From a74b0a56f42b5082a80aeced7cf085676d6011b6 Mon Sep 17 00:00:00 2001
From: HyeonJongKim <ujiko2003@bpsoft.co.kr>
Date: Thu, 22 Aug 2024 13:34:12 +0900
Subject: [PATCH] =?UTF-8?q?admin:=20=EB=A1=9C=EA=B7=B8=EC=9D=B8=20?=
 =?UTF-8?q?=ED=9A=8C=EC=9B=90=20=EC=B4=88=EA=B8=B0=20=EC=9D=B8=EC=A6=9D=20?=
 =?UTF-8?q?=EC=A0=95=EB=B3=B4=20=EC=88=98=EC=A0=95(=EC=97=AD=ED=95=A0=20?=
 =?UTF-8?q?=EB=8D=B0=EC=9D=B4=ED=84=B0=20=EC=82=BD=EC=9E=85)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../AuthorizationAppService.java              | 12 ++++++++++++
 .../poc/admin/security/SecurityConfig.java    |  2 +-
 .../security/jwt/JwtTokenValidateFilter.java  | 19 +++++++++++++++----
 .../templates/main/admin/management/list.html |  6 +++---
 .../templates/main/admin/role/list.html       |  3 +--
 5 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/poc/admin/src/main/java/com/bpgroup/poc/admin/app/authorization/AuthorizationAppService.java b/poc/admin/src/main/java/com/bpgroup/poc/admin/app/authorization/AuthorizationAppService.java
index 2dff3ac..566564b 100644
--- a/poc/admin/src/main/java/com/bpgroup/poc/admin/app/authorization/AuthorizationAppService.java
+++ b/poc/admin/src/main/java/com/bpgroup/poc/admin/app/authorization/AuthorizationAppService.java
@@ -2,6 +2,7 @@ package com.bpgroup.poc.admin.app.authorization;
 
 import com.bpgroup.poc.admin.domain.admin.entity.Admin;
 import com.bpgroup.poc.admin.domain.admin.service.AdminService;
+import com.bpgroup.poc.admin.domain.role.entity.Role;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
@@ -28,4 +29,15 @@ public class AuthorizationAppService {
         return admin.getAdminRole().getRole().getRoleMenus().stream()
                 .anyMatch(roleMenu -> requestUri.contains(roleMenu.getMenu().getUri()));
     }
+
+    public List<String> getRolesByUsername(String username) {
+        Optional<Admin> findAdmin = adminService.find(username);
+        if (findAdmin.isEmpty()) {
+            return null;
+        }
+
+        Admin admin = findAdmin.get();
+        Role role = admin.getAdminRole().getRole();
+        return List.of(role.getName());
+    }
 }
diff --git a/poc/admin/src/main/java/com/bpgroup/poc/admin/security/SecurityConfig.java b/poc/admin/src/main/java/com/bpgroup/poc/admin/security/SecurityConfig.java
index 79341ab..cff7688 100644
--- a/poc/admin/src/main/java/com/bpgroup/poc/admin/security/SecurityConfig.java
+++ b/poc/admin/src/main/java/com/bpgroup/poc/admin/security/SecurityConfig.java
@@ -80,7 +80,7 @@ public class SecurityConfig {
     private void configureFormLogin(HttpSecurity http) throws Exception {
         http.formLogin(AbstractHttpConfigurer::disable);
         http.addFilterBefore(authenticationGenerateFilter(), UsernamePasswordAuthenticationFilter.class);
-        http.addFilterAfter(new JwtTokenValidateFilter(jwtTokenProvider), BasicAuthenticationFilter.class);
+        http.addFilterAfter(new JwtTokenValidateFilter(jwtTokenProvider,authorizationAppService), BasicAuthenticationFilter.class);
     }
 
     private void configureLogout(HttpSecurity http) throws Exception {
diff --git a/poc/admin/src/main/java/com/bpgroup/poc/admin/security/jwt/JwtTokenValidateFilter.java b/poc/admin/src/main/java/com/bpgroup/poc/admin/security/jwt/JwtTokenValidateFilter.java
index de29563..b077b55 100644
--- a/poc/admin/src/main/java/com/bpgroup/poc/admin/security/jwt/JwtTokenValidateFilter.java
+++ b/poc/admin/src/main/java/com/bpgroup/poc/admin/security/jwt/JwtTokenValidateFilter.java
@@ -1,5 +1,7 @@
 package com.bpgroup.poc.admin.security.jwt;
 
