package com.spring.security1.controller; import com.spring.security1.model.User; import com.spring.security1.repository.UserRepository; import lombok.RequiredArgsConstructor; import org.springframework.security.access.annotation.Secured; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.ResponseBody; @Controller @RequiredArgsConstructor public class IndexController { private final UserRepository userRepository; private final BCryptPasswordEncoder bCryptPasswordEncoder; @GetMapping({"", "/"}) public String index() { // 머스테치 기본폴더 src/main/resources/ // 뷰리졸버 설정 : template (prefix), .mustache (suffix) -> 생략가능 return "index"; } @ResponseBody @GetMapping("/user") public String user() { return "user"; } @ResponseBody @GetMapping("/admin") public String admin() { return "admin"; } @ResponseBody @GetMapping("/manager") public String manager() { return "manager"; } @GetMapping("/loginForm") public String loginForm() { return "loginForm"; } @GetMapping("/joinForm") public String joinForm() { return "joinForm"; } @PostMapping("/join") public String join(User user) { System.out.println(user); user.setRole("ROLE_USER"); // 패스워드가 암호화 되지 않으면 시큐리티로 로그인 할 수 없음. String rawPassword = user.getPassword(); String encPassword = bCryptPasswordEncoder.encode(rawPassword); user.setPassword(encPassword); userRepository.save(user); return "redirect:/loginForm"; } @Secured("ROLE_ADMIN") @GetMapping("/info") public @ResponseBody String info () { return "개인정보"; } @PreAuthorize("hasRole('ROLE_MANAGER') or hasRole('ROLE_ADMIN')") @GetMapping("/data") public @ResponseBody String data () { return "데이터정보"; } }