diff --git a/jpablog/src/main/java/com/example/jpablog/config/SecurityConfig.java b/jpablog/src/main/java/com/example/jpablog/config/SecurityConfig.java index 3c866395..2e1404f1 100644 --- a/jpablog/src/main/java/com/example/jpablog/config/SecurityConfig.java +++ b/jpablog/src/main/java/com/example/jpablog/config/SecurityConfig.java @@ -4,6 +4,7 @@ import com.example.jpablog.config.auth.PrincipalDetailService; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; @@ -24,9 +25,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { return new BCryptPasswordEncoder(); } + @Bean + @Override + public AuthenticationManager authenticationManagerBean() throws Exception { + return super.authenticationManagerBean(); + } + // 시큐리티가 대신 로그인 할때 어떤 해시를 사용했는지 알아야 DB와 비교가능 - - @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(principalDetailService).passwordEncoder(encodePWD()); diff --git a/jpablog/src/main/java/com/example/jpablog/controller/api/UserApiController.java b/jpablog/src/main/java/com/example/jpablog/controller/api/UserApiController.java index c542e645..874c52df 100644 --- a/jpablog/src/main/java/com/example/jpablog/controller/api/UserApiController.java +++ b/jpablog/src/main/java/com/example/jpablog/controller/api/UserApiController.java @@ -1,15 +1,18 @@ package com.example.jpablog.controller.api; +import com.example.jpablog.config.auth.PrincipalDetail; +import com.example.jpablog.config.auth.PrincipalDetailService; import com.example.jpablog.dto.ResponseDto; -import com.example.jpablog.model.RoleType; import com.example.jpablog.model.User; import com.example.jpablog.service.UserService; import lombok.RequiredArgsConstructor; import org.springframework.http.HttpStatus; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.bind.annotation.*; -import javax.servlet.http.HttpSession; import java.security.Principal; @RestController @@ -17,6 +20,7 @@ import java.security.Principal; public class UserApiController { private final UserService userService; + private final AuthenticationManager authenticationManager; @PostMapping("/auth/joinProc") public ResponseDto save(@RequestBody User user) { @@ -28,6 +32,10 @@ public class UserApiController { public ResponseDto update(@PathVariable Long id, @RequestBody User user, Principal principal) { if (principal.getName().equals(user.getUsername())) { userService.회원수정(id, user); + Authentication authentication = + authenticationManager.authenticate( + new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword())); + SecurityContextHolder.getContext().setAuthentication(authentication); return new ResponseDto<>(1, HttpStatus.OK.value()); } return new ResponseDto<>(-1, HttpStatus.BAD_REQUEST.value()); diff --git a/jpablog/src/main/java/com/example/jpablog/service/UserService.java b/jpablog/src/main/java/com/example/jpablog/service/UserService.java index 43357a0e..c545d92d 100644 --- a/jpablog/src/main/java/com/example/jpablog/service/UserService.java +++ b/jpablog/src/main/java/com/example/jpablog/service/UserService.java @@ -8,8 +8,6 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; -import java.util.Optional; - @Service @RequiredArgsConstructor @Transactional(readOnly = true) // select 할 때 트랜잭션 시작, 서비스 종료시에 트랜잭션 종료 (정합성)