+import com.bpgroup.poc.admin.app.authorization.AuthorizationAppService;
+import com.bpgroup.poc.admin.domain.role.entity.Role;
 import com.bpgroup.poc.admin.security.jwt.exception.JwtTokenExpiredException;
 import com.bpgroup.poc.admin.security.jwt.exception.JwtTokenInvalidException;
 import io.jsonwebtoken.Claims;
@@ -11,11 +13,15 @@ import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.filter.OncePerRequestFilter;
 import org.springframework.web.util.WebUtils;
 
 import java.io.IOException;
+import java.util.List;
+import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
 @Slf4j
@@ -23,6 +29,7 @@ import java.util.stream.Stream;
 public class JwtTokenValidateFilter extends OncePerRequestFilter {
 
     private final JwtTokenProvider jwtTokenProvider;
+    private final AuthorizationAppService authorizationAppService;
     private static final String[] EXCLUDED_URL_PATTERNS = {"/login", "/logout", "/error", "/css", "/js", "/images", "/favicon.ico", "/common/modal", "/font", "/csrf"};
 
 
@@ -36,7 +43,7 @@ public class JwtTokenValidateFilter extends OncePerRequestFilter {
                 Claims claims = jwtTokenProvider.getClaims(accessToken);
                 String username = claims.get("username", String.class);
 
-                setSecurityContext(username);
+                setSecurityContext(username,authorizationAppService);
             } else {
                 log.error("SESSION ID: {} Request - JWT AT 토큰 없음", sessionId);
             }
@@ -60,7 +67,7 @@ public class JwtTokenValidateFilter extends OncePerRequestFilter {
 
                 jwtTokenProvider.generateToken(request, response, username, JwtTokenProvider.JwtTokenIssueType.REGENERATE);
 
-                setSecurityContext(username);
+                setSecurityContext(username,authorizationAppService);
             } catch (JwtTokenExpiredException e) {
                 log.error("SESSION ID: {} JWT RT 토큰 만료", sessionId);
             } catch (JwtTokenInvalidException e) {
@@ -69,8 +76,12 @@ public class JwtTokenValidateFilter extends OncePerRequestFilter {
         }
     }
 
-    private static void setSecurityContext(String username) {
-        UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(username, null, null);
+    private static void setSecurityContext(String username, AuthorizationAppService authorizationAppService) {
+        List<String> roles = authorizationAppService.getRolesByUsername(username);
+        List<GrantedAuthority> authorities = roles.stream()
+                .map(role -> new SimpleGrantedAuthority("ROLE_" + role.toUpperCase()))
+                .collect(Collectors.toList());
+        UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(username, null, authorities);
         SecurityContextHolder.getContext().setAuthentication(auth);
     }
 
diff --git a/poc/admin/src/main/resources/templates/main/admin/management/list.html b/poc/admin/src/main/resources/templates/main/admin/management/list.html
index 115c0ed..5ca9874 100644
--- a/poc/admin/src/main/resources/templates/main/admin/management/list.html
+++ b/poc/admin/src/main/resources/templates/main/admin/management/list.html
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html lang="ko" xmlns:th="http://www.thymeleaf.org"
-      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
-      layout:decorate="~{main/admin/management/root.html}">
+      xmlns:sec="http://www.thymeleaf.org/extras/spring-security"
+      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout">
 <body>
 <th:block layout:fragment="innerContents">
     <h2>관리자 등록</h2>
@@ -15,7 +15,7 @@
             <option value="">선택</option>
             <option th:each="role : ${roles}" th:value="${role.getId()}" th:text="${role.getName()}"></option>
         </select>
-        <button type="button" id="btnCreate" class="btn_blue posi_right" data-bs-dismiss="modal">등록</button>
+        <button type="button" id="btnCreate" class="btn_blue posi_right" data-bs-dismiss="modal" sec:authorize="hasAnyRole('SUPER_ADMIN')" >등록</button>
         <button type="button" id="btnCheckDuplication" class="btn_blue posi_right" data-bs-dismiss="modal">중복체크</button>
     </div>
 
diff --git a/poc/admin/src/main/resources/templates/main/admin/role/list.html b/poc/admin/src/main/resources/templates/main/admin/role/list.html
index d4ebe8f..7436443 100644
--- a/poc/admin/src/main/resources/templates/main/admin/role/list.html
+++ b/poc/admin/src/main/resources/templates/main/admin/role/list.html
@@ -1,7 +1,6 @@
 <!DOCTYPE html>
 <html lang="ko" xmlns:th="http://www.thymeleaf.org"
-      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
-      layout:decorate="~{main/admin/role/root.html}">
+      xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout">
 <body>
 <th:block layout:fragment="innerContents">
 </th:block>