Spring Security : Authorization 2/2 #Day25

https://docs.spring.io/spring-security/reference/servlet/architecture.html

권한, 인가의 의미이며 member - role -privilege의 관계

 

authentication이 완료된 후에 authorization 설정 진행

loadUserByUsername 인터페이스 내에 SimpleGrantedAuthority를 사용해 Role 베이스 형태의 권한을 지정

 

@RequiredArgsConstructor
@Service
public class CustomUserDetailsService implements UserDetailsService {
    private final MemberService memberService;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        Member member = memberService.getUser(username)
                .orElseThrow(()-> new IllegalArgumentException("user is not found email "+username));

        //security에서 사용할 수 있도록 권한 set해줌
        member.setAuthorities(
                Stream.concat(
                        getRoles(member.getRoles()).stream(),
                        getPrivileges(member.getRoles()).stream()
                ).collect(Collectors.toList())
        );
        return member;
    }

    private List<SimpleGrantedAuthority> getRoles(List<Role> roles){
        return roles.stream()
                .map(Role::getName)
                .map(SimpleGrantedAuthority::new)
                .collect(Collectors.toList());
    }

    private List<SimpleGrantedAuthority> getPrivileges(List<Role> roles){
        return roles.stream()
                .flatMap(role -> role.getPrivileges().stream())
                .map(privilege -> new SimpleGrantedAuthority(privilege.getName()))
                .collect(Collectors.toList());
    }
}

 

 

<Spring Security 요약>

• Authentication
• Authorization

D.S(디스패처 서블릿) 전에 시작됨 (Filter) SecurityFilterChain

UserDetails(인터페이스 → (다형성) 역할 부여 )

UserDetailsService(인터페이스) → 구현할 수 있는 클래스 필요 loadUserByUsername

1. @Configuration
2. Entity : SS authentication이 되는 엔티티 implement UserDetails
3. Service : 동작구현 서비스 implement UserDetailsService
   1. loadUserByUsername
      1. <SimpleGrantedAuthority> Authorities