docs: improve client sample codes to reflect Introspector changes

patternhelloworld · patternhelloworld · commit 8d8bb4152517 · 2025-01-05T16:07:21.000+09:00
diff --git a/client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/response/error/exception/auth/CustomAuthGuardException.java b/client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/response/error/exception/auth/CustomAuthGuardException.java
@@ -1,8 +1,8 @@
 package com.patternknife.securityhelper.oauth2.client.config.response.error.exception.auth;
 
-import org.springframework.security.access.AccessDeniedException;
+import io.github.patternknife.securityhelper.oauth2.api.config.security.response.error.exception.KnifeOauth2AuthorizationException;
 
-public class CustomAuthGuardException extends AccessDeniedException {
+public class CustomAuthGuardException extends KnifeOauth2AuthorizationException {
 
     public CustomAuthGuardException(String message) {
         super(message);
diff --git a/client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/securityimpl/guard/AccessTokenUserInfo.java b/client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/securityimpl/guard/AccessTokenUserInfo.java
@@ -2,6 +2,7 @@
 
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
 
 import java.util.Collection;
@@ -12,9 +13,16 @@
 
 
 /*
-* 	If you are using another Resource server, this class must also be located in com.patternknife.securityhelper.oauth2.interestedtreatmentpart.dto.security.
+*
+* 	 AccessTokenUserInfo, which implements both UserDetails and OAuth2AuthenticatedPrincipal.
+*    You can understand the reasoning behind this by reviewing AccessTokenUserInfoResolver and CustomResourceServerTokenIntrospector.
+*
+* 	 If you are using a different Resource Server while setting patternknife.securityhelper.oauth2.introspection.type=database in application.properties, this class must also be located in the com.patternknife.securityhelper.oauth2.interestedtreatmentpart.dto.security package due to the token generation algorithm.
+*
+* 	 I have not included this to the library.
+*
 * */
-public class AccessTokenUserInfo extends User implements OAuth2AuthenticatedPrincipal
+public class AccessTokenUserInfo extends User implements OAuth2AuthenticatedPrincipal, UserDetails
 {
 	public AccessTokenUserInfo(String username, String password, Collection<? extends GrantedAuthority> authorities) {
 		super(username, password, authorities);
diff --git a/client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/securityimpl/guard/AccessTokenUserInfoConverter.java b/client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/securityimpl/guard/AccessTokenUserInfoConverter.java
@@ -0,0 +1,39 @@
+package com.patternknife.securityhelper.oauth2.client.config.securityimpl.guard;
+
+import io.github.patternknife.securityhelper.oauth2.api.config.security.message.DefaultSecurityUserExceptionMessage;
+import io.github.patternknife.securityhelper.oauth2.api.config.security.message.ISecurityUserExceptionMessageService;
+import io.github.patternknife.securityhelper.oauth2.api.config.security.response.error.dto.KnifeErrorMessages;
+import io.github.patternknife.securityhelper.oauth2.api.config.security.response.error.exception.KnifeOauth2AuthenticationException;
+import io.github.patternknife.securityhelper.oauth2.api.config.security.serivce.persistence.authorization.OAuth2AuthorizationServiceImpl;
+import io.github.patternknife.securityhelper.oauth2.api.config.security.serivce.userdetail.ConditionalDetailsService;
+
+
+import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
+import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal;
+
+public class AccessTokenUserInfoConverter {
+
+    public static AccessTokenUserInfo from(Object principal,
+                                           ConditionalDetailsService conditionalDetailsService,
+                                           OAuth2AuthorizationServiceImpl authorizationService, ISecurityUserExceptionMessageService iSecurityUserExceptionMessageService) {
+
+        AccessTokenUserInfo accessTokenUserInfo;
+        if (principal instanceof AccessTokenUserInfo) {
+            return ((AccessTokenUserInfo) principal);
+        } else if (principal instanceof OAuth2IntrospectionAuthenticatedPrincipal) {
+            String userName = ((OAuth2IntrospectionAuthenticatedPrincipal) principal).getUsername();
+            String clientId = ((OAuth2IntrospectionAuthenticatedPrincipal) principal).getClientId();
+            String appToken = ((OAuth2IntrospectionAuthenticatedPrincipal) principal).getAttribute("App-Token");
+
+            OAuth2Authorization oAuth2Authorization = authorizationService.findByUserNameAndClientIdAndAppToken(userName, clientId, appToken);
+            if (oAuth2Authorization == null) {
+                throw new KnifeOauth2AuthenticationException(iSecurityUserExceptionMessageService.getUserMessage(DefaultSecurityUserExceptionMessage.AUTHENTICATION_LOGIN_FAILURE));
+            }
+
+            return (AccessTokenUserInfo) conditionalDetailsService.loadUserByUsername(userName, clientId);
+        }else {
+            throw new KnifeOauth2AuthenticationException(KnifeErrorMessages.builder().message("Wrong principal : " +  principal.toString()).userMessage(DefaultSecurityUserExceptionMessage.AUTHENTICATION_TOKEN_ERROR.getMessage()).build());
+        }
+
+    }
+}
diff --git a/client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/securityimpl/guard/CustomAuthenticationPrincipal.java b/client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/securityimpl/guard/CustomAuthenticationPrincipal.java
@@ -0,0 +1,11 @@
+package com.patternknife.securityhelper.oauth2.client.config.securityimpl.guard;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target(ElementType.PARAMETER)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface CustomAuthenticationPrincipal {
+}
diff --git a/client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/securityimpl/guard/UserCustomerOnlyImpl.java b/client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/securityimpl/guard/UserCustomerOnlyImpl.java
@@ -1,6 +1,11 @@
 package com.patternknife.securityhelper.oauth2.client.config.securityimpl.guard;
 
