jpablog : spring security session 변경

jpablog/src/main/java/com/example/jpablog/config/SecurityConfig.java

@@ -4,6 +4,7 @@ import com.example.jpablog.config.auth.PrincipalDetailService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -24,9 +25,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         return new BCryptPasswordEncoder();
     }
 
+    @Bean
+    @Override
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+
     // 시큐리티가 대신 로그인 할때 어떤 해시를 사용했는지 알아야 DB와 비교가능
-
-
     @Override
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
         auth.userDetailsService(principalDetailService).passwordEncoder(encodePWD());

jpablog/src/main/java/com/example/jpablog/controller/api/UserApiController.java

@@ -1,15 +1,18 @@
 package com.example.jpablog.controller.api;
 
+import com.example.jpablog.config.auth.PrincipalDetail;
+import com.example.jpablog.config.auth.PrincipalDetailService;
 import com.example.jpablog.dto.ResponseDto;
-import com.example.jpablog.model.RoleType;
 import com.example.jpablog.model.User;
 import com.example.jpablog.service.UserService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;
 
-import javax.servlet.http.HttpSession;
 import java.security.Principal;
 
 @RestController
@@ -17,6 +20,7 @@ import java.security.Principal;
 public class UserApiController {
 
     private final UserService userService;
+    private final AuthenticationManager authenticationManager;
 
     @PostMapping("/auth/joinProc")
     public ResponseDto<Integer> save(@RequestBody User user) {
@@ -28,6 +32,10 @@ public class UserApiController {
     public ResponseDto<Integer> update(@PathVariable Long id, @RequestBody User user, Principal principal) {
         if (principal.getName().equals(user.getUsername())) {
             userService.회원수정(id, user);
+            Authentication authentication =
+                    authenticationManager.authenticate(
+                            new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword()));
+            SecurityContextHolder.getContext().setAuthentication(authentication);
             return new ResponseDto<>(1, HttpStatus.OK.value());
         }
         return new ResponseDto<>(-1, HttpStatus.BAD_REQUEST.value());

jpablog/src/main/java/com/example/jpablog/service/UserService.java

@@ -8,8 +8,6 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
-import java.util.Optional;
-
 @Service
 @RequiredArgsConstructor
 @Transactional(readOnly = true) // select 할 때 트랜잭션 시작, 서비스 종료시에 트랜잭션 종료 (정합성)