jpablog : spring security session 변경
This commit is contained in:
kim
@@ -4,6 +4,7 @@ import com.example.jpablog.config.auth.PrincipalDetailService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
@@ -24,9 +25,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
return new BCryptPasswordEncoder();
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Override
|
||||
public AuthenticationManager authenticationManagerBean() throws Exception {
|
||||
return super.authenticationManagerBean();
|
||||
}
|
||||
|
||||
// 시큐리티가 대신 로그인 할때 어떤 해시를 사용했는지 알아야 DB와 비교가능
|
||||
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.userDetailsService(principalDetailService).passwordEncoder(encodePWD());
|
||||
|
||||
@@ -1,15 +1,18 @@
|
||||
package com.example.jpablog.controller.api;
|
||||
|
||||
import com.example.jpablog.config.auth.PrincipalDetail;
|
||||
import com.example.jpablog.config.auth.PrincipalDetailService;
|
||||
import com.example.jpablog.dto.ResponseDto;
|
||||
import com.example.jpablog.model.RoleType;
|
||||
import com.example.jpablog.model.User;
|
||||
import com.example.jpablog.service.UserService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import javax.servlet.http.HttpSession;
|
||||
import java.security.Principal;
|
||||
|
||||
@RestController
|
||||
@@ -17,6 +20,7 @@ import java.security.Principal;
|
||||
public class UserApiController {
|
||||
|
||||
private final UserService userService;
|
||||
private final AuthenticationManager authenticationManager;
|
||||
|
||||
@PostMapping("/auth/joinProc")
|
||||
public ResponseDto<Integer> save(@RequestBody User user) {
|
||||
@@ -28,6 +32,10 @@ public class UserApiController {
|
||||
public ResponseDto<Integer> update(@PathVariable Long id, @RequestBody User user, Principal principal) {
|
||||
if (principal.getName().equals(user.getUsername())) {
|
||||
userService.회원수정(id, user);
|
||||
Authentication authentication =
|
||||
authenticationManager.authenticate(
|
||||
new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword()));
|
||||
SecurityContextHolder.getContext().setAuthentication(authentication);
|
||||
return new ResponseDto<>(1, HttpStatus.OK.value());
|
||||
}
|
||||
return new ResponseDto<>(-1, HttpStatus.BAD_REQUEST.value());
|
||||
|
||||
@@ -8,8 +8,6 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
@Service
|
||||
@RequiredArgsConstructor
|
||||
@Transactional(readOnly = true) // select 할 때 트랜잭션 시작, 서비스 종료시에 트랜잭션 종료 (정합성)
|
||||
|
||||
Reference in New Issue
Block a user