2UserService<OAuth2UserRequest, OAuth2User> delegate = new DefaultOAuth2UserService(); 는 소셜에서 가져온 유저정보(userRequest)를 담기 위한 객체(OAuth2User )를 생성 해주는 것을 의미한다

OAuth2UserService 는 social 로 부터 정보를 받기 위한 객체를 생성한다
OAuth2User 는 스프링시큐리티에서 사용하는 세션 객체를 의미함
OAuth2User loadUser(OAuth2UserRequest userRequest)

→ userRequest는 소셜 페이지에서 로그인하고 그 정보를 빌려오는 것을 의미함
유저 정보(userRequest)를 세션 객체(oAuth2User )로 변환
OAuth2User oAuth2User = delegate.loadUser(userRequest);

 private ClubMember saveSocialMember(String email) {
    Optional<ClubMember> result = clubMemberRepository.findByEmail(email);
    if (result.isPresent()) return result.get();

    ClubMember clubMember = ClubMember.builder()
        .email(email)
        .password(passwordEncoder.encode("1"))
        .fromSocial(true)
        .build();
    clubMember.addMemberRole(ClubMemberRole.USER);
    clubMemberRepository.save(clubMember);
    return clubMember;
  }

소셜에서 넘어온 정보가 DB에 없을 때 저장하는 부분

 private SocialType getSocialType(String registrationId) {
    if (SocialType.NAVER.name().equals(registrationId)) {
      return SocialType.NAVER;
    }
    if (SocialType.KAKAO.name().equals(registrationId)) {
      return SocialType.KAKAO;
    }
    return SocialType.GOOGLE;
  }
  enum SocialType {
    KAKAO, NAVER, GOOGLE
  }
}

로그인버튼 누르고 로그인 성공시

  @Bean
  protected SecurityFilterChain config(HttpSecurity httpSecurity)
      throws Exception {
    // csrf 사용안하는 설정
    httpSecurity.csrf(httpSecurityCsrfConfigurer -> {
      httpSecurityCsrfConfigurer.disable();
    });

    // authorizeHttpRequests :: 선별적으로 접속을 제한하는 메서드
    // 모든 페이지가 인증을 받도록 되어 있는 상태
    // httpSecurity.authorizeHttpRequests(auth -> auth.anyRequest().authenticated());
    httpSecurity.authorizeHttpRequests(
        auth -> auth.requestMatchers(AUTH_WHITElIST).permitAll()
            .requestMatchers("/sample/admin/**").hasRole("ADMIN")
            .requestMatchers("/sample/manager/**").access(
                new WebExpressionAuthorizationManager(
                    "hasRole('ADMIN') or hasRole('MANAGER')")
            )
            .anyRequest().authenticated());

    // formLogin()를 정의해야만 해도 자동생성된 로그인페이지로 이동가능.
    httpSecurity.formLogin(new Customizer<FormLoginConfigurer<HttpSecurity>>() {
      @Override
      public void customize(FormLoginConfigurer<HttpSecurity> httpSecurityFormLoginConfigurer) {
        httpSecurityFormLoginConfigurer
//            .loginPage("/sample/login")
//            .loginProcessingUrl("/sample/login")
//            .defaultSuccessUrl("/")
            .successHandler(getAuthenticationSuccessHandler());
      }
    });
    // logout() 정의 안해도 로그아웃 페이지 사용 가능. 사용자 로그아웃 페이지 지정할 때사용
    httpSecurity.logout(new Customizer<LogoutConfigurer<HttpSecurity>>() {
      @Override
      public void customize(LogoutConfigurer<HttpSecurity> httpSecurityLogoutConfigurer) {
        httpSecurityLogoutConfigurer
            // logoutUrl() 설정할 경우 html action 주소 또한 같이 적용해야 함.
            // logoutUrl()으로 인해 기존 logout 주소 이동은 가능하나 기능은 사용 안됨.
            .logoutUrl("/logout")
            .logoutSuccessUrl("/") // 로그아웃 후에 돌아갈 페이지 설정
            //.logoutSuccessHandler((request, response, authentication) -> {
            // logout 후에 개별적으로 여러가지 상황에 대하여 적용 가능한 설정
            //})
            .invalidateHttpSession(true); // 서버 세션을 무효화, false도 클라이언트측 무효화
      }
    });
    httpSecurity.oauth2Login(new Customizer<OAuth2LoginConfigurer<HttpSecurity>>() {
      @Override
      public void customize(OAuth2LoginConfigurer<HttpSecurity> httpSecurityOAuth2LoginConfigurer) {
        httpSecurityOAuth2LoginConfigurer.successHandler(getAuthenticationSuccessHandler());
      }
    });
    return httpSecurity.build();
  }

