[고정완] OAuth 2.0 리뷰 요청드립니다.

src/main/java/nextstep/app/OAuth2Config.java

@@ -0,0 +1,43 @@
+package nextstep.app;
+
+import nextstep.oauth2.authentication.provider.OAuth2LoginAuthenticationProvider;
+import nextstep.oauth2.registration.ClientRegistrationRepository;
+import nextstep.oauth2.registration.OAuth2ClientProperties;
+import nextstep.oauth2.userinfo.OAuth2UserService;
+import nextstep.oauth2.web.authorizedclient.OAuth2AuthorizedClientRepository;
+import nextstep.security.authentication.AuthenticationManager;
+import nextstep.security.authentication.DaoAuthenticationProvider;
+import nextstep.security.authentication.ProviderManager;
+import nextstep.security.userdetails.UserDetailsService;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.List;
+
+@EnableConfigurationProperties(OAuth2ClientProperties.class)
+@Configuration
+public class OAuth2Config {
+    @Bean
+    public ClientRegistrationRepository registrationRepository(
+            OAuth2ClientProperties oauth2ClientProperties
+    ) {
+        return oauth2ClientProperties.createClientRegistrationDao();
+    }
+
+    @Bean
+    public OAuth2AuthorizedClientRepository authorizedClientRepository() {
+        return OAuth2AuthorizedClientRepository.getInstance();
+    }
+
+    @Bean
+    public AuthenticationManager authenticationManager(
+            UserDetailsService userDetailsService,
+            OAuth2UserService oAuth2UserService
+    ) {
+        return new ProviderManager(List.of(
+                new DaoAuthenticationProvider(userDetailsService),
+                new OAuth2LoginAuthenticationProvider(oAuth2UserService)
+        ));
+    }
+}

src/main/java/nextstep/app/SecurityConfig.java

@@ -2,15 +2,25 @@
 
 import nextstep.app.domain.Member;
 import nextstep.app.domain.MemberRepository;
+import nextstep.oauth2.registration.ClientRegistrationRepository;
+import nextstep.oauth2.web.OAuth2AuthorizationRequestRedirectFilter;
+import nextstep.oauth2.web.OAuth2LoginAuthenticationFilter;
+import nextstep.oauth2.web.authorizedclient.OAuth2AuthorizedClientRepository;
 import nextstep.security.access.AnyRequestMatcher;
 import nextstep.security.access.MvcRequestMatcher;
 import nextstep.security.access.RequestMatcherEntry;
 import nextstep.security.access.hierarchicalroles.RoleHierarchy;
 import nextstep.security.access.hierarchicalroles.RoleHierarchyImpl;
 import nextstep.security.authentication.AuthenticationException;
+import nextstep.security.authentication.AuthenticationManager;
 import nextstep.security.authentication.BasicAuthenticationFilter;
 import nextstep.security.authentication.UsernamePasswordAuthenticationFilter;
-import nextstep.security.authorization.*;
+import nextstep.security.authorization.AuthorityAuthorizationManager;
+import nextstep.security.authorization.AuthorizationFilter;
+import nextstep.security.authorization.AuthorizationManager;
+import nextstep.security.authorization.PermitAllAuthorizationManager;
+import nextstep.security.authorization.RequestAuthorizationManager;
+import nextstep.security.authorization.SecuredMethodInterceptor;
 import nextstep.security.config.DefaultSecurityFilterChain;
 import nextstep.security.config.DelegatingFilterProxy;
 import nextstep.security.config.FilterChainProxy;
@@ -31,15 +41,11 @@
 @Configuration
 public class SecurityConfig {
 
-    private final MemberRepository memberRepository;
-
-    public SecurityConfig(MemberRepository memberRepository) {
-        this.memberRepository = memberRepository;
-    }
-
     @Bean
-    public DelegatingFilterProxy delegatingFilterProxy() {
-        return new DelegatingFilterProxy(filterChainProxy(List.of(securityFilterChain())));
+    public DelegatingFilterProxy delegatingFilterProxy(
+            SecurityFilterChain securityFilterChain
+    ) {
+        return new DelegatingFilterProxy(filterChainProxy(List.of(securityFilterChain)));
     }
 
     @Bean
@@ -53,13 +59,20 @@ public SecuredMethodInterceptor securedMethodInterceptor() {
     }
 
