From 80ec539a7f3acb1c50d3d335dd1fa7cf86845515 Mon Sep 17 00:00:00 2001
From: xit <xit@DESKTOP-DV1FEQ7>
Date: Wed, 3 May 2023 05:50:29 +0900
Subject: [PATCH] =?UTF-8?q?=EA=B6=8C=ED=95=9C/=EA=B8=B0=EB=8A=A5=EA=B7=B8?=
 =?UTF-8?q?=EB=A3=B9=20=EB=A1=9C=EB=94=A9=20=EA=B4=80=EB=A0=A8=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../base/security/{access => }/AccessContext.java | 13 +++++++++++--
 .../java/cokr/xit/base/security/Authority.java    |  6 ++++++
 .../cokr/xit/base/security/SecuredUserInfo.java   | 15 +++++++++++++++
 .../base/security/access/ApplicationAccess.java   |  6 +++---
 .../service/bean/ActionGroupServiceBean.java      |  9 ++++++---
 .../access/service/bean/AuthorityServiceBean.java |  9 ++++++---
 .../service/bean/AuthenticationServiceBean.java   |  8 ++++----
 .../access/service/AuthorityServiceTest.java      |  6 +++---
 8 files changed, 54 insertions(+), 18 deletions(-)
 rename src/main/java/cokr/xit/base/security/{access => }/AccessContext.java (91%)

diff --git a/src/main/java/cokr/xit/base/security/access/AccessContext.java b/src/main/java/cokr/xit/base/security/AccessContext.java
similarity index 91%
rename from src/main/java/cokr/xit/base/security/access/AccessContext.java
rename to src/main/java/cokr/xit/base/security/AccessContext.java
index ef92a9b..8962fa6 100644
--- a/src/main/java/cokr/xit/base/security/access/AccessContext.java
+++ b/src/main/java/cokr/xit/base/security/AccessContext.java
@@ -1,4 +1,4 @@
-package cokr.xit.base.security.access;
+package cokr.xit.base.security;
 
 import java.util.Collections;
 import java.util.List;
@@ -13,7 +13,6 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
 import org.springframework.stereotype.Component;
 
-import cokr.xit.base.security.Authority;
 import cokr.xit.base.security.access.dao.AuthorityMapper;
 import cokr.xit.foundation.AbstractComponent;
 
@@ -61,6 +60,16 @@ public class AccessContext extends AbstractComponent implements ApplicationConte
 			});
 	}
 
+	/**관련 정보가 변경되면 권한과 기능을 다시 로드한다.
+	 * @param affected 변경된 관련 정보수
+	 * @return 변경된 관련 정보수
+	 */
+	public int loadAuthorities(int affected) {
+		if (affected > 0)
+			loadAuthorities();
+		return affected;
+	}
+
 	/**지정하는 권한들을 반환한다.
 	 * @param authIDs 권한 아이디
 	 * @return 권한 목록
diff --git a/src/main/java/cokr/xit/base/security/Authority.java b/src/main/java/cokr/xit/base/security/Authority.java
index 09efd99..d2f28e5 100644
--- a/src/main/java/cokr/xit/base/security/Authority.java
+++ b/src/main/java/cokr/xit/base/security/Authority.java
@@ -16,6 +16,12 @@ import cokr.xit.foundation.data.StringMap;
  */
 public class Authority implements GrantedAuthority {
 	private static final long serialVersionUID = 1L;
+	/** 시스템 관리자 권한 아이디 */
+	public static final String ADMIN = "ROLE_ADMIN";
+	/** 시스템 사용자 권한 아이디 */
+	public static final String USER = "ROLE_USER";
+	/** 익명 사용자 권한 아이디 */
+	public static final String ANONYMOUS = "ROLE_ANONYMOUS";
 
 	/**권한 유형
 	 * @author mjkhan
diff --git a/src/main/java/cokr/xit/base/security/SecuredUserInfo.java b/src/main/java/cokr/xit/base/security/SecuredUserInfo.java
index b2d4b3b..bf675c1 100644
--- a/src/main/java/cokr/xit/base/security/SecuredUserInfo.java
+++ b/src/main/java/cokr/xit/base/security/SecuredUserInfo.java
@@ -1,9 +1,12 @@
 package cokr.xit.base.security;
 
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import java.util.stream.Collectors;
 
+import javax.annotation.Resource;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -22,6 +25,13 @@ public class SecuredUserInfo extends UserInfo implements UserDetails {
 	 */
 	@Component(UserInfo.SEC_NAME)
 	public static class Provider extends UserInfo.Provider {
+		@Resource(name = "accessContext")
+		private AccessContext accessContext;
+
+		public static Provider get() {
+			return Provider.class.cast(UserInfo.Provider.get());
+		}
+
 		@Override
 		public UserInfo currentUser() {
 			return userInfo == null ? get(SecurityContextHolder.getContext().getAuthentication()) : (UserInfo)userInfo;
@@ -38,6 +48,10 @@ public class SecuredUserInfo extends UserInfo implements UserDetails {
 				throw new IllegalArgumentException("userInfo is not a SecuredUserInfo");
 			super.setUserInfo(userInfo);
 		}
+
+		public AccessContext getAccessContext() {
+			return accessContext;
+		}
 	}
 
