Apply Spring Security
This commit is contained in:
hou27
@@ -44,7 +44,7 @@ dependencies {
|
||||
/*
|
||||
Security
|
||||
*/
|
||||
// implementation 'org.springframework.boot:spring-boot-starter-security'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-security'
|
||||
|
||||
/*
|
||||
Validation
|
||||
|
||||
@@ -6,21 +6,24 @@ import demo.api.user.repository.UserRepository;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
|
||||
@Configuration
|
||||
public class AppConfig {
|
||||
private final UserRepository userRepository;
|
||||
private final PasswordEncoder bCryptPasswordEncoder;
|
||||
|
||||
public AppConfig(UserRepository userRepository) {
|
||||
public AppConfig(UserRepository userRepository, PasswordEncoder bCryptPasswordEncoder) {
|
||||
System.out.println("AppConfig");
|
||||
System.out.println("userRepository = " + userRepository);
|
||||
this.userRepository = userRepository;
|
||||
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public UserService userService() {
|
||||
System.out.println("userService");
|
||||
return new UserServiceImpl(userRepository);
|
||||
return new UserServiceImpl(userRepository, bCryptPasswordEncoder);
|
||||
}
|
||||
|
||||
// @Bean
|
||||
|
||||
47
src/main/java/demo/api/config/SecurityConfig.java
Normal file
47
src/main/java/demo/api/config/SecurityConfig.java
Normal file
@@ -0,0 +1,47 @@
|
||||
package demo.api.config;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
|
||||
/**
|
||||
* Spring Security 사용을 위한 Configuration Class를 작성하기 위해서
|
||||
* WebSecurityConfigurerAdapter를 상속하여 클래스를 생성하고
|
||||
* @Configuration 애노테이션 대신 @EnableWebSecurity 애노테이션을 추가한다.
|
||||
*/
|
||||
@EnableWebSecurity
|
||||
public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
/**
|
||||
* PasswordEncoder를 Bean으로 등록
|
||||
*/
|
||||
@Bean
|
||||
public BCryptPasswordEncoder bCryptPasswordEncoder() {
|
||||
return new BCryptPasswordEncoder();
|
||||
}
|
||||
|
||||
// /**
|
||||
// * 인증 or 인가가 필요 없는 경로를 설정
|
||||
// */
|
||||
// @Override
|
||||
// public void configure(WebSecurity web) throws Exception {
|
||||
// web.ignoring().antMatchers("/?/**");
|
||||
// }
|
||||
|
||||
/**
|
||||
* 인증 or 인가에 대한 설정
|
||||
*/
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.csrf().disable()
|
||||
.formLogin().disable()
|
||||
.authorizeRequests()
|
||||
.antMatchers("/", "/user/signUp").permitAll()
|
||||
.anyRequest().authenticated();
|
||||
}
|
||||
}
|
||||
@@ -6,6 +6,7 @@ import demo.api.user.repository.UserRepository;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
@@ -14,13 +15,16 @@ import org.springframework.transaction.annotation.Transactional;
|
||||
@Transactional
|
||||
public class UserServiceImpl implements UserService {
|
||||
private final UserRepository userRepository;
|
||||
private final PasswordEncoder bCryptPasswordEncoder;
|
||||
|
||||
@Override
|
||||
public User signUp(UserSignUpRequest signUpReq) throws Exception {
|
||||
if(this.isEmailExist(signUpReq.getEmail())) {
|
||||
throw new Exception("Your Mail already Exist.");
|
||||
}
|
||||
return userRepository.save(signUpReq.toUserEntity());
|
||||
User newUser = signUpReq.toUserEntity();
|
||||
newUser.hashPassword(bCryptPasswordEncoder);
|
||||
return userRepository.save(newUser);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -8,7 +8,7 @@ import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import lombok.ToString;
|
||||
//import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
|
||||
// @Entity 어노테이션을 클래스에 선언하면 그 클래스는 JPA가 관리
|
||||
@Entity
|
||||
@@ -36,10 +36,10 @@ public class User extends CoreEntity {
|
||||
* @param passwordEncoder 암호화 할 인코더 클래스
|
||||
* @return 변경된 유저 Entity
|
||||
*/
|
||||
// public User hashPassword(PasswordEncoder passwordEncoder) {
|
||||
// this.password = passwordEncoder.encode(this.password);
|
||||
// return this;
|
||||
// }
|
||||
public User hashPassword(PasswordEncoder passwordEncoder) {
|
||||
this.password = passwordEncoder.encode(this.password);
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* 비밀번호 확인
|
||||
@@ -47,8 +47,7 @@ public class User extends CoreEntity {
|
||||
* @param passwordEncoder 암호화에 사용된 클래스
|
||||
* @return true | false
|
||||
*/
|
||||
// public boolean checkPassword(String plainPassword, PasswordEncoder passwordEncoder) {
|
||||
// System.out.println("checkPW");
|
||||
// return passwordEncoder.matches(plainPassword, this.password);
|
||||
// }
|
||||
public boolean checkPassword(String plainPassword, PasswordEncoder passwordEncoder) {
|
||||
return passwordEncoder.matches(plainPassword, this.password);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -18,6 +18,7 @@ import org.mockito.InjectMocks;
|
||||
import org.mockito.Mock;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
@SpringBootTest
|
||||
@@ -30,24 +31,44 @@ class UserServiceTest {
|
||||
private UserService userService;
|
||||
@Autowired
|
||||
private UserRepository userRepository;
|
||||
@Autowired
|
||||
private PasswordEncoder bCryptPasswordEncoder;
|
||||
|
||||
@BeforeEach
|
||||
public void beforeEach() {
|
||||
AppConfig appConfig = new AppConfig(userRepository);
|
||||
AppConfig appConfig = new AppConfig(userRepository, bCryptPasswordEncoder);
|
||||
userService = appConfig.userService();
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("유저 회원가입")
|
||||
void signUp() throws Exception {
|
||||
// given
|
||||
UserSignUpRequest user = createSignUpRequest();
|
||||
System.out.println("user = " + user.toString());
|
||||
|
||||
// when
|
||||
User newUser = userService.signUp(user);
|
||||
|
||||
// then
|
||||
System.out.println("newUser = " + newUser.toString());
|
||||
assertThat(newUser.getEmail()).isEqualTo(EMAIL);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("비밀번호는 암호화되어야 한다.")
|
||||
void hashPassword() throws Exception {
|
||||
// given
|
||||
UserSignUpRequest user = createSignUpRequest();
|
||||
|
||||
// when
|
||||
User newUser = userService.signUp(user);
|
||||
|
||||
// then
|
||||
System.out.println("newUser pw = " + newUser.getPassword());
|
||||
assertThat(newUser.getPassword()).isNotEqualTo(PASSWORD);
|
||||
}
|
||||
|
||||
@Test
|
||||
@DisplayName("모든 유저 리스트를 반환")
|
||||
void findAll() throws Exception {
|
||||
|
||||
Reference in New Issue
Block a user