권한 관리 로직추가, AuthenticationProvider 인터페이스 구현한 신규클래스 추가, loadUserIdBuUserName메서드 수정해줌

2020-02-11 14:32:01 +09:00
parent a88cb4f16c
commit d8c29ba6c5
5 changed files with 109 additions and 10 deletions
--- a/boot_gradle_security/src/main/java/com/boot/test1/config/CustomAuthenticationProvider.java
+++ b/boot_gradle_security/src/main/java/com/boot/test1/config/CustomAuthenticationProvider.java
@@ -0,0 +1,43 @@
+package com.boot.test1.config;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Component;
+
+import com.boot.test1.service.AccountService;
+import com.boot.test1.vo.Account;
+
+@Component
+public class CustomAuthenticationProvider implements AuthenticationProvider {
+
+	@Autowired
+	private AccountService accountService;
+
+	private Logger log = LoggerFactory.getLogger(this.getClass());
+
+	@Override
+	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+
+		log.info("### authenticate ### ");
+
+		String username = (String) authentication.getPrincipal();
+		
+		Account account = (Account) accountService.loadUserByUsername(username);
+
+		return new UsernamePasswordAuthenticationToken(account, account, account.getAuthorities());
+	}
+
+
+	@Override
+	public boolean supports(Class<?> authentication) {
+		return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
+	}
+
+}
--- a/boot_gradle_security/src/main/java/com/boot/test1/config/SecurityConfig.java
+++ b/boot_gradle_security/src/main/java/com/boot/test1/config/SecurityConfig.java
@@ -33,7 +33,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter{
 			 	.logoutSuccessUrl("/")
 			 	.and()
 			 .exceptionHandling()
-			 	.accessDeniedPage("/accessDenied_page");		
+			 	.accessDeniedPage("/accessDenied_page"); // 권한이 없는 대상이 접속을시도했을 때
 	}
 	
 	/*
@@ -44,7 +44,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter{
 	*/
 	
 	  @Bean
-	  public static PasswordEncoder passwordEncoder() {
+	  public PasswordEncoder passwordEncoder() {
 	    return PasswordEncoderFactories.createDelegatingPasswordEncoder();
 	  }

--- a/boot_gradle_security/src/main/java/com/boot/test1/javaCode/PassWordEncoderTest.java
+++ b/boot_gradle_security/src/main/java/com/boot/test1/javaCode/PassWordEncoderTest.java
@@ -17,7 +17,7 @@ public class PassWordEncoderTest {
 		// 이렇게쓰면 기본으로 bcrypt형식으로 암호화 되는구나..
 		passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();

-		String password = "password";
+		String password = "1234";
 		String encPassword = passwordEncoder.encode(password);

 		System.out.println(" password : " + password );
--- a/boot_gradle_security/src/main/java/com/boot/test1/service/AccountService.java
+++ b/boot_gradle_security/src/main/java/com/boot/test1/service/AccountService.java
@@ -1,8 +1,14 @@
 package com.boot.test1.service;

+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -13,23 +19,46 @@ import com.boot.test1.vo.Account;

@Service
 public class AccountService implements UserDetailsService{
-	
+
 	@Autowired
 	AccountRepository accounts;
-	
+
 	Logger log = LoggerFactory.getLogger(this.getClass());

 	@Override
 	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
-		
+
 		log.info("## loadUserByUsername ##");
-		
+
 		Account account = accounts.findById(username);
-		
+
 		if( account == null ) {
-			log.debug("## 계정정보가 존재하지 않습니다. ##");
+			log.info("## 계정정보가 존재하지 않습니다. ##");
 			throw new UsernameNotFoundException(username);
 		}
+		
+		account.setAuthorities(getAuthorities(username));
+
 		return account;
+		
+	}
+
+	public Collection<GrantedAuthority> getAuthorities(String username) { 
+		
+		List<String> string_authorities = accounts.findauthoritiesbyid(username);
+		
+		if( string_authorities == null ) {
+			log.info("## 해당 계정에 부여된 권한이 없습니다. ##");
+			throw new UsernameNotFoundException(username);
+		}
+		
+		List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); 
+		
+		for (String authority : string_authorities) { 
+			authorities.add(new SimpleGrantedAuthority(authority)); 
+		} 
+		
+		return authorities; 
+
 	}
 }
--- a/boot_gradle_security/src/main/webapp/WEB-INF/jsp/loginPage.jsp
+++ b/boot_gradle_security/src/main/webapp/WEB-INF/jsp/loginPage.jsp
@@ -6,10 +6,33 @@
 <%@ page import="org.springframework.security.core.context.SecurityContextHolder"%>
 <%@ page import="org.springframework.security.core.Authentication"%>

+<%@ page import="org.springframework.security.core.context.SecurityContextHolder" %>
+<%@ page import="org.springframework.security.core.Authentication" %>
+<%@ page import="com.boot.test1.vo.Account" %>
+
+<%
+	Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+
+	Object principal = auth.getPrincipal();
+	String name = "";
+	
+	if ( principal instanceof Account ) System.out.println(" Accout 객체 맞음 !! ");
+	else System.out.println(" Accout 객체 아님.. " + principal.getClass().toString());
+	
+	if ( principal != null && principal instanceof Account ){
+		name = ((Account)principal).getUsername();
+		System.out.println(" Account에서 가지고온 이름 ! : " + name);
+	}else {
+		name = (String)principal ;
+		System.out.println(" 그냥 String.. ㅜㅜ : " + name);
+	}
+%>
+
 <html>
 <head>
 <meta charset="UTF-8">
 <title>Insert title here</title>
+
 <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css" integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">

 </head>
@@ -46,9 +69,12 @@
 							<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" /> <br>

 							<sec:authorize access="isAuthenticated()">
+							
+							
 								<div class="form-group" align="center">
 									<h5>
-										<sec:authentication property="principal.username" />님, 반갑습니다.
+ 	 										<%=name%> 님, 반갑습니다. 
+									<%--<sec:authentication property="principal.username" />님, 겁나 반갑습니다. --%>
 									</h5>
 									<br>
 									<sec:authorize access="isAuthenticated()">
@@ -59,6 +85,7 @@
 									</sec:authorize>
 								</div>
 							</sec:authorize>
+							

 						</form>
 					</div>