(step2) httpSecurity - OAuth2LoginConfigurer를 이용한 OAuth2 리다이렉트, 인증 필터 등록

Author: haero77

README.md

@@ -28,9 +28,11 @@
 
 ## 2단계 - 인증 관련 리팩토링
 
-- [ ] `.formLogin()` 메서드를 사용하여 폼 로그인 기능을 설정하고, U`sernamePasswordAuthenticationFilter`를 자동으로 추가한다.
-- [ ] `.httpBasic()` 메서드를 사용해 HTTP Basic 인증을 설정하고, `BasicAuthenticationFilter`를 자동으로 추가한다.
-- [ ] `securityContext()`는 유저가 직접 설정할 수 없도록 하고, HttpSecurity가 빈으로 등록될 때 자동으로 설정한다. 
+- [x] `.formLogin()` 메서드를 사용하여 폼 로그인 기능을 설정하고, U`sernamePasswordAuthenticationFilter`를 자동으로 추가한다.
+- [x] `.httpBasic()` 메서드를 사용해 HTTP Basic 인증을 설정하고, `BasicAuthenticationFilter`를 자동으로 추가한다.
+- [x] `.securityContext()` 메서드를 사용하여 `SecurityContextHolderFilter` 자동으로 추가   
+- [x] oauth2 리팩토링 
+  - [x] OAuth2AuthorizationRequestRedirectFilter 등록, OAuth2LoginAuthenticationFilter 등록
 
 ## 3단계 - 인가 관련 리팩토링
 

src/main/java/nextstep/app/SecurityConfig.java

@@ -83,6 +83,7 @@ public SecurityFilterChain securityFilterChain2(HttpSecurity http) {
                 .csrf(c -> c.ignoringRequestMatchers("/login"))
                 .formLogin(Customizer.withDefaults())
                 .httpBasic(Customizer.withDefaults())
+                .oauth2Login(Customizer.withDefaults())
                 .build();
     }
 

src/main/java/nextstep/oauth2/web/OAuth2AuthorizationRequestRedirectFilter.java

@@ -6,6 +6,7 @@
 import jakarta.servlet.http.HttpServletResponse;
 import nextstep.oauth2.endpoint.OAuth2AuthorizationRequest;
 import nextstep.oauth2.registration.ClientRegistrationRepository;
+import org.springframework.util.Assert;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import java.io.IOException;
@@ -19,6 +20,7 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
     private final AuthorizationRequestRepository authorizationRequestRepository = new AuthorizationRequestRepository();
 
     public OAuth2AuthorizationRequestRedirectFilter(ClientRegistrationRepository clientRegistrationRepository) {
+        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
         authorizationRequestResolver = new OAuth2AuthorizationRequestResolver(clientRegistrationRepository, DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
     }
 

src/main/java/nextstep/oauth2/web/OAuth2LoginAuthenticationFilter.java

@@ -33,6 +33,11 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
 
     public OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository authorizedClientRepository, AuthenticationManager authenticationManager) {
         super(DEFAULT_LOGIN_REQUEST_BASE_URI, authenticationManager);
+
+        Assert.notNull(authenticationManager, "authenticationManager cannot be null");
+        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
+        Assert.notNull(authorizedClientRepository, "authorizationRequestRepository cannot be null");
+
         this.clientRegistrationRepository = clientRegistrationRepository;
         this.authorizedClientRepository = authorizedClientRepository;
     }

src/main/java/nextstep/security/config/annotation/web/builders/HttpSecurity.java

@@ -6,10 +6,7 @@
 import nextstep.security.config.DefaultSecurityFilterChain;
 import nextstep.security.config.SecurityFilterChain;
 import nextstep.security.config.annotation.web.SecurityConfigurer;
-import nextstep.security.config.annotation.web.configurers.CsrfConfigurer;
-import nextstep.security.config.annotation.web.configurers.FormLoginConfigurer;
-import nextstep.security.config.annotation.web.configurers.HttpBasicConfigurer;
-import nextstep.security.config.annotation.web.configurers.SecurityContextConfigurer;
+import nextstep.security.config.annotation.web.configurers.*;
 
 import java.util.*;
 
