권한/기능그룹 로딩 관련 수정

src/main/java/cokr/xit/base/security/AccessContext.java

@@ -1,4 +1,4 @@
-package cokr.xit.base.security.access;
+package cokr.xit.base.security;
 
 import java.util.Collections;
 import java.util.List;
@@ -13,7 +13,6 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
 import org.springframework.stereotype.Component;
 
-import cokr.xit.base.security.Authority;
 import cokr.xit.base.security.access.dao.AuthorityMapper;
 import cokr.xit.foundation.AbstractComponent;
 
@@ -61,6 +60,16 @@ public class AccessContext extends AbstractComponent implements ApplicationConte
 			});
 	}
 
+	/**관련 정보가 변경되면 권한과 기능을 다시 로드한다.
+	 * @param affected 변경된 관련 정보수
+	 * @return 변경된 관련 정보수
+	 */
+	public int loadAuthorities(int affected) {
+		if (affected > 0)
+			loadAuthorities();
+		return affected;
+	}
+
 	/**지정하는 권한들을 반환한다.
 	 * @param authIDs 권한 아이디
 	 * @return 권한 목록

src/main/java/cokr/xit/base/security/Authority.java

@@ -16,6 +16,12 @@ import cokr.xit.foundation.data.StringMap;
  */
 public class Authority implements GrantedAuthority {
 	private static final long serialVersionUID = 1L;
+	/** 시스템 관리자 권한 아이디 */
+	public static final String ADMIN = "ROLE_ADMIN";
+	/** 시스템 사용자 권한 아이디 */
+	public static final String USER = "ROLE_USER";
+	/** 익명 사용자 권한 아이디 */
+	public static final String ANONYMOUS = "ROLE_ANONYMOUS";
 
 	/**권한 유형
 	 * @author mjkhan

src/main/java/cokr/xit/base/security/SecuredUserInfo.java

@@ -1,9 +1,12 @@
 package cokr.xit.base.security;
 
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import java.util.stream.Collectors;
 
+import javax.annotation.Resource;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -22,6 +25,13 @@ public class SecuredUserInfo extends UserInfo implements UserDetails {
 	 */
 	@Component(UserInfo.SEC_NAME)
 	public static class Provider extends UserInfo.Provider {
+		@Resource(name = "accessContext")
+		private AccessContext accessContext;
+
+		public static Provider get() {
+			return Provider.class.cast(UserInfo.Provider.get());
+		}
+
 		@Override
 		public UserInfo currentUser() {
 			return userInfo == null ? get(SecurityContextHolder.getContext().getAuthentication()) : (UserInfo)userInfo;
@@ -38,6 +48,10 @@ public class SecuredUserInfo extends UserInfo implements UserDetails {
 				throw new IllegalArgumentException("userInfo is not a SecuredUserInfo");
 			super.setUserInfo(userInfo);
 		}
+
+		public AccessContext getAccessContext() {
+			return accessContext;
+		}
 	}
 
 	/**인증되지 않은 사용자 정보
@@ -146,6 +160,7 @@ public class SecuredUserInfo extends UserInfo implements UserDetails {
 	}
 
 	private SecuredUserInfo seal() {
+		authorities = Provider.get().getAccessContext().getAuthorities(Arrays.asList(Authority.ANONYMOUS));
 		sealed = true;
 		return this;
 	}

src/main/java/cokr/xit/base/security/access/ApplicationAccess.java

@@ -8,7 +8,7 @@ import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.core.Authentication;
 
-import cokr.xit.base.security.Authority;
+import cokr.xit.base.security.AccessContext;
 import cokr.xit.base.security.SecuredUserInfo;
 import cokr.xit.foundation.AbstractComponent;
 import cokr.xit.foundation.Access;
@@ -54,11 +54,11 @@ public class ApplicationAccess extends AbstractComponent implements AccessDecisi
 		SecuredUserInfo userInfo = currentUser();
 		if (userInfo.isGranted(action))
 			return ACCESS_GRANTED;
-
+/*
 		for (Authority authority: accessContext.getImplicits())
 			if (authority.isGranted(action))
 				return ACCESS_GRANTED;
-
+*/
 		return ACCESS_DENIED;
 	}
 }

src/main/java/cokr/xit/base/security/access/service/bean/ActionGroupServiceBean.java

@@ -6,6 +6,7 @@ import javax.annotation.Resource;
 
 import org.springframework.stereotype.Service;
 
+import cokr.xit.base.security.AccessContext;
 import cokr.xit.base.security.access.ActionGroup;
 import cokr.xit.base.security.access.dao.AuthorityMapper;
 import cokr.xit.base.security.access.service.ActionGroupService;
@@ -22,6 +23,8 @@ public class ActionGroupServiceBean extends AbstractServiceBean implements Actio
 	private ActionGroupBean actionGroupBean;
 	@Resource(name="authorityMapper")
 	private AuthorityMapper authorityMapper;
+	@Resource(name="accessContext")
+	private AccessContext accessContext;
 
