\uc791\ub3d9 \uc548\ud55c\ub2e4.<\/strong><\/p>\n \ucc38\uace0<\/a><\/p>\n https:\/\/tomcat.apache.org\/download-native.cgi<\/a><\/p>\n build.gradle<\/p>\n application.yml<\/p>\n AuthorizationServerConfig.java<\/p>\n DefaultSecurityConfig.java<\/p>\n KeyGeneratorUtils.java<\/p>\n Jwks.java<\/p>\n Experimental Oauth2 Authorization Server 0.1.1 \uc791\ub3d9 \uc548\ud55c\ub2e4. \ucc38\uace0 https:\/\/tomcat.apache.org\/download-native.cgi \ud504\ub85c\uc81d\ud2b8 \uc0dd\uc131 build.gradle dependencies { implementation 'org.springframework.boot:spring-boot-starter-web:2.5.3' implementation 'org.springframework.boot:spring-boot-starter-security:2.5.3' implementation 'org.springframework.boot:spring-boot-starter-jdbc:2.5.3' implementation 'org.springframework.security.experimental:spring-security-oauth2-authorization-server:0.1.2' implementation 'org.springframework.security:spring-security-oauth2-core:5.5.1' implementation 'org.springframework.security.oauth:spring-security-oauth2:2.5.1.RELEASE' implementation 'org.springframework.security:spring-security-cas:5.5.1' runtimeOnly 'com.h2database:h2:1.4.200' compileOnly 'org.projectlombok:lombok:1.18.20' developmentOnly 'org.springframework.boot:spring-boot-devtools:2.5.3' annotationProcessor 'org.projectlombok:lombok:1.18.20' testImplementation 'org.springframework.boot:spring-boot-starter-test:2.5.3' testImplementation 'net.sourceforge.htmlunit:htmlunit:2.52.0' } application.yml server: port: 9000 logging: level: # root: DEBUG org.springframework.web: DEBUG org.springframework.security: DEBUG org.springframework.security.oauth2:\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-2535","post","type-post","status-publish","format-standard","hentry","category-spring-boot-2-5"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2535","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2535"}],"version-history":[{"count":7,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2535\/revisions"}],"predecessor-version":[{"id":3789,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2535\/revisions\/3789"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2535"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2535"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2535"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\ud504\ub85c\uc81d\ud2b8 \uc0dd\uc131<\/h2>\n
dependencies {\n implementation 'org.springframework.boot:spring-boot-starter-web:2.5.3'\n implementation 'org.springframework.boot:spring-boot-starter-security:2.5.3'\n implementation 'org.springframework.boot:spring-boot-starter-jdbc:2.5.3'\n implementation 'org.springframework.security.experimental:spring-security-oauth2-authorization-server:0.1.2'\n implementation 'org.springframework.security:spring-security-oauth2-core:5.5.1'\n implementation 'org.springframework.security.oauth:spring-security-oauth2:2.5.1.RELEASE'\n implementation 'org.springframework.security:spring-security-cas:5.5.1'\n runtimeOnly 'com.h2database:h2:1.4.200'\n\n compileOnly 'org.projectlombok:lombok:1.18.20'\n\n developmentOnly 'org.springframework.boot:spring-boot-devtools:2.5.3'\n\n annotationProcessor 'org.projectlombok:lombok:1.18.20'\n\n testImplementation 'org.springframework.boot:spring-boot-starter-test:2.5.3'\n testImplementation 'net.sourceforge.htmlunit:htmlunit:2.52.0'\n}<\/code><\/pre>\nserver:\n port: 9000\n\nlogging:\n level:\n # root: DEBUG\n org.springframework.web: DEBUG\n org.springframework.security: DEBUG\n org.springframework.security.oauth2: DEBUG\n # org.springframework.boot.autoconfigure: DEBUG<\/code><\/pre>\n@Configuration(proxyBeanMethods = false)\npublic class AuthorizationServerConfig {\n\n @Bean\n @Order(Ordered.HIGHEST_PRECEDENCE)\n public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {\n OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);\n return http.formLogin(Customizer.withDefaults()).build();\n }\n\n \/\/ @formatter:off\n @Bean\n public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTemplate) {\n\n RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())\n .clientId("foo")\n .clientSecret("{noop}bar")\n .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)\n .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)\n .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)\n .