@@ -19,8 +16,9 @@ public class HttpSecurity {
     private final List<Filter> filters = new ArrayList<>();
     private final Map<Class<?>, Object> sharedObjects = new HashMap<>();
 
-    public HttpSecurity(AuthenticationManager authenticationManager) {
+    public HttpSecurity(AuthenticationManager authenticationManager, Map<Class<?>, Object> sharedObjects) {
         setSharedObject(AuthenticationManager.class, authenticationManager);
+        this.sharedObjects.putAll(sharedObjects);
     }
 
     public <C> C getSharedObject(Class<C> sharedType) {
@@ -64,6 +62,11 @@ public HttpSecurity httpBasic(Customizer<HttpBasicConfigurer> httpBasicCustomize
         return this;
     }
 
+    public HttpSecurity oauth2Login(Customizer<OAuth2LoginConfigurer> oauth2LoginCustomizer) {
+        oauth2LoginCustomizer.customize(getOrApply(new OAuth2LoginConfigurer()));
+        return this;
+    }
+
     public HttpSecurity authorizeHttpRequests() {
         return this;
     }

src/main/java/nextstep/security/config/annotation/web/configuration/HttpSecurityConfiguration.java

@@ -3,19 +3,29 @@
 import nextstep.security.authentication.AuthenticationManager;
 import nextstep.security.config.Customizer;
 import nextstep.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
+import java.util.Map;
+
 @Configuration
 public class HttpSecurityConfiguration {
 
     @Bean
-    HttpSecurity httpSecurity(AuthenticationManager authenticationManager) {
-        HttpSecurity http = new HttpSecurity(authenticationManager);
+    HttpSecurity httpSecurity(
+            ApplicationContext applicationContext,
+            AuthenticationManager authenticationManager
+    ) {
+        HttpSecurity http = new HttpSecurity(authenticationManager, createSharedObjects(applicationContext));
 
         http
                 .securityContext(Customizer.withDefaults());
 
         return http;
     }
+
+    private Map<Class<?>, Object> createSharedObjects(ApplicationContext applicationContext) {
+        return Map.of(ApplicationContext.class, applicationContext);
+    }
 }

src/main/java/nextstep/security/config/annotation/web/configurers/OAuth2LoginConfigurer.java

@@ -0,0 +1,37 @@
+package nextstep.security.config.annotation.web.configurers;
+
+import nextstep.oauth2.registration.ClientRegistrationRepository;
+import nextstep.oauth2.web.OAuth2AuthorizationRequestRedirectFilter;
+import nextstep.oauth2.web.OAuth2AuthorizedClientRepository;
+import nextstep.oauth2.web.OAuth2LoginAuthenticationFilter;
+import nextstep.security.authentication.AuthenticationManager;
+import nextstep.security.config.annotation.web.SecurityConfigurer;
+import nextstep.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.context.ApplicationContext;
+
+public class OAuth2LoginConfigurer implements SecurityConfigurer {
+
+    private AuthenticationManager authenticationManager;
+    private ClientRegistrationRepository clientRegistrationRepository;
+    private OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository;
+
+    @Override
+    public void init(HttpSecurity http) {
+        this.authenticationManager = http.getSharedObject(AuthenticationManager.class);
+        this.clientRegistrationRepository = http.getSharedObject(ApplicationContext.class).getBean(ClientRegistrationRepository.class);
+        this.oAuth2AuthorizedClientRepository = new OAuth2AuthorizedClientRepository();
+    }
+
+    @Override
+    public void configure(HttpSecurity http) {
+        OAuth2AuthorizationRequestRedirectFilter redirectFilter = new OAuth2AuthorizationRequestRedirectFilter(clientRegistrationRepository);
+        http.addFilter(redirectFilter);
+
+        OAuth2LoginAuthenticationFilter authenticationFilter = new OAuth2LoginAuthenticationFilter(
+                clientRegistrationRepository,
+                oAuth2AuthorizedClientRepository,
+                authenticationManager
+        );
+        http.addFilter(authenticationFilter);
+    }
+}