diff --git a/build.gradle b/build.gradle
index 89aeeb7..4a7a1ae 100644
--- a/build.gradle
+++ b/build.gradle
@@ -13,14 +13,12 @@ repositories {
}
dependencies {
- implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.apache.tomcat.embed:tomcat-embed-jasper'
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
runtimeOnly 'com.h2database:h2'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
- testImplementation 'org.springframework.security:spring-security-test'
}
tasks.named('test') {
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/AdminAuthorize.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/AdminAuthorize.java
deleted file mode 100644
index ddc81e5..0000000
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/AdminAuthorize.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package com.nahwasa.springsecuritybasicsettingforspringboot3.config;
-
-import org.springframework.security.access.prepost.PreAuthorize;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-@Target({ ElementType.METHOD, ElementType.TYPE })
-@Retention(RetentionPolicy.RUNTIME)
-@PreAuthorize("hasAnyRole('ADMIN')")
-public @interface AdminAuthorize {
-}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/MyUserDetailService.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/MyUserDetailService.java
deleted file mode 100644
index 6b4d315..0000000
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/MyUserDetailService.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package com.nahwasa.springsecuritybasicsettingforspringboot3.config;
-
-import com.nahwasa.springsecuritybasicsettingforspringboot3.domain.Member;
-import com.nahwasa.springsecuritybasicsettingforspringboot3.service.MemberService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.stereotype.Component;
-
-import java.util.Optional;
-
-@Component
-public class MyUserDetailService implements UserDetailsService {
- private final MemberService memberService;
-
- @Autowired
- public MyUserDetailService(MemberService memberService) {
- this.memberService = memberService;
- }
-
- @Override
- public UserDetails loadUserByUsername(String insertedUserId) throws UsernameNotFoundException {
- Optional<Member> findOne = memberService.findOne(insertedUserId);
- Member member = findOne.orElseThrow(() -> new UsernameNotFoundException("없는 회원입니다 ㅠ"));
-
- return User.builder()
- .username(member.getUserid())
- .password(member.getPw())
- .roles(member.getRoles())
- .build();
- }
-}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/SpringSecurityConfig.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/SpringSecurityConfig.java
deleted file mode 100644
index a060d31..0000000
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/SpringSecurityConfig.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package com.nahwasa.springsecuritybasicsettingforspringboot3.config;
-
-import jakarta.servlet.DispatcherType;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.web.SecurityFilterChain;
-
-import static org.springframework.security.config.Customizer.withDefaults;
-
-@Configuration
-@EnableMethodSecurity
-public class SpringSecurityConfig {
-
- @Bean
- public PasswordEncoder passwordEncoder() {
- return new BCryptPasswordEncoder();
- }
-
- @Bean
- public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
- http.csrf().disable().cors().disable()
- .authorizeHttpRequests(request -> request
- .dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll()
- .requestMatchers("/status", "/images/**", "/view/join", "/auth/join").permitAll()
- .anyRequest().authenticated()
- )
- .formLogin(login -> login
- .loginPage("/view/login")
- .loginProcessingUrl("/login-process")
- .usernameParameter("userid")
- .passwordParameter("pw")
- .defaultSuccessUrl("/view/dashboard", true)
- .permitAll()
- )
- .logout(withDefaults());
-
- return http.build();
- }
-}
\ No newline at end of file
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/UserAuthorize.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/UserAuthorize.java
deleted file mode 100644
index c75b3a5..0000000
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/UserAuthorize.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package com.nahwasa.springsecuritybasicsettingforspringboot3.config;
-
-import org.springframework.security.access.prepost.PreAuthorize;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-@Target({ ElementType.METHOD, ElementType.TYPE })
-@Retention(RetentionPolicy.RUNTIME)
-@PreAuthorize("hasAnyRole('USER')")
-public @interface UserAuthorize {