     @Bean
-    public SecurityFilterChain securityFilterChain() {
+    public SecurityFilterChain securityFilterChain(
+            AuthenticationManager authenticationManager,
+            ClientRegistrationRepository clientRegistrationRepository,
+            OAuth2AuthorizedClientRepository authorizedClientRepository,
+            RequestAuthorizationManager requestAuthorizationManager
+    ) {
         return new DefaultSecurityFilterChain(
                 List.of(
                         new SecurityContextHolderFilter(),
-                        new UsernamePasswordAuthenticationFilter(userDetailsService()),
-                        new BasicAuthenticationFilter(userDetailsService()),
-                        new AuthorizationFilter(requestAuthorizationManager())
+                        new UsernamePasswordAuthenticationFilter(authenticationManager),
+                        new BasicAuthenticationFilter(authenticationManager),
+                        new OAuth2AuthorizationRequestRedirectFilter(clientRegistrationRepository),
+                        new OAuth2LoginAuthenticationFilter(clientRegistrationRepository, authorizedClientRepository, authenticationManager),
+                        new AuthorizationFilter(requestAuthorizationManager)
                 )
         );
     }
@@ -72,17 +85,21 @@ public RoleHierarchy roleHierarchy() {
     }
 
     @Bean
-    public RequestAuthorizationManager requestAuthorizationManager() {
+    public RequestAuthorizationManager requestAuthorizationManager(
+            RoleHierarchy roleHierarchy
+    ) {
         List<RequestMatcherEntry<AuthorizationManager>> mappings = new ArrayList<>();
-        mappings.add(new RequestMatcherEntry<>(new MvcRequestMatcher(HttpMethod.GET, "/members"), new AuthorityAuthorizationManager(roleHierarchy(), "ADMIN")));
-        mappings.add(new RequestMatcherEntry<>(new MvcRequestMatcher(HttpMethod.GET, "/members/me"), new AuthorityAuthorizationManager(roleHierarchy(), "USER")));
+        mappings.add(new RequestMatcherEntry<>(new MvcRequestMatcher(HttpMethod.GET, "/members"), new AuthorityAuthorizationManager(roleHierarchy, "ADMIN")));
+        mappings.add(new RequestMatcherEntry<>(new MvcRequestMatcher(HttpMethod.GET, "/members/me"), new AuthorityAuthorizationManager(roleHierarchy, "USER")));
         mappings.add(new RequestMatcherEntry<>(new MvcRequestMatcher(HttpMethod.GET, "/search"), new PermitAllAuthorizationManager()));
         mappings.add(new RequestMatcherEntry<>(AnyRequestMatcher.INSTANCE, new PermitAllAuthorizationManager()));
         return new RequestAuthorizationManager(mappings);
     }
 
     @Bean
-    public UserDetailsService userDetailsService() {
+    public UserDetailsService userDetailsService(
+            MemberRepository memberRepository
+    ) {
         return username -> {
             Member member = memberRepository.findByEmail(username)
                     .orElseThrow(() -> new AuthenticationException("존재하지 않는 사용자입니다."));

src/main/java/nextstep/app/domain/MemberRepository.java

@@ -9,4 +9,6 @@ public interface MemberRepository {
     List<Member> findAll();
 
     Member save(Member member);
+
+    void clear();
 }

src/main/java/nextstep/app/infrastructure/InmemoryMemberRepository.java

@@ -29,4 +29,9 @@ public Member save(Member member) {
         members.put(member.getEmail(), member);
         return member;
     }
+
+    @Override
+    public void clear() {
+        members.clear();
+    }
 }

