From f7f8037e1f261da86d0016cc39ac2796cb44a413 Mon Sep 17 00:00:00 2001 From: kim_sang_ june <79149384+drbug2000@users.noreply.github.com> Date: Sun, 8 Sep 2024 01:01:33 +0900 Subject: [PATCH 1/3] [feat] SecurityConfig --- .../java/space/space_spring/config/SecurityConfig.java | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/main/java/space/space_spring/config/SecurityConfig.java b/src/main/java/space/space_spring/config/SecurityConfig.java index 96713a03..b6030745 100644 --- a/src/main/java/space/space_spring/config/SecurityConfig.java +++ b/src/main/java/space/space_spring/config/SecurityConfig.java @@ -5,6 +5,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.SecurityFilterChain; @Configuration @@ -18,6 +19,14 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti .csrf((csrfConfig) -> csrfConfig.disable() ) + // HTTP 인증 요구 비활성화 +// .authorizeHttpRequests(auth -> auth +// .anyRequest().authenticated() +// ) + // Session 사용 설정 해제 + .sessionManagement(session -> session + .sessionCreationPolicy(SessionCreationPolicy.STATELESS) + ) // h2 console 화면을 사용하기 위해 해당 옵션들 disable .headers((headerConfig) -> headerConfig.frameOptions(frameOptionsConfig -> From b4cfae7f3adef8f833741ebf065cebe3feedec2d Mon Sep 17 00:00:00 2001 From: kim_sang_ june <79149384+drbug2000@users.noreply.github.com> Date: Sun, 8 Sep 2024 01:07:53 +0900 Subject: [PATCH 2/3] [feat] password encoding in signup --- src/main/java/space/space_spring/config/SecurityConfig.java | 6 ++++++ src/main/java/space/space_spring/service/UserService.java | 4 +++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/main/java/space/space_spring/config/SecurityConfig.java b/src/main/java/space/space_spring/config/SecurityConfig.java index b6030745..e5168428 100644 --- a/src/main/java/space/space_spring/config/SecurityConfig.java +++ b/src/main/java/space/space_spring/config/SecurityConfig.java @@ -6,11 +6,17 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; @Configuration @EnableWebSecurity public class SecurityConfig { + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { diff --git a/src/main/java/space/space_spring/service/UserService.java b/src/main/java/space/space_spring/service/UserService.java index 95439c75..d5b21829 100644 --- a/src/main/java/space/space_spring/service/UserService.java +++ b/src/main/java/space/space_spring/service/UserService.java @@ -2,6 +2,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; import space.space_spring.dao.UserSpaceDao; @@ -35,6 +36,7 @@ public class UserService { private final JwtLoginProvider jwtLoginProvider; private final UserSpaceDao userSpaceDao; private final UserUtils userUtils; + private final PasswordEncoder passwordEncoder; @Transactional public Long signup(PostUserSignupRequest postUserSignupRequest) { @@ -45,7 +47,7 @@ public Long signup(PostUserSignupRequest postUserSignupRequest) { // TODO 2. 회원정보 db insert String email = postUserSignupRequest.getEmail(); - String password = postUserSignupRequest.getPassword(); + String password = passwordEncoder.encode(postUserSignupRequest.getPassword()); String userName = postUserSignupRequest.getUserName(); User saveUser = userDao.saveUser(email, password, userName, LOCAL); From 0537c6320ff83cd2286c8bb9e484c85a8b9be891 Mon Sep 17 00:00:00 2001 From: kim_sang_ june <79149384+drbug2000@users.noreply.github.com> Date: Sun, 8 Sep 2024 01:16:25 +0900 Subject: [PATCH 3/3] [feat] encoding password in login delete User.mathchPassword --- src/main/java/space/space_spring/entity/User.java | 4 +--- src/main/java/space/space_spring/service/UserService.java | 4 +++- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/java/space/space_spring/entity/User.java b/src/main/java/space/space_spring/entity/User.java index 120ed335..9bddd8b2 100644 --- a/src/main/java/space/space_spring/entity/User.java +++ b/src/main/java/space/space_spring/entity/User.java @@ -34,8 +34,6 @@ public void saveUser(String email, String password, String userName, UserSignupT initializeBaseEntityFields(); } - public boolean passwordMatch(String password) { - return this.password.equals(password); - } + } diff --git a/src/main/java/space/space_spring/service/UserService.java b/src/main/java/space/space_spring/service/UserService.java index d5b21829..9420a2d9 100644 --- a/src/main/java/space/space_spring/service/UserService.java +++ b/src/main/java/space/space_spring/service/UserService.java @@ -81,9 +81,11 @@ public PostLoginDto login(PostLoginDto.Request request) { } private void validatePassword(User userByEmail, String password) { - if (!userByEmail.passwordMatch(password)) { + String encodePassword = userByEmail.getPassword(); + if(!passwordEncoder.matches(password,encodePassword)){ throw new CustomException(PASSWORD_NO_MATCH); } + } @Transactional