 import com.patternknife.securityhelper.oauth2.client.config.response.error.exception.auth.CustomAuthGuardException;
+import io.github.patternknife.securityhelper.oauth2.api.config.security.message.DefaultSecurityUserExceptionMessage;
+import io.github.patternknife.securityhelper.oauth2.api.config.security.message.ISecurityUserExceptionMessageService;
+import io.github.patternknife.securityhelper.oauth2.api.config.security.response.error.dto.KnifeErrorMessages;
+import io.github.patternknife.securityhelper.oauth2.api.config.security.response.error.exception.KnifeOauth2AuthenticationException;
+import io.github.patternknife.securityhelper.oauth2.api.config.security.response.error.exception.KnifeOauth2AuthorizationException;
 import io.github.patternknife.securityhelper.oauth2.api.config.security.serivce.persistence.authorization.OAuth2AuthorizationServiceImpl;
 import io.github.patternknife.securityhelper.oauth2.api.config.security.serivce.userdetail.ConditionalDetailsService;
 import lombok.RequiredArgsConstructor;
@@ -23,29 +28,17 @@ public class UserCustomerOnlyImpl {
 
     private final OAuth2AuthorizationServiceImpl authorizationService;
     private final ConditionalDetailsService conditionalDetailsService;
+    private final ISecurityUserExceptionMessageService iSecurityUserExceptionMessageService;
 
     @Around("@annotation(com.patternknife.securityhelper.oauth2.client.config.securityimpl.guard.UserCustomerOnly)")
     public Object check(ProceedingJoinPoint joinPoint) throws Throwable {
 
         Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
-        AccessTokenUserInfo accessTokenUserInfo;
-        if (principal instanceof AccessTokenUserInfo) {
-            accessTokenUserInfo = ((AccessTokenUserInfo) principal);
-        }else {
-            String userName = ((OAuth2IntrospectionAuthenticatedPrincipal) principal).getUsername();
-            String clientId = ((OAuth2IntrospectionAuthenticatedPrincipal) principal).getClientId();
-            String appToken = ((OAuth2IntrospectionAuthenticatedPrincipal) principal).getAttribute("App-Token");
-
-
-            OAuth2Authorization oAuth2Authorization = authorizationService.findByUserNameAndClientIdAndAppToken(userName, clientId, appToken);
-
-            UserDetails userDetails = conditionalDetailsService.loadUserByUsername(userName, clientId);
-
-            accessTokenUserInfo = ((AccessTokenUserInfo) userDetails);
-        }
+        AccessTokenUserInfo accessTokenUserInfo = AccessTokenUserInfoConverter.from(principal, conditionalDetailsService, authorizationService, iSecurityUserExceptionMessageService);
 