src/main/java/nextstep/app/service/DefaultOAuth2UserService.java

@@ -0,0 +1,58 @@
+package nextstep.app.service;
+
+import nextstep.app.domain.Member;
+import nextstep.app.domain.MemberRepository;
+import nextstep.oauth2.profile.OAuth2ProfileUser;
+import nextstep.oauth2.userinfo.OAuth2User;
+import nextstep.oauth2.userinfo.OAuth2UserRequest;
+import nextstep.oauth2.userinfo.OAuth2UserService;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.stereotype.Service;
+import org.springframework.web.client.RestTemplate;
+
+import java.util.Map;
+import java.util.Set;
+
+@Service
+public class DefaultOAuth2UserService implements OAuth2UserService {
+    private static final RestTemplate rest = new RestTemplate();
+
+    private final MemberRepository memberRepository;
+
+    public DefaultOAuth2UserService(MemberRepository memberRepository) {
+        this.memberRepository = memberRepository;
+    }
+
+    @Override
+    public OAuth2User loadUser(OAuth2UserRequest userRequest) {
+        final String userNameAttributeName = userRequest.clientRegistration()
+                .providerDetails().userInfoEndpoint().userNameAttributeName();
+        final Map<String, Object> attributes = exchangeAttributes(userRequest);
+        final OAuth2ProfileUser profileUser = OAuth2ProfileUser.of(
+                userRequest.clientRegistration().registrationId(),
+                attributes
+        );
+        final Set<String> authorities = memberRepository.findByEmail(
+                attributes.get(userNameAttributeName).toString()
+        ).orElseGet(
+                () -> memberRepository.save(new Member(
+                        profileUser.email(), "", profileUser.name(),
+                        profileUser.imageUrl(), Set.of("USER")
+                ))
+        ).getRoles();
+        return OAuth2User.of(authorities, attributes, userNameAttributeName);
+    }
+
+    private Map exchangeAttributes(OAuth2UserRequest userRequest) {
+        final HttpHeaders headers = new HttpHeaders();
+        headers.add(HttpHeaders.AUTHORIZATION, "Bearer " + userRequest.accessToken().token());
+        return rest.exchange(
+                userRequest.clientRegistration().providerDetails().userInfoEndpoint().uri(),
+                HttpMethod.GET,
+                new HttpEntity<>(headers),
+                Map.class
+        ).getBody();
+    }
+}

src/main/java/nextstep/app/ui/LoginController.java

@@ -4,6 +4,7 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import jakarta.servlet.http.HttpSession;
+import nextstep.oauth2.userinfo.OAuth2User;
 import nextstep.security.authentication.Authentication;
 import nextstep.security.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
@@ -32,10 +33,10 @@ private String extractUsername(Authentication authentication) {
         if (authentication.getPrincipal() instanceof String) {
             return (String) authentication.getPrincipal();
         }
-//        if (authentication.getPrincipal() instanceof OAuth2User) {
-//            String userNameAttributeName = ((OAuth2User) authentication.getPrincipal()).getUserNameAttributeName();
-//            return (String) ((OAuth2User) authentication.getPrincipal()).getAttributes().get(userNameAttributeName);
-//        }
+        if (authentication.getPrincipal() instanceof OAuth2User) {
+            String userNameAttributeName = ((OAuth2User) authentication.getPrincipal()).userNameAttributeName();
+            return (String) ((OAuth2User) authentication.getPrincipal()).attributes().get(userNameAttributeName);
+        }
         return "";
     }
 
@@ -54,4 +55,4 @@ public String logout(HttpServletRequest request, HttpServletResponse response) {
 
         return "redirect:/";
     }
-}
+}

src/main/java/nextstep/oauth2/authentication/OAuth2AccessToken.java

@@ -0,0 +1,3 @@
+package nextstep.oauth2.authentication;
+
+public record OAuth2AccessToken(String token) {}

src/main/java/nextstep/oauth2/authentication/provider/OAuth2AuthorizationCodeAuthenticationProvider.java

@@ -0,0 +1,43 @@
+package nextstep.oauth2.authentication.provider;
+
+import nextstep.oauth2.authentication.OAuth2AccessToken;
+import nextstep.oauth2.authentication.token.OAuth2AuthorizationCodeAuthenticationToken;
+import nextstep.oauth2.endpoint.OAuth2AccessTokenResponseClient;
+import nextstep.oauth2.endpoint.dto.OAuth2AuthorizationCodeGrantRequest;
+import nextstep.oauth2.endpoint.dto.OAuth2AuthorizationExchange;
+import nextstep.oauth2.exception.OAuth2AuthenticationException;
+import nextstep.oauth2.registration.ClientRegistration;
+import nextstep.security.authentication.Authentication;
+import nextstep.security.authentication.AuthenticationException;
+import nextstep.security.authentication.AuthenticationProvider;
+
+public class OAuth2AuthorizationCodeAuthenticationProvider implements AuthenticationProvider {
+    private final OAuth2AccessTokenResponseClient client = new OAuth2AccessTokenResponseClient();
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        final OAuth2AuthorizationCodeAuthenticationToken codeToken = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
+        if (!codeToken.isValid()) {
+            throw new OAuth2AuthenticationException();
+        }
+        final ClientRegistration registration = codeToken.getClientRegistration();
+        final OAuth2AuthorizationExchange exchange = codeToken.getAuthorizationExchange();
+        return new OAuth2AuthorizationCodeAuthenticationToken(
+                registration, exchange, getAccessToken(registration, exchange)
+        );
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return OAuth2AuthorizationCodeAuthenticationToken.class.isAssignableFrom(authentication);
+    }
+
+    private OAuth2AccessToken getAccessToken(
+            ClientRegistration registration,
+            OAuth2AuthorizationExchange exchange
+    ) {
+        return client.getTokenResponse(
+                new OAuth2AuthorizationCodeGrantRequest(registration, exchange)
+        ).accessToken();
+    }
+}

