From 9f8257c40e78ee725e9158f4911fbce20c0bafe0 Mon Sep 17 00:00:00 2001
From: nahwasa <nahwasa@gmail.com>
Date: Tue, 7 Feb 2023 23:19:22 +0900
Subject: [PATCH 1/2] =?UTF-8?q?=EB=B8=94=EB=A1=9C=EA=B7=B8=EC=97=90?=
=?UTF-8?q?=EC=84=9C=20=EC=8A=A4=ED=94=84=EB=A7=81=20=EC=8B=9C=ED=81=90?=
=?UTF-8?q?=EB=A6=AC=ED=8B=B0=EB=A5=BC=20=EB=B6=99=EC=97=AC=EB=82=98?=
=?UTF-8?q?=EA=B0=80=EB=8A=94=20=EA=B3=BC=EC=A0=95=EC=9D=84=20=EB=B3=B4?=
=?UTF-8?q?=EA=B8=B0=20=EC=9C=84=ED=95=B4=20=EC=8B=9C=ED=81=90=EB=A6=AC?=
=?UTF-8?q?=ED=8B=B0=20=EA=B4=80=EB=A0=A8=EB=90=9C=20=EB=82=B4=EC=9A=A9?=
=?UTF-8?q?=EC=9D=84=20=EB=AA=A8=EB=91=90=20=EC=A0=9C=EC=99=B8=ED=95=9C=20?=
=?UTF-8?q?=ED=94=84=EB=A1=9C=EC=A0=9D=ED=8A=B8.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
build.gradle | 2 -
.../config/AdminAuthorize.java | 14 ------
.../config/MyUserDetailService.java | 34 ---------------
.../config/SpringSecurityConfig.java | 43 -------------------
.../config/UserAuthorize.java | 14 ------
.../controller/AuthorizationController.java | 2 -
.../controller/LoginController.java | 30 +++++++++++++
.../controller/ViewController.java | 10 +----
.../domain/Member.java | 5 +--
.../dto/MemberLoginDto.java | 23 ++++++++++
.../service/MemberService.java | 8 ++++
.../service/RegisterMemberService.java | 7 +--
src/main/resources/data.sql | 4 +-
13 files changed, 68 insertions(+), 128 deletions(-)
delete mode 100644 src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/AdminAuthorize.java
delete mode 100644 src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/MyUserDetailService.java
delete mode 100644 src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/SpringSecurityConfig.java
delete mode 100644 src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/UserAuthorize.java
create mode 100644 src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/LoginController.java
create mode 100644 src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/dto/MemberLoginDto.java
diff --git a/build.gradle b/build.gradle
index 89aeeb7..4a7a1ae 100644
--- a/build.gradle
+++ b/build.gradle
@@ -13,14 +13,12 @@ repositories {
}
dependencies {
- implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.apache.tomcat.embed:tomcat-embed-jasper'
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
runtimeOnly 'com.h2database:h2'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
- testImplementation 'org.springframework.security:spring-security-test'
}
tasks.named('test') {
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/AdminAuthorize.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/AdminAuthorize.java
deleted file mode 100644
index ddc81e5..0000000
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/AdminAuthorize.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package com.nahwasa.springsecuritybasicsettingforspringboot3.config;
-
-import org.springframework.security.access.prepost.PreAuthorize;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-@Target({ ElementType.METHOD, ElementType.TYPE })
-@Retention(RetentionPolicy.RUNTIME)
-@PreAuthorize("hasAnyRole('ADMIN')")
-public @interface AdminAuthorize {
-}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/MyUserDetailService.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/MyUserDetailService.java
deleted file mode 100644
index 6b4d315..0000000
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/MyUserDetailService.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package com.nahwasa.springsecuritybasicsettingforspringboot3.config;
-
-import com.nahwasa.springsecuritybasicsettingforspringboot3.domain.Member;
-import com.nahwasa.springsecuritybasicsettingforspringboot3.service.MemberService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.stereotype.Component;
-
-import java.util.Optional;
-
-@Component
-public class MyUserDetailService implements UserDetailsService {
- private final MemberService memberService;
-
- @Autowired
- public MyUserDetailService(MemberService memberService) {
- this.memberService = memberService;
- }
-
- @Override
- public UserDetails loadUserByUsername(String insertedUserId) throws UsernameNotFoundException {
- Optional<Member> findOne = memberService.findOne(insertedUserId);