         if(accessTokenUserInfo != null && (accessTokenUserInfo.getAdditionalAccessTokenUserInfo().getUserType() != AdditionalAccessTokenUserInfo.UserType.CUSTOMER)){
-            throw new CustomAuthGuardException("ID \"" + accessTokenUserInfo.getUsername() + "\" : Not in Customer Group");
+            // Authorization
+            throw new KnifeOauth2AuthorizationException("ID \"" + accessTokenUserInfo.getUsername() + "\" : Not in Customer Group");
         }
 
         return joinPoint.proceed();
diff --git a/client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/securityimpl/guard/resolver/AccessTokenUserInfoArgumentResolver.java b/client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/securityimpl/guard/resolver/AccessTokenUserInfoArgumentResolver.java
@@ -0,0 +1,42 @@
+package com.patternknife.securityhelper.oauth2.client.config.securityimpl.guard.resolver;
+
+
+import com.patternknife.securityhelper.oauth2.client.config.securityimpl.guard.CustomAuthenticationPrincipal;
+import com.patternknife.securityhelper.oauth2.client.config.securityimpl.guard.AccessTokenUserInfoConverter;
+import io.github.patternknife.securityhelper.oauth2.api.config.security.message.ISecurityUserExceptionMessageService;
+import io.github.patternknife.securityhelper.oauth2.api.config.security.serivce.persistence.authorization.OAuth2AuthorizationServiceImpl;
+import io.github.patternknife.securityhelper.oauth2.api.config.security.serivce.userdetail.ConditionalDetailsService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.core.MethodParameter;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.support.WebDataBinderFactory;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+
+@Component
+@RequiredArgsConstructor
+public class AccessTokenUserInfoArgumentResolver implements HandlerMethodArgumentResolver {
+
+    private final OAuth2AuthorizationServiceImpl authorizationService;
+    private final ConditionalDetailsService conditionalDetailsService;
+    private final ISecurityUserExceptionMessageService iSecurityUserExceptionMessageService;
+
+    @Override
+    public boolean supportsParameter(MethodParameter parameter) {
+        return parameter.hasParameterAnnotation(CustomAuthenticationPrincipal.class);
+    }
+
+    @Override
+    public Object resolveArgument(MethodParameter parameter,
+                                  ModelAndViewContainer mavContainer,
+                                  NativeWebRequest webRequest,
+                                  WebDataBinderFactory binderFactory) throws Exception {
+
+        Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
+
+        return AccessTokenUserInfoConverter.from(principal, conditionalDetailsService, authorizationService, iSecurityUserExceptionMessageService);
+    }
+}
diff --git a/client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/securityimpl/serivce/userdetail/CustomerDetailsService.java b/client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/securityimpl/serivce/userdetail/CustomerDetailsService.java
@@ -51,6 +51,10 @@ public void setEntityManager(EntityManager entityManager) {
         this.entityManager = entityManager;
     }
 
+    /*
+    *   Here, I return an instance of AccessTokenUserInfo, which implements both UserDetails and OAuth2AuthenticatedPrincipal.
+    *   You can understand the reasoning behind this by reviewing AccessTokenUserInfoResolver and CustomResourceServerTokenIntrospector.
+    * */
     @Override
     public UserDetails loadUserByUsername(String username) {
 
diff --git a/client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/securityimpl/web/WebMvcConfig.java b/client/src/main/java/com/patternknife/securityhelper/oauth2/client/config/securityimpl/web/WebMvcConfig.java
@@ -1,20 +1,31 @@
 package com.patternknife.securityhelper.oauth2.client.config.securityimpl.web;
 
 
+import com.patternknife.securityhelper.oauth2.client.config.securityimpl.guard.resolver.AccessTokenUserInfoArgumentResolver;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
+import java.util.List;
+
 @RequiredArgsConstructor
 @Configuration
 @EnableWebMvc
 public class WebMvcConfig implements WebMvcConfigurer {
 
+    private final AccessTokenUserInfoArgumentResolver accessTokenUserInfoArgumentResolver;
+
+
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
         registry.addResourceHandler("/docs/**").addResourceLocations("classpath:/static/docs/");
     }
 