-}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/AuthorizationController.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/AuthorizationController.java
index b552b6d..b64538b 100644
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/AuthorizationController.java
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/AuthorizationController.java
@@ -11,14 +11,12 @@
@RestController
@RequestMapping("/auth")
public class AuthorizationController {
-
private final RegisterMemberService registerMemberService;
public AuthorizationController(RegisterMemberService registerMemberService) {
this.registerMemberService = registerMemberService;
}
-
@PostMapping("/join")
public ResponseEntity<String> join(@RequestBody MemberJoinDto dto) {
try {
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/LoginController.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/LoginController.java
new file mode 100644
index 0000000..e95856e
--- /dev/null
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/LoginController.java
@@ -0,0 +1,30 @@
+package com.nahwasa.springsecuritybasicsettingforspringboot3.controller;
+
+import com.nahwasa.springsecuritybasicsettingforspringboot3.dto.MemberLoginDto;
+import com.nahwasa.springsecuritybasicsettingforspringboot3.service.MemberService;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+@RequestMapping("/")
+public class LoginController {
+ private final MemberService memberService;
+
+ public LoginController(MemberService memberService) {
+ this.memberService = memberService;
+ }
+
+ @PostMapping("/login-process")
+ public String login(MemberLoginDto dto) {
+ boolean isValidMember = memberService.isValidMember(dto.getUserid(), dto.getPw());
+ if (isValidMember)
+ return "dashboard";
+ return "login";
+ }
+
+ @PostMapping("/logout")
+ public String logout() {
+ return "login";
+ }
+}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/ViewController.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/ViewController.java
index 9902b7c..572fe9f 100644
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/ViewController.java
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/ViewController.java
@@ -1,9 +1,5 @@
package com.nahwasa.springsecuritybasicsettingforspringboot3.controller;
-import com.nahwasa.springsecuritybasicsettingforspringboot3.config.AdminAuthorize;
-import com.nahwasa.springsecuritybasicsettingforspringboot3.config.UserAuthorize;
-import org.springframework.security.core.annotation.AuthenticationPrincipal;
-import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
@@ -24,20 +20,16 @@ public String joinPage() {
}
@GetMapping("/dashboard")
- public String dashboardPage(@AuthenticationPrincipal User user, Model model) {
- model.addAttribute("loginId", user.getUsername());
- model.addAttribute("loginRoles", user.getAuthorities());
+ public String dashboardPage(Model model) {
return "dashboard";
}
@GetMapping("/setting/admin")
- @AdminAuthorize
public String adminSettingPage() {
return "admin_setting";
}
@GetMapping("/setting/user")
- @UserAuthorize
public String userSettingPage() {
return "user_setting";
}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/domain/Member.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/domain/Member.java
index 988e372..636efc0 100644
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/domain/Member.java
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/domain/Member.java
@@ -1,7 +1,6 @@
package com.nahwasa.springsecuritybasicsettingforspringboot3.domain;
import jakarta.persistence.*;
-import org.springframework.security.crypto.password.PasswordEncoder;
@Entity
public class Member {
@@ -25,8 +24,8 @@ private Member(Long id, String userid, String pw, String roleUser) {
protected Member() {}
- public static Member createUser(String userId, String pw, PasswordEncoder passwordEncoder) {
- return new Member(null, userId, passwordEncoder.encode(pw), "USER");
+ public static Member createUser(String userId, String pw) {
+ return new Member(null, userId, pw, "USER");
}
public Long getId() {
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/dto/MemberLoginDto.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/dto/MemberLoginDto.java
new file mode 100644
index 0000000..1210e5a
--- /dev/null
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/dto/MemberLoginDto.java
@@ -0,0 +1,23 @@
+package com.nahwasa.springsecuritybasicsettingforspringboot3.dto;
+
+public class MemberLoginDto {
+
+ private String userid;
+ private String pw;
+
+ public String getUserid() {
+ return userid;
+ }
+
+ public void setUserid(String userid) {
+ this.userid = userid;
+ }
+
+ public String getPw() {
+ return pw;
+ }
+
+ public void setPw(String pw) {