- Member member = findOne.orElseThrow(() -> new UsernameNotFoundException("없는 회원입니다 ㅠ"));
-
- return User.builder()
- .username(member.getUserid())
- .password(member.getPw())
- .roles(member.getRoles())
- .build();
- }
-}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/SpringSecurityConfig.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/SpringSecurityConfig.java
deleted file mode 100644
index a060d31..0000000
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/SpringSecurityConfig.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package com.nahwasa.springsecuritybasicsettingforspringboot3.config;
-
-import jakarta.servlet.DispatcherType;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.web.SecurityFilterChain;
-
-import static org.springframework.security.config.Customizer.withDefaults;
-
-@Configuration
-@EnableMethodSecurity
-public class SpringSecurityConfig {
-
- @Bean
- public PasswordEncoder passwordEncoder() {
- return new BCryptPasswordEncoder();
- }
-
- @Bean
- public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
- http.csrf().disable().cors().disable()
- .authorizeHttpRequests(request -> request
- .dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll()
- .requestMatchers("/status", "/images/**", "/view/join", "/auth/join").permitAll()
- .anyRequest().authenticated()
- )
- .formLogin(login -> login
- .loginPage("/view/login")
- .loginProcessingUrl("/login-process")
- .usernameParameter("userid")
- .passwordParameter("pw")
- .defaultSuccessUrl("/view/dashboard", true)
- .permitAll()
- )
- .logout(withDefaults());
-
- return http.build();
- }
-}
\ No newline at end of file
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/UserAuthorize.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/UserAuthorize.java
deleted file mode 100644
index c75b3a5..0000000
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/UserAuthorize.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package com.nahwasa.springsecuritybasicsettingforspringboot3.config;
-
-import org.springframework.security.access.prepost.PreAuthorize;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-@Target({ ElementType.METHOD, ElementType.TYPE })
-@Retention(RetentionPolicy.RUNTIME)
-@PreAuthorize("hasAnyRole('USER')")
-public @interface UserAuthorize {
-}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/AuthorizationController.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/AuthorizationController.java
index b552b6d..b64538b 100644
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/AuthorizationController.java
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/AuthorizationController.java
@@ -11,14 +11,12 @@
@RestController
@RequestMapping("/auth")
public class AuthorizationController {
-
private final RegisterMemberService registerMemberService;
public AuthorizationController(RegisterMemberService registerMemberService) {
this.registerMemberService = registerMemberService;
}
-
@PostMapping("/join")
public ResponseEntity<String> join(@RequestBody MemberJoinDto dto) {
try {
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/LoginController.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/LoginController.java
new file mode 100644
index 0000000..e95856e
--- /dev/null
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/LoginController.java
@@ -0,0 +1,30 @@
+package com.nahwasa.springsecuritybasicsettingforspringboot3.controller;
+
+import com.nahwasa.springsecuritybasicsettingforspringboot3.dto.MemberLoginDto;
+import com.nahwasa.springsecuritybasicsettingforspringboot3.service.MemberService;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+@RequestMapping("/")
+public class LoginController {
+ private final MemberService memberService;
+
+ public LoginController(MemberService memberService) {
+ this.memberService = memberService;
+ }
+
+ @PostMapping("/login-process")
+ public String login(MemberLoginDto dto) {
+ boolean isValidMember = memberService.isValidMember(dto.getUserid(), dto.getPw());
+ if (isValidMember)
+ return "dashboard";
+ return "login";
+ }
+
+ @PostMapping("/logout")
+ public String logout() {
+ return "login";
+ }
+}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/ViewController.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/ViewController.java