 	@Override
 	public List<DataObject> getGroupList(ActionQuery req) {
@@ -53,7 +56,7 @@ public class ActionGroupServiceBean extends AbstractServiceBean implements Actio
 	@Override
 	public int remove(String... groupIDs) {
 		authorityMapper.removeActionGroups(groupIDs);
-		return actionGroupBean.remove(groupIDs);
+		return accessContext.loadAuthorities(actionGroupBean.remove(groupIDs));
 	}
 
 	@Override
@@ -63,11 +66,11 @@ public class ActionGroupServiceBean extends AbstractServiceBean implements Actio
 
 	@Override
 	public int addActions(String groupID, String... actions) {
-		return actionGroupBean.addActions(groupID, actions);
+		return accessContext.loadAuthorities(actionGroupBean.addActions(groupID, actions));
 	}
 
 	@Override
 	public int removeActions(String groupID, String... actions) {
-		return actionGroupBean.removeActions(groupID, actions);
+		return accessContext.loadAuthorities(actionGroupBean.removeActions(groupID, actions));
 	}
 }

src/main/java/cokr/xit/base/security/access/service/bean/AuthorityServiceBean.java

@@ -6,6 +6,7 @@ import javax.annotation.Resource;
 
 import org.springframework.stereotype.Service;
 
+import cokr.xit.base.security.AccessContext;
 import cokr.xit.base.security.Authority;
 import cokr.xit.base.security.access.service.AuthorityQuery;
 import cokr.xit.base.security.access.service.AuthorityService;
@@ -19,6 +20,8 @@ import cokr.xit.foundation.data.DataObject;
 public class AuthorityServiceBean extends AbstractServiceBean implements AuthorityService {
 	@Resource(name="authorityBean")
 	private AuthorityBean authorityMapper;
+	@Resource(name="accessContext")
+	private AccessContext accessContext;
 
 	@Override
 	public List<DataObject> getAuthorityList(AuthorityQuery req) {
@@ -47,7 +50,7 @@ public class AuthorityServiceBean extends AbstractServiceBean implements Authori
 
 	@Override
 	public int removeAuthorities(String... authIDs) {
-		return authorityMapper.removeAuthorities(authIDs);
+		return accessContext.loadAuthorities(authorityMapper.removeAuthorities(authIDs));
 	}
 
 	@Override
@@ -57,12 +60,12 @@ public class AuthorityServiceBean extends AbstractServiceBean implements Authori
 
 	@Override
 	public int addActionGroups(String authID, String... groupIDs) {
-		return authorityMapper.addActionGroups(authID, groupIDs);
+		return accessContext.loadAuthorities(authorityMapper.addActionGroups(authID, groupIDs));
 	}
 
 	@Override
 	public int removeActionGroups(String authID, String... groupIDs) {
-		return authorityMapper.removeActionGroups(authID, groupIDs);
+		return accessContext.loadAuthorities(authorityMapper.removeActionGroups(authID, groupIDs));
 	}
 
 	@Override

src/main/java/cokr/xit/base/security/authentication/service/bean/AuthenticationServiceBean.java

@@ -14,9 +14,9 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
+import cokr.xit.base.security.AccessContext;
 import cokr.xit.base.security.Authority;
 import cokr.xit.base.security.SecuredUserInfo;
-import cokr.xit.base.security.access.AccessContext;
 import cokr.xit.base.security.access.dao.AuthorityMapper;
 import cokr.xit.base.security.authentication.AuthenticationPolicy;
 import cokr.xit.base.security.authentication.dao.AuthenticationDao;
@@ -140,9 +140,9 @@ public class AuthenticationServiceBean extends DaoAuthenticationProvider impleme
 	 */
 	protected void setAuthorities(SecuredUserInfo userInfo) {
 		List<String> authIDs = authorityMapper.getUserAuths(userInfo.getId());
-		if (!authIDs.contains("ROLE_ADMIN")) {
+		if (!authIDs.contains(Authority.ADMIN)) {
-//			authIDs.add("ROLE_USER");
+			authIDs.add(Authority.USER);
-//			authIDs.add("ROLE_ANONYMOUS");
+			authIDs.add(Authority.ANONYMOUS);
 		}
 		userInfo.setAuthorities(getAuthorities(authIDs));
 	}

src/test/java/cokr/xit/base/security/access/service/AuthorityServiceTest.java

@@ -33,15 +33,15 @@ public class AuthorityServiceTest extends TestSupport {
 		authorityService.getAuthorities("auth-0", "auth-1", "auth-2");
 		authorityService.getAuthorities("auth-0");
 
-		Authority auth = authorityService.getAuthority("ROLE_ADMIN");
+		Authority auth = authorityService.getAuthority(Authority.ADMIN);
 		Assertions.assertNotNull(auth);
 		Assertions.assertEquals(Authority.Type.SUPER, auth.type());
 
-		auth = authorityService.getAuthority("ROLE_USER");
+		auth = authorityService.getAuthority(Authority.USER);
 		Assertions.assertNotNull(auth);
 		Assertions.assertEquals(Authority.Type.IMPLICIT, auth.type());
 
-		auth = authorityService.getAuthority("ROLE_ANONYMOUS");
+		auth = authorityService.getAuthority(Authority.ANONYMOUS);
 		Assertions.assertNotNull(auth);
 		Assertions.assertEquals(Authority.Type.IMPLICIT, auth.type());
 	}