\ucc38\uc870<\/a><\/p>\n \ucc38\uc870<\/a><\/p>\n \ucc38\uace0<\/a><\/p>\n \uc778\uc99d\ud0a4\ub97c \ubc1c\uae09\ud558\uace0, \ubc1c\uae09\ub41c \uc778\uc99d\ud0a4\ub97c \uae30\ubc18\uc73c\ub85c API Access \ub97c \ud5c8\uc6a9\ud55c\ub2e4.<\/p>\n Spring Boot ACL \ucc38\uc870 \ucc38\uc870 \ucc38\uace0 \ubaa9\ud45c \uc778\uc99d\ud0a4\ub97c \ubc1c\uae09\ud558\uace0, \ubc1c\uae09\ub41c \uc778\uc99d\ud0a4\ub97c \uae30\ubc18\uc73c\ub85c API Access \ub97c \ud5c8\uc6a9\ud55c\ub2e4. \/\/ $ curl -H "X-Authorization: $some_secret_token" http:\/\/localhost\/user $.ajax({ url: 'http:\/\/localhost\/user', headers: { 'X-Authorization': '$some_secret_token' } }); \uc778\uc99d \ub370\uc774\ud0c0 \uc0dd\uc131 create table tbl_api_user( id bigint(20) unsigned not null auto_increment, primary key (id), unique key unique_id (id), access_domain varchar(255) NOT NULL,\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29,1],"tags":[],"class_list":["post-3579","post","type-post","status-publish","format-standard","hentry","category-spring-boot-2-5","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/3579","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3579"}],"version-history":[{"count":6,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/3579\/revisions"}],"predecessor-version":[{"id":3588,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/3579\/revisions\/3588"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\ubaa9\ud45c<\/h2>\n
\/\/ $ curl -H "X-Authorization: $some_secret_token" http:\/\/localhost\/user\n\n$.ajax({\n url: 'http:\/\/localhost\/user',\n headers: { 'X-Authorization': '$some_secret_token' }\n});<\/code><\/pre>\n\uc778\uc99d \ub370\uc774\ud0c0 \uc0dd\uc131<\/h2>\n
create table tbl_api_user(\n id bigint(20) unsigned not null auto_increment,\n primary key (id),\n unique key unique_id (id),\n access_domain varchar(255) NOT NULL,\n access_token VARCHAR(100) NOT NULL,\n access_expire varchar(10),\n modify_time timestamp not null default current_timestamp on update current_timestamp,\n insert_time timestamp not null default current_timestamp\n);\n\nINSERT INTO tbl_api_user(access_domain, access_token, access_expire)\nVALUES('http:\/\/localhost:8080', LEFT(REPLACE(UUID(), '-', ''), 50), '2099-12-31');\n\nSELECT * FROM tbl_api_user;<\/code><\/pre>\nCORS \uc124\uc815<\/h2>\n
public class CorsFilter implements Filter {\n\n @Override\n public void init(FilterConfig filterConfig) throws ServletException {\n\n }\n\n @Override\n public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {\n HttpServletResponse response = (HttpServletResponse) servletResponse;\n HttpServletRequest request = (HttpServletRequest) servletRequest;\n\n response.setHeader("Access-Control-Allow-Origin", "*");\n response.setHeader("Access-Control-Allow-Methods", "GET,POST,DELETE,PUT,OPTIONS");\n response.setHeader("Access-Control-Allow-Headers", "*");\n response.setHeader("Access-Control-Allow-Credentials", "true");\n response.setHeader("Access-Control-Max-Age", "3600");\n\n if ("OPTIONS".equals(request.getMethod())) {\n \/\/ for CORS preflight channel\n response.setStatus(HttpServletResponse.SC_OK);\n } else {\n filterChain.doFilter(request, response);\n }\n }\n\n @Override\n public void destroy() {\n\n }\n}<\/code><\/pre>\nRSA \ud0a4 \uc778\uc99d \uc124\uc815<\/h2>\n
public class RsaAuthToken extends AbstractAuthenticationToken {\n\n private Integer principal;\n private Object credentials;\n\n private final String accessToken;\n private final String remoteHost;\n\n public RsaAuthToken(String accessToken, String remoteHost) {\n super(null);\n this.accessToken = accessToken;\n this.remoteHost = remoteHost;\n }\n\n @Override\n public Object getCredentials() {\n return null;\n }\n\n @Override\n public Object getPrincipal() {\n return principal;\n }\n\n public void setPrincipal(Integer principal) {\n this.principal = principal;\n }\n\n public String getAccessToken() {\n return accessToken;\n }\n\n public String getRemoteHost() {\n return remoteHost;\n }\n}<\/code><\/pre>\npublic class RsaHeaderKeyFilter extends OncePerRequestFilter {\n\n public RsaHeaderKeyFilter() {\n Logger log = LoggerFactory.getLogger(RsaHeaderKeyFilter.class);\n log.info("RsaHeaderKeyFilter init");\n }\n\n @Override\n protected void doFilterInternal(HttpServletRequest request,\n HttpServletResponse response, FilterChain filterChain)\n throws ServletException, IOException {\n\n String accessToken = request.getHeader("X-Authorization");\n String referer = request.getHeader("referer"); \/\/ TODO : referer hijacking \uc740 \ub098\uc911\uc5d0 \uc0dd\uac01\ud558\uc790.