AuthenticationSuccessHandler 는 로그인 되었을 때, 처리하는 객체

 @Bean
  public AuthenticationSuccessHandler getAuthenticationSuccessHandler() {
    return new AuthenticationSuccessHandler() {
      @Override
      public void onAuthenticationSuccess(HttpServletRequest request,
                                          HttpServletResponse response,
                                          Authentication authentication)
          throws IOException, ServletException {
        UserDetails principal = (UserDetails) authentication.getPrincipal();
        Collection<GrantedAuthority> authors =
            (Collection<GrantedAuthority>) principal.getAuthorities();
        List<String> result = authors.stream().map(new Function<GrantedAuthority, String>() {
          @Override
          public String apply(GrantedAuthority grantedAuthority) {
            return grantedAuthority.getAuthority();
          }
        }).collect(Collectors.toList());
        System.out.println(">>" + result.toString());
        for (int i = 0; i < result.size(); i++) {
          if (result.get(i).equals("ROLE_ADMIN")) {
            response.sendRedirect(request.getContextPath() + "/sample/admin");
          } else if (result.get(i).equals("ROLE_MANAGER")) {
            response.sendRedirect(request.getContextPath() + "/sample/manager");
          } else {
            response.sendRedirect(request.getContextPath() + "/sample/all");
          }
          break;
        }
      }
    };
  }

로그인 실패시 , 띄워주는 페이지 생성하기

public class CustomAccessDeniedHandler implements AccessDeniedHandler {
  @Override
  public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
    response.sendRedirect(request.getContextPath()+"/auth/accessDenied");
  }
}
public class CustomAuthenticationFailureHandler implements AuthenticationFailureHandler {
  @Override
  public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
    response.sendRedirect(request.getContextPath()+"/auth/authenticationFailure");
  }
}
@Bean
  protected SecurityFilterChain config(HttpSecurity httpSecurity)
      throws Exception {
    httpSecurity.exceptionHandling(httpSecurityExceptionHandlingConfigurer -> {
           httpSecurityCsrfConfigurer.disable();
    });
    return httpSecurity.build();
  }
  @Bean
  public AuthenticationSuccessHandler getAuthenticationSuccessHandler()
  {
    return new CustomLoginSuccessHandler();
  };
  @Bean
  public AccessDeniedHandler getAccessDeniedHandler(){
    return  new CustomAccessDeniedHandler();
  }
  @Bean
  public AuthenticationFailureHandler getAuthenticationFailureHandler(){
    return  new CustomAuthenticationFailuerHandler();
  }
  @Bean LogoutSuccessHandler getLogoutSuccessHandler(){
    return new CustomLogoutSuccessHandler();
  }
}

404Error 처리

 

//@RestControllerAdvice
@ControllerAdvice
public class ExceptionHandlerControllerAdvice {
  // 404 exception
  @ExceptionHandler(NoResourceFoundException.class)
  @ResponseStatus(HttpStatus.NOT_FOUND)
  public String handl404(NoResourceFoundException e, Model model) {
    model.addAttribute("errorMessage", e.getMessage());
    return "/error/notFound";
  }

  // Database error
  @ExceptionHandler(DataAccessException.class)
  public String handleDataAccessException(DataAccessException e, Model model) {
    model.addAttribute("errorMessage", e.getMessage());
    e.printStackTrace();
    return "error/databaseError";
  }

  // internal server error
  @ExceptionHandler(HttpServerErrorException.InternalServerError.class)
  @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
  public String handleException(HttpServerErrorException.InternalServerError e, Model model) {
    model.addAttribute("errorMessage", e.getMessage());
    e.printStackTrace();
    return "error/serverError";
  }
}

.requestMatchers(new AntPathRequestMatcher("/error/**")).permitAll() 해당하는 페이지가 들어왔을때 어떻게 해줄것인가에 대한 보안에 대한 설정

// authorizeHttpRequests :: 선별적으로 접속을 제한하는 메서드
    // 모든 페이지가 인증을 받도록 되어 있는 상태
    // httpSecurity.authorizeHttpRequests(auth -> auth.anyRequest().authenticated());
    httpSecurity.authorizeHttpRequests(
        auth -> auth.requestMatchers(AUTH_WHITElIST).permitAll()
            .requestMatchers(new AntPathRequestMatcher("/auth/**")).permitAll()
            .requestMatchers(new AntPathRequestMatcher("/error/**")).permitAll()
            .requestMatchers("/sample/admin/**").hasRole("ADMIN")
            .requestMatchers("/sample/manager/**").access(
                new WebExpressionAuthorizationManager(
                    "hasRole('ADMIN') or hasRole('MANAGER')")
            )
            .anyRequest().authenticated());

database 아이디를 통하여 로그인하는 경우 사용, 소셜로그인은 사용불가

 httpSecurity.rememberMe(new Customizer<RememberMeConfigurer<HttpSecurity>>() {
      @Override
      public void customize(RememberMeConfigurer<HttpSecurity> httpSecurityRememberMeConfigurer) {
        httpSecurityRememberMeConfigurer.tokenValiditySeconds(60*60*24*7);
      }
    });

 

로그인하고 새창을 열었을 때, 로그인 하지 않아도 로그인 됨