+ this.pw = pw;
+ }
+}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/MemberService.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/MemberService.java
index 999310d..c2e7314 100644
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/MemberService.java
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/MemberService.java
@@ -19,4 +19,12 @@ public MemberService(MemberRepository repository) {
public Optional<Member> findOne(String userId) {
return repository.findByUserid(userId);
}
+
+ public boolean isValidMember(String userId, String password) {
+ Optional<Member> member = findOne(userId);
+ if (member.isPresent()) {
+ return member.get().getPw().equals(password);
+ }
+ return false;
+ }
}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/RegisterMemberService.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/RegisterMemberService.java
index 636cfca..b776918 100644
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/RegisterMemberService.java
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/RegisterMemberService.java
@@ -3,22 +3,19 @@
import com.nahwasa.springsecuritybasicsettingforspringboot3.domain.Member;
import com.nahwasa.springsecuritybasicsettingforspringboot3.repository.MemberRepository;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
@Service
public class RegisterMemberService {
- private final PasswordEncoder passwordEncoder;
private final MemberRepository repository;
@Autowired
- public RegisterMemberService(PasswordEncoder passwordEncoder, MemberRepository repository) {
- this.passwordEncoder = passwordEncoder;
+ public RegisterMemberService(MemberRepository repository) {
this.repository = repository;
}
public Long join(String userid, String pw) {
- Member member = Member.createUser(userid, pw, passwordEncoder);
+ Member member = Member.createUser(userid, pw);
validateDuplicateMember(member);
repository.save(member);
diff --git a/src/main/resources/data.sql b/src/main/resources/data.sql
index ea7af6c..5566c47 100644
--- a/src/main/resources/data.sql
+++ b/src/main/resources/data.sql
@@ -1,2 +1,2 @@
-insert into member(userid, pw, roles) values ('nahwasa', '$2a$12$jcKXsj4ZAIkGgZdnUQ6EcOduMlurEtX7Szjhr.kQp2iQXNucjZMI6', 'ADMIN');
-insert into member(userid, pw, roles) values ('user', '$2a$12$jcKXsj4ZAIkGgZdnUQ6EcOduMlurEtX7Szjhr.kQp2iQXNucjZMI6', 'USER');
\ No newline at end of file
+insert into member(userid, pw, roles) values ('nahwasa', '1234', 'ADMIN');
+insert into member(userid, pw, roles) values ('user', '1234', 'USER');
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/views/dashboard.jsp b/src/main/webapp/WEB-INF/views/dashboard.jsp
index 2fb9eeb..0112a25 100644
--- a/src/main/webapp/WEB-INF/views/dashboard.jsp
+++ b/src/main/webapp/WEB-INF/views/dashboard.jsp
@@ -16,13 +16,11 @@
<h3 class="form-signin-heading text-center mb-5">nahwasa.com</h3>
<h3 class="overview-normalize">접속 아이디</h3>
- <p>
- ${loginId}
+ <p id='login_id'>
</p>
<hr/>
<h3 class="overview-normalize">역할</h3>
- <p>
- ${loginRoles}
+ <p id='pw'>
</p>
<hr/>
<h3 class="overview-normalize">역할에 따른 페이지 이동 권한 확인</h3>
@@ -32,8 +30,18 @@
</p>
<hr/>
<form method="post" action="/logout">
- <button class="btn btn-sm btn-danger btn-block" type="submit">로그아웃</button>
+ <button class="btn btn-sm btn-danger btn-block" type="submit" id="logout_btn">로그아웃</button>
</form>
+
+ <script>
+ const loginId = document.getElementById('login_id');
+ loginId.innerHTML = sessionStorage.getItem('userid');
+
+ const logoutBtn = document.getElementById('logout_btn');
+ logoutBtn.addEventListener('click', () => {
+ sessionStorage.setItem('userid', '');
+ });
+ </script>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/views/login.jsp b/src/main/webapp/WEB-INF/views/login.jsp
index 916baad..692126c 100644
--- a/src/main/webapp/WEB-INF/views/login.jsp
+++ b/src/main/webapp/WEB-INF/views/login.jsp
@@ -27,12 +27,20 @@
<label for="password" class="sr-only">비밀번호</label>
<input type="password" id="password" name="pw" class="form-control" placeholder="비밀번호" required="">
</p>
- <button class="btn btn-lg btn-primary btn-block" type="submit">로그인</button>
+ <button class="btn btn-lg btn-primary btn-block" type="submit" id="login_btn">로그인</button>
</form>
<form class="form-signin" method="get" action="/view/join">
<button class="btn btn-lg btn-warning btn-block" type="submit">회원가입하기</button>
</form>
+
+ <script>
+ const loginBtn = document.getElementById('login_btn');
+
+ loginBtn.addEventListener('click', () => {
+ sessionStorage.setItem('userid', document.getElementById('username').value);
+ });
+ </script>
</div>
</body>
</html>
\ No newline at end of file