+    @Override
+    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers){
+        resolvers.add(accessTokenUserInfoArgumentResolver);
+    }
 }
diff --git a/client/src/main/java/com/patternknife/securityhelper/oauth2/client/domain/admin/api/AdminApi.java b/client/src/main/java/com/patternknife/securityhelper/oauth2/client/domain/admin/api/AdminApi.java
@@ -1,5 +1,6 @@
 package com.patternknife.securityhelper.oauth2.client.domain.admin.api;
 
+import com.patternknife.securityhelper.oauth2.client.config.securityimpl.guard.CustomAuthenticationPrincipal;
 import io.github.patternknife.securityhelper.oauth2.api.config.security.serivce.persistence.authorization.OAuth2AuthorizationServiceImpl;
 import com.patternknife.securityhelper.oauth2.client.config.response.error.exception.data.ResourceNotFoundException;
 import com.patternknife.securityhelper.oauth2.client.config.securityimpl.guard.AccessTokenUserInfo;
@@ -16,7 +17,6 @@
 import org.springframework.data.domain.Page;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
 import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
@@ -41,7 +41,7 @@ public class AdminApi {
 
     @PreAuthorize("@resourceServerAuthorityChecker.hasAnyAdminRole()")
     @GetMapping("/admins/me")
-    public AdminDTO.CurrentOneWithSessionRemainingSecondsRes getAdminSelf(@AuthenticationPrincipal AccessTokenUserInfo accessTokenUserInfo,
+    public AdminDTO.CurrentOneWithSessionRemainingSecondsRes getAdminSelf(@CustomAuthenticationPrincipal AccessTokenUserInfo accessTokenUserInfo,
                                                 @RequestHeader("Authorization") String authorizationHeader) throws ResourceNotFoundException {
 
         String token = authorizationHeader.substring("Bearer ".length());
@@ -103,7 +103,7 @@ public Page<AdminDTO.OneWithRoleIdsRes> getAdminList(@RequestParam(value = "skip
                                                          @RequestParam(value = "adminSearchFilter", required = false) String adminSearchFilter,
                                                          @RequestParam(value = "sorterValueFilter", required = false) String sorterValueFilter,
                                                          @RequestParam(value = "dateRangeFilter", required = false) String dateRangeFilter,
-                                                         @AuthenticationPrincipal AccessTokenUserInfo accessTokenUserInfo)
+                                                         @CustomAuthenticationPrincipal AccessTokenUserInfo accessTokenUserInfo)
             throws JsonProcessingException, ResourceNotFoundException {
 
         return adminService.findAdminsByPageRequest(skipPagination, pageNum, pageSize, adminSearchFilter, sorterValueFilter, dateRangeFilter, accessTokenUserInfo);
@@ -113,7 +113,7 @@ public Page<AdminDTO.OneWithRoleIdsRes> getAdminList(@RequestParam(value = "skip
 
     @PreAuthorize("hasAuthority('SUPER_ADMIN')")
     @GetMapping("/admins/{id}")
-    public ResponseEntity<Admin> getAdminById(@PathVariable(value = "id") Long adminId, @AuthenticationPrincipal AccessTokenUserInfo accessTokenUserInfo)
+    public ResponseEntity<Admin> getAdminById(@PathVariable(value = "id") Long adminId, @CustomAuthenticationPrincipal AccessTokenUserInfo accessTokenUserInfo)
             throws ResourceNotFoundException {
 
         Admin adminDTO = adminService.findById(adminId);
diff --git a/client/src/main/java/com/patternknife/securityhelper/oauth2/client/domain/customer/api/CustomerApi.java b/client/src/main/java/com/patternknife/securityhelper/oauth2/client/domain/customer/api/CustomerApi.java
@@ -2,19 +2,18 @@
 