src/main/java/nextstep/oauth2/authentication/provider/OAuth2LoginAuthenticationProvider.java

@@ -0,0 +1,51 @@
+package nextstep.oauth2.authentication.provider;
+
+import nextstep.oauth2.authentication.OAuth2AccessToken;
+import nextstep.oauth2.authentication.token.OAuth2AuthorizationCodeAuthenticationToken;
+import nextstep.oauth2.authentication.token.OAuth2LoginAuthenticationToken;
+import nextstep.oauth2.userinfo.OAuth2User;
+import nextstep.oauth2.userinfo.OAuth2UserRequest;
+import nextstep.oauth2.userinfo.OAuth2UserService;
+import nextstep.security.authentication.Authentication;
+import nextstep.security.authentication.AuthenticationException;
+import nextstep.security.authentication.AuthenticationProvider;
+
+public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider {
+    private final OAuth2AuthorizationCodeAuthenticationProvider provider = new OAuth2AuthorizationCodeAuthenticationProvider();
+    private final OAuth2UserService userService;
+
+    public OAuth2LoginAuthenticationProvider(OAuth2UserService userService) {
+        this.userService = userService;
+    }
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        final OAuth2LoginAuthenticationToken loginToken = (OAuth2LoginAuthenticationToken) authentication;
+        final OAuth2AccessToken accessToken = getAccessToken(loginToken);
+        final OAuth2User oauth2User = loadUser(loginToken, accessToken);
+        return new OAuth2LoginAuthenticationToken(
+                loginToken.getClientRegistration(), loginToken.getAuthorizationExchange(),
+                oauth2User, oauth2User.authorities(), accessToken
+        );
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return OAuth2LoginAuthenticationToken.class.isAssignableFrom(authentication);
+    }
+
+    private OAuth2AccessToken getAccessToken(OAuth2LoginAuthenticationToken loginToken) {
+        return ((OAuth2AuthorizationCodeAuthenticationToken) provider.authenticate(
+                new OAuth2AuthorizationCodeAuthenticationToken(
+                        loginToken.getClientRegistration(),
+                        loginToken.getAuthorizationExchange()
+                )
+        )).getAccessToken();
+    }
+
+    private OAuth2User loadUser(OAuth2LoginAuthenticationToken loginToken, OAuth2AccessToken accessToken) {
+        return userService.loadUser(
+                new OAuth2UserRequest(loginToken.getClientRegistration(), accessToken)
+        );
+    }
+}

src/main/java/nextstep/oauth2/authentication/token/OAuth2AuthenticationToken.java

@@ -0,0 +1,36 @@
+package nextstep.oauth2.authentication.token;
+
+import nextstep.oauth2.userinfo.OAuth2User;
+import nextstep.security.authentication.Authentication;
+
+import java.util.Set;
+
+public final class OAuth2AuthenticationToken implements Authentication {
+    private final OAuth2User principal;
+    private final Set<String> authorities;
+
+    public OAuth2AuthenticationToken(OAuth2User principal, Set<String> authorities) {
+        this.principal = principal;
+        this.authorities = authorities;
+    }
+
+    @Override
+    public Set<String> getAuthorities() {
+        return authorities;
+    }
+
+    @Override
+    public Object getCredentials() {
+        return null;
+    }
+
+    @Override
+    public Object getPrincipal() {
+        return principal;
+    }
+
+    @Override
+    public boolean isAuthenticated() {
+        return true;
+    }
+}