Apply Spring Security
This commit is contained in:
hou27
@@ -6,21 +6,24 @@ import demo.api.user.repository.UserRepository;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
|
||||
@Configuration
|
||||
public class AppConfig {
|
||||
private final UserRepository userRepository;
|
||||
private final PasswordEncoder bCryptPasswordEncoder;
|
||||
|
||||
public AppConfig(UserRepository userRepository) {
|
||||
public AppConfig(UserRepository userRepository, PasswordEncoder bCryptPasswordEncoder) {
|
||||
System.out.println("AppConfig");
|
||||
System.out.println("userRepository = " + userRepository);
|
||||
this.userRepository = userRepository;
|
||||
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public UserService userService() {
|
||||
System.out.println("userService");
|
||||
return new UserServiceImpl(userRepository);
|
||||
return new UserServiceImpl(userRepository, bCryptPasswordEncoder);
|
||||
}
|
||||
|
||||
// @Bean
|
||||
|
||||
47
src/main/java/demo/api/config/SecurityConfig.java
Normal file
47
src/main/java/demo/api/config/SecurityConfig.java
Normal file
@@ -0,0 +1,47 @@
|
||||
package demo.api.config;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
|
||||
/**
|
||||
* Spring Security 사용을 위한 Configuration Class를 작성하기 위해서
|
||||
* WebSecurityConfigurerAdapter를 상속하여 클래스를 생성하고
|
||||
* @Configuration 애노테이션 대신 @EnableWebSecurity 애노테이션을 추가한다.
|
||||
*/
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
/**
|
||||
* PasswordEncoder를 Bean으로 등록
|
||||
*/
|
||||
@Bean
|
||||
public BCryptPasswordEncoder bCryptPasswordEncoder() {
|
||||
return new BCryptPasswordEncoder();
|
||||
}
|
||||
|
||||
// /**
|
||||
// * 인증 or 인가가 필요 없는 경로를 설정
|
||||
// */
|
||||
// @Override
|
||||
// public void configure(WebSecurity web) throws Exception {
|
||||
// web.ignoring().antMatchers("/?/**");
|
||||
// }
|
||||
|
||||
/**
|
||||
* 인증 or 인가에 대한 설정
|
||||
*/
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.csrf().disable()
|
||||
.formLogin().disable()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/", "/user/signUp").permitAll()
|
||||
.anyRequest().authenticated();
|
||||
}
|
||||
}
|
||||
@@ -6,6 +6,7 @@ import demo.api.user.repository.UserRepository;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
@@ -14,13 +15,16 @@ import org.springframework.transaction.annotation.Transactional;
|
||||
@Transactional
|
||||
public class UserServiceImpl implements UserService {
|
||||
private final UserRepository userRepository;
|
||||
private final PasswordEncoder bCryptPasswordEncoder;
|
||||
|
||||
@Override
|
||||
public User signUp(UserSignUpRequest signUpReq) throws Exception {
|
||||
if(this.isEmailExist(signUpReq.getEmail())) {
|
||||
throw new Exception("Your Mail already Exist.");
|
||||
}
|
||||
return userRepository.save(signUpReq.toUserEntity());
|
||||
User newUser = signUpReq.toUserEntity();
|
||||
newUser.hashPassword(bCryptPasswordEncoder);
|
||||
return userRepository.save(newUser);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -8,7 +8,7 @@ import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import lombok.ToString;
|
||||
//import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
|
||||
// @Entity 어노테이션을 클래스에 선언하면 그 클래스는 JPA가 관리
|
||||
@Entity
|
||||
@@ -36,10 +36,10 @@ public class User extends CoreEntity {
|
||||
* @param passwordEncoder 암호화 할 인코더 클래스
|
||||
* @return 변경된 유저 Entity
|
||||
*/
|
||||
// public User hashPassword(PasswordEncoder passwordEncoder) {
|
||||
// this.password = passwordEncoder.encode(this.password);
|
||||
// return this;
|
||||
// }
|
||||
public User hashPassword(PasswordEncoder passwordEncoder) {
|
||||
this.password = passwordEncoder.encode(this.password);
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* 비밀번호 확인
|
||||
@@ -47,8 +47,7 @@ public class User extends CoreEntity {
|
||||
* @param passwordEncoder 암호화에 사용된 클래스
|
||||
* @return true | false
|
||||
*/
|
||||
// public boolean checkPassword(String plainPassword, PasswordEncoder passwordEncoder) {
|
||||
// System.out.println("checkPW");
|
||||
// return passwordEncoder.matches(plainPassword, this.password);
|
||||
// }
|
||||
public boolean checkPassword(String plainPassword, PasswordEncoder passwordEncoder) {
|
||||
return passwordEncoder.matches(plainPassword, this.password);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user