 	/**인증되지 않은 사용자 정보
@@ -146,6 +160,7 @@ public class SecuredUserInfo extends UserInfo implements UserDetails {
 	}
 
 	private SecuredUserInfo seal() {
+		authorities = Provider.get().getAccessContext().getAuthorities(Arrays.asList(Authority.ANONYMOUS));
 		sealed = true;
 		return this;
 	}
diff --git a/src/main/java/cokr/xit/base/security/access/ApplicationAccess.java b/src/main/java/cokr/xit/base/security/access/ApplicationAccess.java
index 4dc8aee..1e8c1f4 100644
--- a/src/main/java/cokr/xit/base/security/access/ApplicationAccess.java
+++ b/src/main/java/cokr/xit/base/security/access/ApplicationAccess.java
@@ -8,7 +8,7 @@ import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.core.Authentication;
 
-import cokr.xit.base.security.Authority;
+import cokr.xit.base.security.AccessContext;
 import cokr.xit.base.security.SecuredUserInfo;
 import cokr.xit.foundation.AbstractComponent;
 import cokr.xit.foundation.Access;
@@ -54,11 +54,11 @@ public class ApplicationAccess extends AbstractComponent implements AccessDecisi
 		SecuredUserInfo userInfo = currentUser();
 		if (userInfo.isGranted(action))
 			return ACCESS_GRANTED;
-
+/*
 		for (Authority authority: accessContext.getImplicits())
 			if (authority.isGranted(action))
 				return ACCESS_GRANTED;
-
+*/
 		return ACCESS_DENIED;
 	}
 }
\ No newline at end of file
diff --git a/src/main/java/cokr/xit/base/security/access/service/bean/ActionGroupServiceBean.java b/src/main/java/cokr/xit/base/security/access/service/bean/ActionGroupServiceBean.java
index df95ba4..744ba7d 100644
--- a/src/main/java/cokr/xit/base/security/access/service/bean/ActionGroupServiceBean.java
+++ b/src/main/java/cokr/xit/base/security/access/service/bean/ActionGroupServiceBean.java
@@ -6,6 +6,7 @@ import javax.annotation.Resource;
 
 import org.springframework.stereotype.Service;
 
+import cokr.xit.base.security.AccessContext;
 import cokr.xit.base.security.access.ActionGroup;
 import cokr.xit.base.security.access.dao.AuthorityMapper;
 import cokr.xit.base.security.access.service.ActionGroupService;
@@ -22,6 +23,8 @@ public class ActionGroupServiceBean extends AbstractServiceBean implements Actio
 	private ActionGroupBean actionGroupBean;
 	@Resource(name="authorityMapper")
 	private AuthorityMapper authorityMapper;
+	@Resource(name="accessContext")
+	private AccessContext accessContext;
 
 	@Override
 	public List<DataObject> getGroupList(ActionQuery req) {
@@ -53,7 +56,7 @@ public class ActionGroupServiceBean extends AbstractServiceBean implements Actio
 	@Override
 	public int remove(String... groupIDs) {
 		authorityMapper.removeActionGroups(groupIDs);
-		return actionGroupBean.remove(groupIDs);
+		return accessContext.loadAuthorities(actionGroupBean.remove(groupIDs));
 	}
 
 	@Override
@@ -63,11 +66,11 @@ public class ActionGroupServiceBean extends AbstractServiceBean implements Actio
 
 	@Override
 	public int addActions(String groupID, String... actions) {
-		return actionGroupBean.addActions(groupID, actions);
+		return accessContext.loadAuthorities(actionGroupBean.addActions(groupID, actions));
 	}
 
 	@Override
 	public int removeActions(String groupID, String... actions) {
-		return actionGroupBean.removeActions(groupID, actions);
+		return accessContext.loadAuthorities(actionGroupBean.removeActions(groupID, actions));
 	}
 }
\ No newline at end of file
diff --git a/src/main/java/cokr/xit/base/security/access/service/bean/AuthorityServiceBean.java b/src/main/java/cokr/xit/base/security/access/service/bean/AuthorityServiceBean.java
index 7c276c9..8602ed8 100644
--- a/src/main/java/cokr/xit/base/security/access/service/bean/AuthorityServiceBean.java
+++ b/src/main/java/cokr/xit/base/security/access/service/bean/AuthorityServiceBean.java
@@ -6,6 +6,7 @@ import javax.annotation.Resource;
 
 import org.springframework.stereotype.Service;
 