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)\n .redirectUri("http:\/\/127.0.0.1:8080\/login\/oauth2\/code\/messaging-client-oidc")\n .redirectUri("http:\/\/127.0.0.1:8080\/authorized")\n .scope(OidcScopes.OPENID)\n .scope("message.read")\n .scope("message.write")\n \/\/ .clientSettings(clientSettingsConsumer)\n .build();\n\n \/\/ Save registered client in db as if in-memory\n JdbcRegisteredClientRepository registeredClientRepository = new JdbcRegisteredClientRepository(jdbcTemplate);\n registeredClientRepository.save(registeredClient);\n\n return registeredClientRepository;\n }\n \/\/ @formatter:on\n\n @Bean\n public OAuth2AuthorizationService authorizationService(JdbcTemplate jdbcTemplate, RegisteredClientRepository registeredClientRepository) {\n return new JdbcOAuth2AuthorizationService(jdbcTemplate, registeredClientRepository);\n }\n\n @Bean\n public OAuth2AuthorizationConsentService authorizationConsentService(JdbcTemplate jdbcTemplate, RegisteredClientRepository registeredClientRepository) {\n return new JdbcOAuth2AuthorizationConsentService(jdbcTemplate, registeredClientRepository);\n }\n\n @Bean\n public JWKSource<SecurityContext> jwkSource() {\n RSAKey rsaKey = Jwks.generateRsa();\n JWKSet jwkSet = new JWKSet(rsaKey);\n return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);\n }\n\n @Bean\n public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {\n return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);\n }\n\n @Bean\n public ProviderSettings providerSettings() {\n ProviderSettings providerSettings = new ProviderSettings();\n return providerSettings.issuer("http:\/\/auth.localhost:9000");\n }\n\n @Bean\n public EmbeddedDatabase embeddedDatabase() {\n \/\/ @formatter:off\n return new EmbeddedDatabaseBuilder()\n .generateUniqueName(true)\n .setType(EmbeddedDatabaseType.H2)\n .setScriptEncoding("UTF-8")\n .addScript("org\/springframework\/security\/oauth2\/server\/authorization\/oauth2-authorization-schema.sql")\n .addScript("org\/springframework\/security\/oauth2\/server\/authorization\/oauth2-authorization-consent-schema.sql")\n .addScript("org\/springframework\/security\/oauth2\/server\/authorization\/client\/oauth2-registered-client-schema.sql")\n .build();\n \/\/ @formatter:on\n }\n}<\/code><\/pre>\n@EnableWebSecurity\npublic class DefaultSecurityConfig {\n\n \/\/ @formatter:off\n @Bean\n SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {\n http\n .authorizeRequests(authorizeRequests ->\n authorizeRequests.anyRequest().authenticated()\n )\n .formLogin(withDefaults());\n return http.build();\n }\n \/\/ @formatter:on\n\n \/\/ @formatter:off\n @Bean\n UserDetailsService users() {\n UserDetails user = User.withDefaultPasswordEncoder()\n .username("user")\n .password("pass")\n .roles("USER")\n .build();\n return new InMemoryUserDetailsManager(user);\n }\n \/\/ @formatter:on\n}<\/code><\/pre>\nfinal class KeyGeneratorUtils {\n\n private KeyGeneratorUtils() {\n }\n\n static SecretKey generateSecretKey() {\n SecretKey hmacKey;\n try {\n hmacKey = KeyGenerator.getInstance("HmacSha256").generateKey();\n } catch (Exception ex) {\n throw new IllegalStateException(ex);\n }\n return hmacKey;\n }\n\n static KeyPair generateRsaKey() {\n KeyPair keyPair;\n try {\n KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");\n keyPairGenerator.initialize(2048);\n keyPair = keyPairGenerator.generateKeyPair();\n } catch (Exception ex) {\n throw new IllegalStateException(ex);\n }\n return keyPair;\n }\n\n static KeyPair generateEcKey() {\n EllipticCurve ellipticCurve = new EllipticCurve(\n new ECFieldFp(\n new BigInteger("115792089210356248762697446949407573530086143415290314195533631308867097853951")),\n new BigInteger("115792089210356248762697446949407573530086143415290314195533631308867097853948"),\n new BigInteger("41058363725152142129326129780047268409114441015993725554835256314039467401291"));\n ECPoint ecPoint = new ECPoint(\n new BigInteger("48439561293906451759052585252797914202762949526041747995844080717082404635286"),\n new BigInteger("36134250956749795798585127919587881956611106672985015071877198253568414405109"));\n ECParameterSpec ecParameterSpec = new ECParameterSpec(\n ellipticCurve,\n ecPoint,\n new BigInteger("115792089210356248762697446949407573529996955224135760342422259061068512044369"),\n 1);\n\n KeyPair keyPair;\n try {\n KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");\n keyPairGenerator.initialize(ecParameterSpec);\n keyPair = keyPairGenerator.generateKeyPair();\n } catch (Exception ex) {\n throw new IllegalStateException(ex);\n }\n return keyPair;\n }\n}<\/code><\/pre>\npublic class Jwks {\n\n private Jwks() {\n }\n\n public static RSAKey generateRsa() {\n KeyPair keyPair = KeyGeneratorUtils.generateRsaKey();\n RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();\n RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();\n \/\/ @formatter:off\n return new RSAKey.Builder(publicKey)\n .privateKey(privateKey)\n .keyID(UUID.randomUUID().toString())\n .build();\n \/\/ @formatter:on\n }\n\n public static ECKey generateEc() {\n KeyPair keyPair = KeyGeneratorUtils.generateEcKey();\n ECPublicKey publicKey = (ECPublicKey) keyPair.getPublic();\n ECPrivateKey privateKey = (ECPrivateKey) keyPair.getPrivate();\n Curve curve = Curve.forECParameterSpec(publicKey.getParams());\n \/\/ @formatter:off\n return new ECKey.Builder(curve, publicKey)\n .privateKey(privateKey)\n .keyID(UUID.randomUUID().toString())\n .build();\n \/\/ @formatter:on\n }\n\n public static OctetSequenceKey generateSecret() {\n SecretKey secretKey = KeyGeneratorUtils.generateSecretKey();\n \/\/ @formatter:off\n return new OctetSequenceKey.Builder(secretKey)\n .keyID(UUID.randomUUID().toString())\n .build();\n \/\/ @formatter:on\n }\n}<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"