권한/기능그룹 로딩 관련 수정

2 years ago · 80ec539a7f
parent e1f497a404
commit 80ec539a7f
8 changed files with 54 additions and 18 deletions
--- a/src/main/java/cokr/xit/base/security/access/AccessContext.java
+++ b/src/main/java/cokr/xit/base/security/access/AccessContext.java
@ -1,4 +1,4 @@
-package cokr.xit.base.security.access;
+package cokr.xit.base.security;

 import java.util.Collections;
 import java.util.List;
@ -13,7 +13,6 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
 import org.springframework.stereotype.Component;

-import cokr.xit.base.security.Authority;
 import cokr.xit.base.security.access.dao.AuthorityMapper;
 import cokr.xit.foundation.AbstractComponent;

@ -61,6 +60,16 @@ public class AccessContext extends AbstractComponent implements ApplicationConte
 			});
 	}

+	/**관련 정보가 변경되면 권한과 기능을 다시 로드한다.
+	 * @param affected 변경된 관련 정보수
+	 * @return 변경된 관련 정보수
+	 */
+	public int loadAuthorities(int affected) {
+		if (affected > 0)
+			loadAuthorities();
+		return affected;
+	}
+
 	/**지정하는 권한들을 반환한다.
 	 * @param authIDs 권한 아이디
 	 * @return 권한 목록
--- a/src/main/java/cokr/xit/base/security/Authority.java
+++ b/src/main/java/cokr/xit/base/security/Authority.java
@ -16,6 +16,12 @@ import cokr.xit.foundation.data.StringMap;
 */
 public class Authority implements GrantedAuthority {
 	private static final long serialVersionUID = 1L;
+	/** 시스템 관리자 권한 아이디 */
+	public static final String ADMIN = "ROLE_ADMIN";
+	/** 시스템 사용자 권한 아이디 */
+	public static final String USER = "ROLE_USER";
+	/** 익명 사용자 권한 아이디 */
+	public static final String ANONYMOUS = "ROLE_ANONYMOUS";

 	/**권한 유형
 	 * @author mjkhan
--- a/src/main/java/cokr/xit/base/security/SecuredUserInfo.java
+++ b/src/main/java/cokr/xit/base/security/SecuredUserInfo.java
@ -1,9 +1,12 @@
 package cokr.xit.base.security;

+import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import java.util.stream.Collectors;

+import javax.annotation.Resource;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
@ -22,6 +25,13 @@ public class SecuredUserInfo extends UserInfo implements UserDetails {
 	 */
 	@Component(UserInfo.SEC_NAME)
 	public static class Provider extends UserInfo.Provider {
+		@Resource(name = "accessContext")
+		private AccessContext accessContext;
+
+		public static Provider get() {
+			return Provider.class.cast(UserInfo.Provider.get());
+		}
+
 		@Override
 		public UserInfo currentUser() {
 			return userInfo == null ? get(SecurityContextHolder.getContext().getAuthentication()) : (UserInfo)userInfo;
@ -38,6 +48,10 @@ public class SecuredUserInfo extends UserInfo implements UserDetails {
 				throw new IllegalArgumentException("userInfo is not a SecuredUserInfo");
 			super.setUserInfo(userInfo);
 		}
+
+		public AccessContext getAccessContext() {
+			return accessContext;
+		}
 	}

 	/**인증되지 않은 사용자 정보
@ -146,6 +160,7 @@ public class SecuredUserInfo extends UserInfo implements UserDetails {
 	}

 	private SecuredUserInfo seal() {
+		authorities = Provider.get().getAccessContext().getAuthorities(Arrays.asList(Authority.ANONYMOUS));
 		sealed = true;
 		return this;
 	}
--- a/src/main/java/cokr/xit/base/security/access/ApplicationAccess.java
+++ b/src/main/java/cokr/xit/base/security/access/ApplicationAccess.java
@ -8,7 +8,7 @@ import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.core.Authentication;

-import cokr.xit.base.security.Authority;
+import cokr.xit.base.security.AccessContext;
 import cokr.xit.base.security.SecuredUserInfo;
 import cokr.xit.foundation.AbstractComponent;
 import cokr.xit.foundation.Access;
@ -54,11 +54,11 @@ public class ApplicationAccess extends AbstractComponent implements AccessDecisi
 		SecuredUserInfo userInfo = currentUser();
 		if (userInfo.isGranted(action))
 			return ACCESS_GRANTED;
-
+/*
 		for (Authority authority: accessContext.getImplicits())
 			if (authority.isGranted(action))
 				return ACCESS_GRANTED;
-
+*/
 		return ACCESS_DENIED;
 	}
 }
--- a/src/main/java/cokr/xit/base/security/access/service/bean/ActionGroupServiceBean.java
+++ b/src/main/java/cokr/xit/base/security/access/service/bean/ActionGroupServiceBean.java
@ -6,6 +6,7 @@ import javax.annotation.Resource;

 import org.springframework.stereotype.Service;

+import cokr.xit.base.security.AccessContext;
 import cokr.xit.base.security.access.ActionGroup;
 import cokr.xit.base.security.access.dao.AuthorityMapper;
 import cokr.xit.base.security.access.service.ActionGroupService;
@ -22,6 +23,8 @@ public class ActionGroupServiceBean extends AbstractServiceBean implements Actio
 	private ActionGroupBean actionGroupBean;
 	@Resource(name="authorityMapper")
 	private AuthorityMapper authorityMapper;
+	@Resource(name="accessContext")
+	private AccessContext accessContext;

