반응형
암호화 작업을 하기 위하여 스프링 시큐리티를 사용하였다.
1. build.gradle에 추가
//build.gradle
//spring security
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5'
2. util
@EnableWebSecurity
@AllArgsConstructor
@Configuration
public class SpringSecurity{
/**
* 패스워드 암호화
* */
@Bean
public PasswordEncoder getPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.cors().disable()
.csrf().disable()
.formLogin().disable() //기본 로그인 페이지 없애기
.headers().frameOptions().disable();
return http.build();
}
}3. controller
//login
@Controller
@RequestMapping("/login")
public class LoginController {
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
private final LoginService loginService;
public LoginController(LoginService loginService) {
this.loginService = loginService;
}
@GetMapping
public String moveLogin(){
return "login/login";
}
@PostMapping
public String checkLogin(@RequestParam Map<String, Object> param) {
Map<String, Object> checkLogin = loginService.checkLogin(param);
boolean isMatch = passwordEncoder.matches((String)param.get("memberPw"), (String)checkLogin.get("MEMBER_PW"));
if (isMatch) return "redirect:/";
else return "redirect:/login";
}
}
//join
@Controller
@RequestMapping("/join")
public class JoinController {
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
private final JoinService joinService;
public JoinController(JoinService joinService) {
this.joinService = joinService;
}
@GetMapping
public String moveJoin(){
return "join/join";
}
@PostMapping
public String joinMember(@RequestParam Map<String, Object> param){
param.put("memberPw", passwordEncoder.encode(param.get("memberPw").toString()));
joinService.joinMember(param);
return "redirect:/";
}
}회원가입시 암호화 처리하여 저장하고, 로그인 할때 암호화된 데이터를 가지고 입력한 값과 비교한다.
반응형