스프링 시큐리티를 이용한 api 사용 인증 피드백 반영

주요 내용

1. 메서드 보안방식 (@PreAuthorize) 반영 및 글로벌 filter 보안 제거
2. rest assured http call 방식을 이용한 테스트 및 헬퍼 클래스 작성

Closes #66

app-main/src/main/kotlin/kr/flab/wiki/app/api/user/loginUser/LoginUserApi.kt

@@ -6,6 +6,7 @@ import kr.flab.wiki.app.components.authentication.LoginUserService
 import kr.flab.wiki.app.type.annotation.ApiHandler
 import org.springframework.http.HttpStatus
 import org.springframework.http.ResponseEntity
+import org.springframework.security.access.prepost.PreAuthorize
 import org.springframework.web.bind.annotation.GetMapping
 import org.springframework.web.bind.annotation.PostMapping
 import org.springframework.web.bind.annotation.RequestBody
@@ -23,28 +24,9 @@ class LoginUserApi(
         return ResponseEntity.ok().body(loginResponse)
     }
 
+    @PreAuthorize("isAuthenticated()")
     @GetMapping("/test")
     fun test(): ResponseEntity<Any> {
         return ResponseEntity.ok().body("test")
     }
-
-    @GetMapping("/test1")
-    fun test1(): ResponseEntity<Any> {
-        return ResponseEntity.ok().body("test")
-    }
-
-    @GetMapping("/test2")
-    fun test2(): ResponseEntity<Any> {
-        return ResponseEntity.ok().body("test")
-    }
-
-    @GetMapping("/test3")
-    fun test3(): ResponseEntity<Any> {
-        return ResponseEntity.ok().body("test")
-    }
-
-    @GetMapping("/test4")
-    fun test4(): ResponseEntity<Any> {
-        return ResponseEntity.ok().body("test")
-    }
 }

app-main/src/main/kotlin/kr/flab/wiki/app/appconfig/security/WebSecurityConfig.kt

@@ -6,6 +6,7 @@ import org.springframework.context.annotation.Configuration
 import org.springframework.http.HttpMethod
 import org.springframework.security.authentication.AuthenticationProvider
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
@@ -19,6 +20,7 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
  */
 @Configuration
 @EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
 class WebSecurityConfig(
     private val authenticationProvider: AuthenticationProvider,
     private val jwsAuthenticationFilter: JwsAuthenticationFilter,
@@ -58,7 +60,6 @@ class WebSecurityConfig(
             .and()
             .authorizeRequests()
             .antMatchers(HttpMethod.POST, "/login").permitAll()
-            .anyRequest().authenticated()
 
         http.addFilterBefore(
             jwsAuthenticationFilter,

app-main/src/test/kotlin/kr/flab/wiki/app/testcase/login/LoginWithSpringSecurityAndJwtTest.kt

@@ -16,9 +16,8 @@ import io.restassured.module.kotlin.extensions.Then
 import io.restassured.module.kotlin.extensions.When
 import io.restassured.specification.RequestSpecification
 import kr.flab.wiki.TAG_TEST_E2E
-import kr.flab.wiki.app.api.user.request.LoginRequest
-import kr.flab.wiki.app.components.authentication.LoginUserService
 import kr.flab.wiki.app.components.authentication.UserAuthentication
+import kr.flab.wiki.app.testlib.LoginTestHelper
 import kr.flab.wiki.core.testlib.user.Users
 import org.mockito.MockitoAnnotations
 import org.springframework.beans.factory.annotation.Value
@@ -56,9 +55,6 @@ class LoginWithSpringSecurityAndJwtTest {
     @Inject
     private lateinit var objectMapper: ObjectMapper
 
-    @Inject
-    private lateinit var loginUserService: LoginUserService
-
     @MockBean
     private lateinit var userAuthentication: UserAuthentication
 
@@ -177,7 +173,6 @@ class LoginWithSpringSecurityAndJwtTest {
     inner class `인증이 필요한 API 는` {
 
         //테스트할 타겟 api uri
-        //private val targetApiUri = springApi.getRandomAuthenticatedApiPattern()
         private val targetApiUri = "/test"
 
         @Nested
@@ -204,12 +199,12 @@ class LoginWithSpringSecurityAndJwtTest {
                 @Test
                 fun `API 를 정상수행한다`() {
                     //정상적으로 로그인한 정보
-                    val loginResponse = loginUserService.login(LoginRequest(email, password))
+                    val loginResponse = LoginTestHelper.makeLoginResponse(requestSpecification, email, password)
 
                     Given {
                         spec(requestSpecification)
                         //정상적으로 로그인한 정보에서 추출한 token을 헤더에 담아서 요청한다.
-                        header("Authorization", "Bearer ${loginResponse?.token}")
+                        header("Authorization", "Bearer ${loginResponse.token}")
                     } When {
                         get(targetApiUri)
                     } Then {

app-main/src/test/kotlin/kr/flab/wiki/app/testlib/LoginTestHelper.kt

@@ -0,0 +1,22 @@
+package kr.flab.wiki.app.testlib
+
+import io.restassured.RestAssured
+import io.restassured.specification.RequestSpecification
+import kr.flab.wiki.app.api.user.request.LoginRequest
+import kr.flab.wiki.app.api.user.response.LoginResponse
+
+object LoginTestHelper {
+
+    fun makeLoginResponse(requestSpecification: RequestSpecification, email: String, password: String): LoginResponse {
+        return RestAssured
+            .given()
+            .spec(requestSpecification)
+            .body(LoginRequest(email, password))
+            .`when`()
+            .post("/login")
+            .then()
+            .extract()
+            .`as`(LoginResponse::class.java)
+    }
+
+}