index 9902b7c..572fe9f 100644
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/ViewController.java
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/ViewController.java
@@ -1,9 +1,5 @@
package com.nahwasa.springsecuritybasicsettingforspringboot3.controller;
-import com.nahwasa.springsecuritybasicsettingforspringboot3.config.AdminAuthorize;
-import com.nahwasa.springsecuritybasicsettingforspringboot3.config.UserAuthorize;
-import org.springframework.security.core.annotation.AuthenticationPrincipal;
-import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
@@ -24,20 +20,16 @@ public String joinPage() {
}
@GetMapping("/dashboard")
- public String dashboardPage(@AuthenticationPrincipal User user, Model model) {
- model.addAttribute("loginId", user.getUsername());
- model.addAttribute("loginRoles", user.getAuthorities());
+ public String dashboardPage(Model model) {
return "dashboard";
}
@GetMapping("/setting/admin")
- @AdminAuthorize
public String adminSettingPage() {
return "admin_setting";
}
@GetMapping("/setting/user")
- @UserAuthorize
public String userSettingPage() {
return "user_setting";
}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/domain/Member.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/domain/Member.java
index 988e372..636efc0 100644
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/domain/Member.java
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/domain/Member.java
@@ -1,7 +1,6 @@
package com.nahwasa.springsecuritybasicsettingforspringboot3.domain;
import jakarta.persistence.*;
-import org.springframework.security.crypto.password.PasswordEncoder;
@Entity
public class Member {
@@ -25,8 +24,8 @@ private Member(Long id, String userid, String pw, String roleUser) {
protected Member() {}
- public static Member createUser(String userId, String pw, PasswordEncoder passwordEncoder) {
- return new Member(null, userId, passwordEncoder.encode(pw), "USER");
+ public static Member createUser(String userId, String pw) {
+ return new Member(null, userId, pw, "USER");
}
public Long getId() {
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/dto/MemberLoginDto.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/dto/MemberLoginDto.java
new file mode 100644
index 0000000..1210e5a
--- /dev/null
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/dto/MemberLoginDto.java
@@ -0,0 +1,23 @@
+package com.nahwasa.springsecuritybasicsettingforspringboot3.dto;
+
+public class MemberLoginDto {
+
+ private String userid;
+ private String pw;
+
+ public String getUserid() {
+ return userid;
+ }
+
+ public void setUserid(String userid) {
+ this.userid = userid;
+ }
+
+ public String getPw() {
+ return pw;
+ }
+
+ public void setPw(String pw) {
+ this.pw = pw;
+ }
+}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/MemberService.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/MemberService.java
index 999310d..c2e7314 100644
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/MemberService.java
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/MemberService.java
@@ -19,4 +19,12 @@ public MemberService(MemberRepository repository) {
public Optional<Member> findOne(String userId) {
return repository.findByUserid(userId);
}
+
+ public boolean isValidMember(String userId, String password) {
+ Optional<Member> member = findOne(userId);
+ if (member.isPresent()) {
+ return member.get().getPw().equals(password);
+ }
+ return false;
+ }
}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/RegisterMemberService.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/RegisterMemberService.java
index 636cfca..b776918 100644
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/RegisterMemberService.java
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/RegisterMemberService.java
@@ -3,22 +3,19 @@
import com.nahwasa.springsecuritybasicsettingforspringboot3.domain.Member;
import com.nahwasa.springsecuritybasicsettingforspringboot3.repository.MemberRepository;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
@Service
public class RegisterMemberService {
- private final PasswordEncoder passwordEncoder;
private final MemberRepository repository;
@Autowired
- public RegisterMemberService(PasswordEncoder passwordEncoder, MemberRepository repository) {
