feat : SecurityConfig에 OAuth2 설정 추가 (#112)

binary-ho · Mar 8, 2024 · 24d6be4 · 24d6be4
1 parent 2f7b98a
commit 24d6be4
Showing 1 changed file with 18 additions and 6 deletions.
diff --git a/src/main/java/gdsc/binaryho/imhere/security/config/SecurityConfig.java b/src/main/java/gdsc/binaryho/imhere/security/config/SecurityConfig.java
@@ -2,14 +2,16 @@
 
 
 import gdsc.binaryho.imhere.core.member.infrastructure.MemberRepository;
-import gdsc.binaryho.imhere.security.filter.JwtAuthenticationFilter;
+import gdsc.binaryho.imhere.security.oauth.CustomOAuth2SuccessHandler;
+import gdsc.binaryho.imhere.security.oauth.CustomOAuth2UserService;
 import gdsc.binaryho.imhere.security.filter.JwtAuthorizationFilter;
 import gdsc.binaryho.imhere.security.jwt.TokenService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -22,7 +24,7 @@
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.access.channel.ChannelProcessingFilter;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.web.filter.CorsFilter;
 
@@ -35,6 +37,8 @@ public class SecurityConfig {
     private final MemberRepository memberRepository;
 
     private final CorsFilter corsFilter;
+    private final CustomOAuth2SuccessHandler customOAuth2SuccessHandler;
+    private final CustomOAuth2UserService customOAuth2UserService;
 
     private final TokenService tokenService;
 
@@ -89,8 +93,14 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
             .formLogin().disable()
             .httpBasic().disable()
 
-            .authorizeRequests()
+            .oauth2Login(configurer -> {
+                    configurer.userInfoEndpoint(endpoint -> endpoint.userService(customOAuth2UserService));
+                    configurer.successHandler(customOAuth2SuccessHandler);
+                    configurer.failureHandler(setStatusUnauthorized());
+                }
+            )
 
+            .authorizeRequests()
             .antMatchers("/login", "/logout", "/member/**",
                 "/swagger*/**", "/v3/api-docs/**", "/swagger-resources/**", "/webjars/**")
             .permitAll()
@@ -103,9 +113,6 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 
             .anyRequest().authenticated();
 
-        http.addFilterBefore(new JwtAuthenticationFilter(
-            authenticationManager(authenticationConfiguration), tokenService), UsernamePasswordAuthenticationFilter.class);
-
         http.addFilterBefore(new JwtAuthorizationFilter(
             authenticationManager(authenticationConfiguration), tokenService, memberRepository), BasicAuthenticationFilter.class);
 
@@ -121,4 +128,9 @@ private UserDetailsService getActuatorUserDetailsService() {
 
         return new InMemoryUserDetailsManager(userDetails);
     }
+
+    private AuthenticationFailureHandler setStatusUnauthorized() {
+        int unauthorized = HttpStatus.UNAUTHORIZED.value();
+        return (request, response, exception) -> response.setStatus(unauthorized);
+    }
 }