From a0bedb37915fec34f5cb9bbbc2ac888897141ab9 Mon Sep 17 00:00:00 2001
From: kim <haerong22@naver.com>
Date: Sat, 30 Jan 2021 18:21:17 +0900
Subject: [PATCH] jpablog : password encryption

---
 .../com/example/jpablog/config/SecurityConfig.java     | 10 +++++++++-
 .../jpablog/controller/api/UserApiController.java      |  2 +-
 .../java/com/example/jpablog/service/UserService.java  |  6 ++++++
 jpablog/src/main/resources/application.yml             |  2 +-
 4 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/jpablog/src/main/java/com/example/jpablog/config/SecurityConfig.java b/jpablog/src/main/java/com/example/jpablog/config/SecurityConfig.java
index 045257e1..1e1a69ef 100644
--- a/jpablog/src/main/java/com/example/jpablog/config/SecurityConfig.java
+++ b/jpablog/src/main/java/com/example/jpablog/config/SecurityConfig.java
@@ -1,22 +1,30 @@
 package com.example.jpablog.config;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
 @Configuration // bean 등록
 @EnableWebSecurity // 시큐리티 필터 등록
 @EnableGlobalMethodSecurity(prePostEnabled = true) // 특정 주소 접근시 먼저 권한 및 인증 체크
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
+    @Bean
+    public BCryptPasswordEncoder encodePWD() {
+        return new BCryptPasswordEncoder();
+    }
+
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
+                .csrf().disable() // csrf 토큰 비활성화
                 .authorizeRequests()
-                .antMatchers("/auth/**").permitAll()
+                .antMatchers("/", "/auth/**", "/js/**", "/css/**", "/images/**").permitAll()
                 .anyRequest().authenticated()
                 .and().formLogin().loginPage("/auth/loginForm");
     }
diff --git a/jpablog/src/main/java/com/example/jpablog/controller/api/UserApiController.java b/jpablog/src/main/java/com/example/jpablog/controller/api/UserApiController.java
index b37ab877..5bb9b732 100644
--- a/jpablog/src/main/java/com/example/jpablog/controller/api/UserApiController.java
+++ b/jpablog/src/main/java/com/example/jpablog/controller/api/UserApiController.java
@@ -6,6 +6,7 @@ import com.example.jpablog.model.User;
 import com.example.jpablog.service.UserService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -21,7 +22,6 @@ public class UserApiController {
 
     @PostMapping("/auth/joinProc")
     public ResponseDto<Integer> save(@RequestBody User user) {
-        user.setRole(RoleType.USER);
         int result = userService.회원가입(user);
         return new ResponseDto<>(result, HttpStatus.OK.value());
     }
diff --git a/jpablog/src/main/java/com/example/jpablog/service/UserService.java b/jpablog/src/main/java/com/example/jpablog/service/UserService.java
index cd1e95f0..77bc13e0 100644
--- a/jpablog/src/main/java/com/example/jpablog/service/UserService.java
+++ b/jpablog/src/main/java/com/example/jpablog/service/UserService.java
@@ -1,8 +1,10 @@
 package com.example.jpablog.service;
 
+import com.example.jpablog.model.RoleType;
 import com.example.jpablog.model.User;
 import com.example.jpablog.repository.UserRepository;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -14,9 +16,13 @@ import java.util.Optional;
 public class UserService {
 
     private final UserRepository userRepository;
+    private final BCryptPasswordEncoder encoder;
 
     @Transactional
     public int 회원가입(User user) {
+        String encPassword = encoder.encode(user.getPassword());
+        user.setPassword(encPassword);
+        user.setRole(RoleType.USER);
         userRepository.save(user);
         return 1;
     }
diff --git a/jpablog/src/main/resources/application.yml b/jpablog/src/main/resources/application.yml
index 07904d9e..c0c39ba5 100644
--- a/jpablog/src/main/resources/application.yml
+++ b/jpablog/src/main/resources/application.yml
@@ -22,7 +22,7 @@ spring:
   jpa:
     open-in-view: true
     hibernate:
-      ddl-auto: update
+      ddl-auto: create
 #      naming:
 #        physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
       use-new-id-generator-mappings: false