- this.passwordEncoder = passwordEncoder;
+ public RegisterMemberService(MemberRepository repository) {
this.repository = repository;
}
public Long join(String userid, String pw) {
- Member member = Member.createUser(userid, pw, passwordEncoder);
+ Member member = Member.createUser(userid, pw);
validateDuplicateMember(member);
repository.save(member);
diff --git a/src/main/resources/data.sql b/src/main/resources/data.sql
index ea7af6c..5566c47 100644
--- a/src/main/resources/data.sql
+++ b/src/main/resources/data.sql
@@ -1,2 +1,2 @@
-insert into member(userid, pw, roles) values ('nahwasa', '$2a$12$jcKXsj4ZAIkGgZdnUQ6EcOduMlurEtX7Szjhr.kQp2iQXNucjZMI6', 'ADMIN');
-insert into member(userid, pw, roles) values ('user', '$2a$12$jcKXsj4ZAIkGgZdnUQ6EcOduMlurEtX7Szjhr.kQp2iQXNucjZMI6', 'USER');
\ No newline at end of file
+insert into member(userid, pw, roles) values ('nahwasa', '1234', 'ADMIN');
+insert into member(userid, pw, roles) values ('user', '1234', 'USER');
\ No newline at end of file
From 134b2468f6fbb155fac1e08d0bb7ae2670650397 Mon Sep 17 00:00:00 2001
From: nahwasa <nahwasa@gmail.com>
Date: Tue, 7 Feb 2023 23:32:09 +0900
Subject: [PATCH 2/2] =?UTF-8?q?=EB=B8=94=EB=A1=9C=EA=B7=B8=EC=97=90?=
=?UTF-8?q?=EC=84=9C=20=EC=8A=A4=ED=94=84=EB=A7=81=20=EC=8B=9C=ED=81=90?=
=?UTF-8?q?=EB=A6=AC=ED=8B=B0=EB=A5=BC=20=EB=B6=99=EC=97=AC=EB=82=98?=
=?UTF-8?q?=EA=B0=80=EB=8A=94=20=EA=B3=BC=EC=A0=95=EC=9D=84=20=EB=B3=B4?=
=?UTF-8?q?=EA=B8=B0=20=EC=9C=84=ED=95=B4=20=EC=8B=9C=ED=81=90=EB=A6=AC?=
=?UTF-8?q?=ED=8B=B0=20=EA=B4=80=EB=A0=A8=EB=90=9C=20=EB=82=B4=EC=9A=A9?=
=?UTF-8?q?=EC=9D=84=20=EB=AA=A8=EB=91=90=20=EC=A0=9C=EC=99=B8=ED=95=9C=20?=
=?UTF-8?q?=ED=94=84=EB=A1=9C=EC=A0=9D=ED=8A=B8=20-=20=ED=94=84=EB=A1=A0?=
=?UTF-8?q?=ED=8A=B8=EB=8F=84=20sessionStorage=EC=97=90=20id=20=EB=8B=B4?=
=?UTF-8?q?=EC=95=84=EB=91=90=EB=8F=84=EB=A1=9D=20=EB=B3=80=EA=B2=BD=20?=
=?UTF-8?q?=E3=85=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
src/main/webapp/WEB-INF/views/dashboard.jsp | 18 +++++++++++++-----
src/main/webapp/WEB-INF/views/login.jsp | 10 +++++++++-
2 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/src/main/webapp/WEB-INF/views/dashboard.jsp b/src/main/webapp/WEB-INF/views/dashboard.jsp
index 2fb9eeb..0112a25 100644
--- a/src/main/webapp/WEB-INF/views/dashboard.jsp
+++ b/src/main/webapp/WEB-INF/views/dashboard.jsp
@@ -16,13 +16,11 @@
<h3 class="form-signin-heading text-center mb-5">nahwasa.com</h3>
<h3 class="overview-normalize">접속 아이디</h3>
- <p>
- ${loginId}
+ <p id='login_id'>
</p>
<hr/>
<h3 class="overview-normalize">역할</h3>
- <p>
- ${loginRoles}
+ <p id='pw'>
</p>
<hr/>
<h3 class="overview-normalize">역할에 따른 페이지 이동 권한 확인</h3>
@@ -32,8 +30,18 @@
</p>
<hr/>
<form method="post" action="/logout">
- <button class="btn btn-sm btn-danger btn-block" type="submit">로그아웃</button>
+ <button class="btn btn-sm btn-danger btn-block" type="submit" id="logout_btn">로그아웃</button>
</form>
+
+ <script>
+ const loginId = document.getElementById('login_id');
+ loginId.innerHTML = sessionStorage.getItem('userid');
+
+ const logoutBtn = document.getElementById('logout_btn');
+ logoutBtn.addEventListener('click', () => {
+ sessionStorage.setItem('userid', '');
+ });
+ </script>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/views/login.jsp b/src/main/webapp/WEB-INF/views/login.jsp
index 916baad..692126c 100644
--- a/src/main/webapp/WEB-INF/views/login.jsp
+++ b/src/main/webapp/WEB-INF/views/login.jsp
@@ -27,12 +27,20 @@
<label for="password" class="sr-only">비밀번호</label>
<input type="password" id="password" name="pw" class="form-control" placeholder="비밀번호" required="">
</p>
- <button class="btn btn-lg btn-primary btn-block" type="submit">로그인</button>
+ <button class="btn btn-lg btn-primary btn-block" type="submit" id="login_btn">로그인</button>
</form>
<form class="form-signin" method="get" action="/view/join">
<button class="btn btn-lg btn-warning btn-block" type="submit">회원가입하기</button>
</form>
+
+ <script>
+ const loginBtn = document.getElementById('login_btn');
+
+ loginBtn.addEventListener('click', () => {
+ sessionStorage.setItem('userid', document.getElementById('username').value);
+ });
+ </script>
</div>
</body>
</html>
\ No newline at end of file