 	@Override
 	public List<DataObject> getGroupList(ActionQuery req) {
@ -53,7 +56,7 @@ public class ActionGroupServiceBean extends AbstractServiceBean implements Actio
 	@Override
 	public int remove(String... groupIDs) {
 		authorityMapper.removeActionGroups(groupIDs);
-		return actionGroupBean.remove(groupIDs);
+		return accessContext.loadAuthorities(actionGroupBean.remove(groupIDs));
 	}

 	@Override
@ -63,11 +66,11 @@ public class ActionGroupServiceBean extends AbstractServiceBean implements Actio

 	@Override
 	public int addActions(String groupID, String... actions) {
-		return actionGroupBean.addActions(groupID, actions);
+		return accessContext.loadAuthorities(actionGroupBean.addActions(groupID, actions));
 	}

 	@Override
 	public int removeActions(String groupID, String... actions) {
-		return actionGroupBean.removeActions(groupID, actions);
+		return accessContext.loadAuthorities(actionGroupBean.removeActions(groupID, actions));
 	}
 }
--- a/src/main/java/cokr/xit/base/security/access/service/bean/AuthorityServiceBean.java
+++ b/src/main/java/cokr/xit/base/security/access/service/bean/AuthorityServiceBean.java
@ -6,6 +6,7 @@ import javax.annotation.Resource;

 import org.springframework.stereotype.Service;

+import cokr.xit.base.security.AccessContext;
 import cokr.xit.base.security.Authority;
 import cokr.xit.base.security.access.service.AuthorityQuery;
 import cokr.xit.base.security.access.service.AuthorityService;
@ -19,6 +20,8 @@ import cokr.xit.foundation.data.DataObject;
 public class AuthorityServiceBean extends AbstractServiceBean implements AuthorityService {
 	@Resource(name="authorityBean")
 	private AuthorityBean authorityMapper;
+	@Resource(name="accessContext")
+	private AccessContext accessContext;

 	@Override
 	public List<DataObject> getAuthorityList(AuthorityQuery req) {
@ -47,7 +50,7 @@ public class AuthorityServiceBean extends AbstractServiceBean implements Authori

 	@Override
 	public int removeAuthorities(String... authIDs) {
-		return authorityMapper.removeAuthorities(authIDs);
+		return accessContext.loadAuthorities(authorityMapper.removeAuthorities(authIDs));
 	}

 	@Override
@ -57,12 +60,12 @@ public class AuthorityServiceBean extends AbstractServiceBean implements Authori

 	@Override
 	public int addActionGroups(String authID, String... groupIDs) {
-		return authorityMapper.addActionGroups(authID, groupIDs);
+		return accessContext.loadAuthorities(authorityMapper.addActionGroups(authID, groupIDs));
 	}

 	@Override
 	public int removeActionGroups(String authID, String... groupIDs) {
-		return authorityMapper.removeActionGroups(authID, groupIDs);
+		return accessContext.loadAuthorities(authorityMapper.removeActionGroups(authID, groupIDs));
 	}

 	@Override
--- a/src/main/java/cokr/xit/base/security/authentication/service/bean/AuthenticationServiceBean.java
+++ b/src/main/java/cokr/xit/base/security/authentication/service/bean/AuthenticationServiceBean.java
@ -14,9 +14,9 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;

+import cokr.xit.base.security.AccessContext;
 import cokr.xit.base.security.Authority;
 import cokr.xit.base.security.SecuredUserInfo;
-import cokr.xit.base.security.access.AccessContext;
 import cokr.xit.base.security.access.dao.AuthorityMapper;
 import cokr.xit.base.security.authentication.AuthenticationPolicy;
 import cokr.xit.base.security.authentication.dao.AuthenticationDao;
@ -140,9 +140,9 @@ public class AuthenticationServiceBean extends DaoAuthenticationProvider impleme
 	 */
 	protected void setAuthorities(SecuredUserInfo userInfo) {
 		List<String> authIDs = authorityMapper.getUserAuths(userInfo.getId());
-		if (!authIDs.contains("ROLE_ADMIN")) {
-//			authIDs.add("ROLE_USER");
-//			authIDs.add("ROLE_ANONYMOUS");
+		if (!authIDs.contains(Authority.ADMIN)) {
+			authIDs.add(Authority.USER);
+			authIDs.add(Authority.ANONYMOUS);
 		}
 		userInfo.setAuthorities(getAuthorities(authIDs));
 	}
--- a/src/test/java/cokr/xit/base/security/access/service/AuthorityServiceTest.java
+++ b/src/test/java/cokr/xit/base/security/access/service/AuthorityServiceTest.java
@ -33,15 +33,15 @@ public class AuthorityServiceTest extends TestSupport {
 		authorityService.getAuthorities("auth-0", "auth-1", "auth-2");
 		authorityService.getAuthorities("auth-0");

-		Authority auth = authorityService.getAuthority("ROLE_ADMIN");
+		Authority auth = authorityService.getAuthority(Authority.ADMIN);
 		Assertions.assertNotNull(auth);
 		Assertions.assertEquals(Authority.Type.SUPER, auth.type());

-		auth = authorityService.getAuthority("ROLE_USER");
+		auth = authorityService.getAuthority(Authority.USER);
 		Assertions.assertNotNull(auth);
 		Assertions.assertEquals(Authority.Type.IMPLICIT, auth.type());

-		auth = authorityService.getAuthority("ROLE_ANONYMOUS");
+		auth = authorityService.getAuthority(Authority.ANONYMOUS);
 		Assertions.assertNotNull(auth);
 		Assertions.assertEquals(Authority.Type.IMPLICIT, auth.type());
 	}