+import cokr.xit.base.security.AccessContext;
 import cokr.xit.base.security.Authority;
 import cokr.xit.base.security.access.service.AuthorityQuery;
 import cokr.xit.base.security.access.service.AuthorityService;
@@ -19,6 +20,8 @@ import cokr.xit.foundation.data.DataObject;
 public class AuthorityServiceBean extends AbstractServiceBean implements AuthorityService {
 	@Resource(name="authorityBean")
 	private AuthorityBean authorityMapper;
+	@Resource(name="accessContext")
+	private AccessContext accessContext;
 
 	@Override
 	public List<DataObject> getAuthorityList(AuthorityQuery req) {
@@ -47,7 +50,7 @@ public class AuthorityServiceBean extends AbstractServiceBean implements Authori
 
 	@Override
 	public int removeAuthorities(String... authIDs) {
-		return authorityMapper.removeAuthorities(authIDs);
+		return accessContext.loadAuthorities(authorityMapper.removeAuthorities(authIDs));
 	}
 
 	@Override
@@ -57,12 +60,12 @@ public class AuthorityServiceBean extends AbstractServiceBean implements Authori
 
 	@Override
 	public int addActionGroups(String authID, String... groupIDs) {
-		return authorityMapper.addActionGroups(authID, groupIDs);
+		return accessContext.loadAuthorities(authorityMapper.addActionGroups(authID, groupIDs));
 	}
 
 	@Override
 	public int removeActionGroups(String authID, String... groupIDs) {
-		return authorityMapper.removeActionGroups(authID, groupIDs);
+		return accessContext.loadAuthorities(authorityMapper.removeActionGroups(authID, groupIDs));
 	}
 
 	@Override
diff --git a/src/main/java/cokr/xit/base/security/authentication/service/bean/AuthenticationServiceBean.java b/src/main/java/cokr/xit/base/security/authentication/service/bean/AuthenticationServiceBean.java
index 4c4a6d1..3f88a13 100644
--- a/src/main/java/cokr/xit/base/security/authentication/service/bean/AuthenticationServiceBean.java
+++ b/src/main/java/cokr/xit/base/security/authentication/service/bean/AuthenticationServiceBean.java
@@ -14,9 +14,9 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
+import cokr.xit.base.security.AccessContext;
 import cokr.xit.base.security.Authority;
 import cokr.xit.base.security.SecuredUserInfo;
-import cokr.xit.base.security.access.AccessContext;
 import cokr.xit.base.security.access.dao.AuthorityMapper;
 import cokr.xit.base.security.authentication.AuthenticationPolicy;
 import cokr.xit.base.security.authentication.dao.AuthenticationDao;
@@ -140,9 +140,9 @@ public class AuthenticationServiceBean extends DaoAuthenticationProvider impleme
 	 */
 	protected void setAuthorities(SecuredUserInfo userInfo) {
 		List<String> authIDs = authorityMapper.getUserAuths(userInfo.getId());
-		if (!authIDs.contains("ROLE_ADMIN")) {
-//			authIDs.add("ROLE_USER");
-//			authIDs.add("ROLE_ANONYMOUS");
+		if (!authIDs.contains(Authority.ADMIN)) {
+			authIDs.add(Authority.USER);
+			authIDs.add(Authority.ANONYMOUS);
 		}
 		userInfo.setAuthorities(getAuthorities(authIDs));
 	}
diff --git a/src/test/java/cokr/xit/base/security/access/service/AuthorityServiceTest.java b/src/test/java/cokr/xit/base/security/access/service/AuthorityServiceTest.java
index f50ec47..c288e19 100644
--- a/src/test/java/cokr/xit/base/security/access/service/AuthorityServiceTest.java
+++ b/src/test/java/cokr/xit/base/security/access/service/AuthorityServiceTest.java
@@ -33,15 +33,15 @@ public class AuthorityServiceTest extends TestSupport {
 		authorityService.getAuthorities("auth-0", "auth-1", "auth-2");
 		authorityService.getAuthorities("auth-0");
 
-		Authority auth = authorityService.getAuthority("ROLE_ADMIN");
+		Authority auth = authorityService.getAuthority(Authority.ADMIN);
 		Assertions.assertNotNull(auth);
 		Assertions.assertEquals(Authority.Type.SUPER, auth.type());
 
-		auth = authorityService.getAuthority("ROLE_USER");
+		auth = authorityService.getAuthority(Authority.USER);
 		Assertions.assertNotNull(auth);
 		Assertions.assertEquals(Authority.Type.IMPLICIT, auth.type());
 
-		auth = authorityService.getAuthority("ROLE_ANONYMOUS");
+		auth = authorityService.getAuthority(Authority.ANONYMOUS);
 		Assertions.assertNotNull(auth);
 		Assertions.assertEquals(Authority.Type.IMPLICIT, auth.type());
 	}