1. Dependency
<!-- security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
</dependency>
<!-- jwt Dependencies -->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.1.0</version>
</dependency>2. UserPrincipal
UserPrincipal.java
- MemberWrapper와 같은 역할
- db에 role이 없어서 하드코딩해둠
- 개발중인 사이트가 권한구분이 없고, 일반 사용자는 일반 사이트, 어드민은 로그인 시에만 접근할 수 있기때문에 null로 해도될 것 같음
// Wrap UserEntity to UserDetails, which Spring Security uses.
// MemberWrapper와 같은 역할
public class UserPrincipal implements UserDetails {
private MemberVO realMember;
public MemberVO getRealMember() {
return realMember;
}
public UserPrincipal(MemberVO realMember) {
this.realMember=realMember;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Collections.singleton(new SimpleGrantedAuthority("ROLE_ADMIN")); // 원래는 null 이었음
}
@Override
public String getPassword() {
return realMember.getMemPw();
}
@Override
public String getUsername() {
return realMember.getMemId();
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}UserPrincipalDetailService.java
public class UserPrincipalDetailsService implements UserDetailsService {
private MemberMapper memberMapper;
@Autowired
public UserPrincipalDetailsService(MemberMapper memberMapper) {
this.memberMapper = memberMapper;
}
@Override
public UserDetails loadUserByUsername(String memId) throws UsernameNotFoundException {
MemberVO member = memberMapper.selectMember(memId);
if(member==null) throw new UsernameNotFoundException("Username \"$memId\" not found");
UserDetails user = new UserPrincipal(member);
return user;
}
}2. Configuration
SecurityConfig.java
WebConfig.java
참고자료
갈 길이 멀다