\n\n if ("localhost".equals(request.getServerName())) {\n referer = request.getScheme() + ":\/\/" + request.getServerName() + ":" + request.getServerPort();\n }\n\n if (accessToken != null && referer != null) {\n Authentication auth = new RsaAuthToken(accessToken, referer);\n SecurityContextHolder.getContext().setAuthentication(auth);\n\n System.out.println("xAuth : " + accessToken);\n System.out.println("referer : " + referer);\n }\n\n filterChain.doFilter(request, response);\n }\n}<\/code><\/pre>\nSpring Security \uc124\uc815<\/h2>\n
@Component\npublic class TokenAuthenticationProvider implements AuthenticationProvider {\n\n \/\/ Service \ub97c \uc8fc\uc785\ubc1b\uace0, \uc11c\ube44\uc2a4\uc5d0 Spring Boot Cache \ub97c \uc801\uc6a9\ud558\uc5ec \ubd80\ud558\ub97c \uc904\uc77c \uc218 \uc788\ub2e4.\n private final ApiUserRepository userRepository;\n\n @Autowired\n public TokenAuthenticationProvider(ApiUserRepository userRepository) {\n this.userRepository = userRepository;\n }\n\n @Override\n public Authentication authenticate(Authentication authentication) throws AuthenticationException {\n\n RsaAuthToken rsaAuthToken = (RsaAuthToken) authentication;\n List<ApiUser> userList = userRepository.findByAccessToken(rsaAuthToken.getAccessToken());\n\n if(userList.isEmpty()){\n throw new UnknownUserException("Invalid access token : " + rsaAuthToken.getAccessToken());\n }\n\n for (ApiUser user : userList) {\n if (rsaAuthToken.getRemoteHost().startsWith(user.getAccessDomain())) {\n\n DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd");\n if (user.getAccessExpire().compareTo(LocalDate.now().format(formatter)) > 0) {\n rsaAuthToken.setPrincipal(user.getId());\n\n return rsaAuthToken;\n }\n }\n }\n\n throw new UnknownUserException("Access denied : " + rsaAuthToken.getRemoteHost());\n }\n\n @Override\n public boolean supports(Class<?> authentication) {\n return RsaAuthToken.class.isAssignableFrom(authentication);\n }\n}<\/code><\/pre>\n@EnableWebSecurity\npublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {\n\n private final TokenAuthenticationProvider authenticationProvider;\n\n public WebSecurityConfig(TokenAuthenticationProvider authenticationProvider) {\n this.authenticationProvider = authenticationProvider;\n }\n\n @Bean\n CorsFilter corsFilter() {\n return new CorsFilter();\n }\n\n @Bean\n RsaHeaderKeyFilter rsaHeaderKeyFilter() {\n return new RsaHeaderKeyFilter();\n }\n\n @Override\n protected void configure(HttpSecurity http) throws Exception {\n\n \/\/ curl -v "http:\/\/localhost:8080\/health\/index.html"\n \/\/ curl -v http:\/\/localhost:8080\/v1\/esrestaurant\/?q=%EA%B9%80%EC%B9%98\n \/\/ curl -v -H "X-Authorization: XXXXXXXXXXXXXXXXXXXXX" "http:\/\/localhost:8080\/v1\/esrestaurant\/?q=%EA%B9%80%EC%B9%98%EC%B0%8C%EA%B0%9C&s=10&p=0&las=35.48608721246216&lae=38.49363416030283&los=125.93452195073536&loe=127.94537104338305"\n \/\/ curl -v -H "X-Authorization: XXXXXXXXXXXXXXXXXXXXX" "https:\/\/nb.skyer9.pe.kr:28080\/v1\/esrestaurant\/?q=%EA%B9%80%EC%B9%98%EC%B0%8C%EA%B0%9C&s=10&p=0&las=35.48608721246216&lae=38.49363416030283&los=125.93452195073536&loe=127.94537104338305"\n\n http\n .addFilterBefore(corsFilter(), SessionManagementFilter.class)\n .addFilterBefore(rsaHeaderKeyFilter(), BasicAuthenticationFilter.class)\n .authorizeRequests().antMatchers("\/health\/**").permitAll()\n .anyRequest().authenticated();\n }\n\n @Override\n public void configure(AuthenticationManagerBuilder auth) throws Exception {\n auth.authenticationProvider(authenticationProvider);\n }\n}<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"