 
 import com.patternknife.securityhelper.oauth2.client.config.response.error.exception.data.ResourceNotFoundException;
+import com.patternknife.securityhelper.oauth2.client.config.securityimpl.guard.CustomAuthenticationPrincipal;
 import com.patternknife.securityhelper.oauth2.client.config.securityimpl.guard.UserCustomerOnly;
 import com.patternknife.securityhelper.oauth2.client.config.securityimpl.guard.AccessTokenUserInfo;
 import com.patternknife.securityhelper.oauth2.client.domain.customer.dao.CustomerRepository;
 import com.patternknife.securityhelper.oauth2.client.domain.customer.dto.CustomerReqDTO;
 import com.patternknife.securityhelper.oauth2.client.domain.customer.dto.CustomerResDTO;
 import com.patternknife.securityhelper.oauth2.client.domain.customer.service.CustomerService;
 import com.patternknife.securityhelper.oauth2.client.util.CustomUtils;
-import jakarta.annotation.Nullable;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.validation.Valid;
 import lombok.AllArgsConstructor;
 import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
@@ -67,7 +66,7 @@ public CustomerResDTO.IdNameWithAccessTokenRemainingSeconds getCustomerSelf(
     @UserCustomerOnly
     @PreAuthorize("isAuthenticated()")
     @PatchMapping("/customers/me/delete")
-    public CustomerResDTO.Id deleteMe(@AuthenticationPrincipal AccessTokenUserInfo accessTokenUserInfo) {
+    public CustomerResDTO.Id deleteMe(@CustomAuthenticationPrincipal AccessTokenUserInfo accessTokenUserInfo) {
 
         customerService.deleteCustomer(accessTokenUserInfo);
 
@@ -103,7 +102,7 @@ public Map<String, Boolean> logoutCustomer(HttpServletRequest request) {
 
     @PreAuthorize("@resourceServerAuthorityChecker.hasRole('CUSTOMER_ADMIN')")
     @GetMapping("/customers/{id}")
-    public CustomerResDTO.Id getCustomerForAuthorizationTest(@PathVariable("id") final long id)
+    public CustomerResDTO.Id getCustomerForAuthorizationTest(@PathVariable("id") final long id, @CustomAuthenticationPrincipal AccessTokenUserInfo accessTokenUserInfo)
             throws ResourceNotFoundException {
         return new CustomerResDTO.Id(id);
     }
@@ -117,7 +116,7 @@ public CustomerResDTO.Id update(@PathVariable("id") final long id, @Valid @Reque
 
     @PreAuthorize("@resourceServerAuthorityChecker.hasRole('CUSTOMER_ADMIN')")
     @PatchMapping("/customers/{id}/delete")
-    public CustomerResDTO.IdAdminId deleteCustomer(@PathVariable final long id, @AuthenticationPrincipal AccessTokenUserInfo accessTokenUserInfo) {
+    public CustomerResDTO.IdAdminId deleteCustomer(@PathVariable final long id, @CustomAuthenticationPrincipal AccessTokenUserInfo accessTokenUserInfo) {
 
         customerService.deleteCustomer(id, accessTokenUserInfo.getAdditionalAccessTokenUserInfo().getId());
 
@@ -126,7 +125,7 @@ public CustomerResDTO.IdAdminId deleteCustomer(@PathVariable final long id, @Aut
 
     @PreAuthorize("@resourceServerAuthorityChecker.hasRole('CUSTOMER_ADMIN')")
     @PatchMapping("/customers/{id}/restore")
-    public CustomerResDTO.IdAdminId restoreCustomer(@PathVariable final long id, @AuthenticationPrincipal AccessTokenUserInfo accessTokenUserInfo) {
+    public CustomerResDTO.IdAdminId restoreCustomer(@PathVariable final long id, @CustomAuthenticationPrincipal AccessTokenUserInfo accessTokenUserInfo) {
 
         customerService.restoreCustomer(id);
 

Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,10 @@ public void setEntityManager(EntityManager entityManager) {`
`51`	`51`	`this.entityManager = entityManager;`
`52`	`52`	`}`
`53`	`53`
	`54`	`+ /*`
	`55`	`+ * Here, I return an instance of AccessTokenUserInfo, which implements both UserDetails and OAuth2AuthenticatedPrincipal.`
	`56`	`+ * You can understand the reasoning behind this by reviewing AccessTokenUserInfoResolver and CustomResourceServerTokenIntrospector.`
	`57`	`+ * */`
`54`	`58`	`@Override`
`55`	`59`	`public UserDetails loadUserByUsername(String username) {`
`56`	`60`