[spring] 비밀번호 암호화

Study/Java

[spring] 비밀번호 암호화

momong'-' 2020. 7. 5. 20:35

UserService.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

package simple.user;
 
import java.util.List;
 
import org.springframework.security.crypto.password.PasswordEncoder;
 
 
public interface UserService {
    
    public List<UserVo> selectUserList(UserVo userVo);
 
    public UserVo selectUserOne(UserVo userVo);
    
    public int insertUser(UserVo userVo);
    
    public int updateUser(UserVo userVo);
    
    public int deleteUser(String userId);
    
    public PasswordEncoder passwordEncoder();
    
}
 
Colored by Color Scripter

cs

public PasswordEncoder passwordEncoder(); 추가

UserServiceImpl.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

package simple.user;
 
import java.util.List;
 
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
 
@Service
public class UserServiceImpl implements UserService {
    
    @Autowired
    private UserDao userDao;
    
    private PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
 
    @Override
    public List<UserVo> selectUserList(UserVo userVo) {
        return userDao.selectUserList(userVo);
    }
 
    @Override
    public UserVo selectUserOne(UserVo userVo) {
        return userDao.selectUserOne(userVo);
    }
 
    @Override
    public int insertUser(UserVo userVo) {
        String rawPassword = userVo.getPasswd();
        String encodePasswd = passwordEncoder.encode(rawPassword);
        userVo.setPasswd(encodePasswd);
        
        return userDao.insertUser(userVo);
    }
 
    @Override
    public int updateUser(UserVo userVo) {
        return userDao.updateUser(userVo);
    }
 
    @Override
    public int deleteUser(String userId) {
        return userDao.deleteUser(userId);
    }
 
    @Override
    public PasswordEncoder passwordEncoder() {
        return this.passwordEncoder;
    }
 
}
 
Colored by Color Scripter

cs

private PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();

@Override

public PasswordEncoder passwordEncoder() {

return this.passwordEncoder;

}

코드 추가

AuthProvider.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

package simple.configuration;
 
import java.util.ArrayList;
import java.util.List;
 
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.session.HttpSessionEventPublisher;
import org.springframework.stereotype.Component;
 
import com.barunsw.simple.user.UserService;
import com.barunsw.simple.user.UserVo;
 
@Component
public class AuthProvider implements AuthenticationProvider {
 
    @Autowired
    private UserService userService;
 
    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        
        String userIdInput = authentication.getName();
        String passwdInput = (String) authentication.getCredentials();
 
        // 패스워드 암호화
        PasswordEncoder passwordEncoder = userService.passwordEncoder();
        //String encoderPasswd = passwordEncoder.encode(passwdInput);
        
        UsernamePasswordAuthenticationToken token;
        
        UserVo userVo = userService.selectUserOne(new UserVo(userIdInput));
        
        if ( userVo != null && passwordEncoder.matches(passwdInput, userVo.getPasswd()) ) {
            List<GrantedAuthority> roles = new ArrayList<GrantedAuthority>();
            roles.add(new SimpleGrantedAuthority("USER"));
            
            token = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), roles);
            token.setDetails(userVo);
            
            System.out.println("Authentication 일치하는 id, passwd 존재");
            System.out.println("token" + token);
            
            return token;
        }
        else {
            System.out.println("Authentication 일치하는 id, passwd 없음");
            return null;
        }
        
    }
 
    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(UsernamePasswordAuthenticationToken.class);
    }
 
 
    
}
 
Colored by Color Scripter

cs

// 패스워드 암호화

PasswordEncoder passwordEncoder = userService.passwordEncoder();

//String encoderPasswd = passwordEncoder.encode(passwdInput);

UsernamePasswordAuthenticationToken token;

코드 추가하고 if문에 비밀번호검사 조건문 코드 작성