커스터마이징2 - AuthenticationProvider

hellas4·2019년 11월 12일
0

Spring Security

목록 보기
7/9
post-thumbnail

이번 시간에는 form에서 입력한 로그인 정보와
DB에서 가져온 사용자의 정보를 비교하는 인터페이스인 AuthenticationProvider의 커스터마이징에 대해서 배웁니다.


AuthenticationProvider

특징

form에서 입력한 로그인 정보와 DB에서 가져온(UserDetailsServicce)사용자의 정보를 비교해주는 인터페이스이다.

authenticate() 메서드를 오버라이딩 하게 되는데,
사용자가 form에서 입력한 로그인정보를 담고 있는 Authentication 객체를 가지고 있다.

CustomAuthenticationProvider

package com.lec.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetailsService;

public class CustomAuthenticationProvider implements AuthenticationProvider{
	
	@Autowired
	private UserDetailsService userDetailsService;

	@SuppressWarnings("unchecked")
	@Override
	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        
        String username = (String) authentication.getPrincipal();
        String password = (String) authentication.getCredentials();
        
        CustomUserDetails user = (CustomUserDetails) userDetailsService.loadUserByUsername(username);
        
        if(!matchPassword(password, user.getPassword())) {
            throw new BadCredentialsException(username);
        }
 
        if(!user.isEnabled()) {
            throw new BadCredentialsException(username);
        }
        
        return new UsernamePasswordAuthenticationToken(username, password, user.getAuthorities());
    }
 
    @Override
    public boolean supports(Class<?> authentication) {
        return true;
    }
    
    private boolean matchPassword(String loginPwd, String password) {
        return loginPwd.equals(password);
    }

}

security-context.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:context="http://www.springframework.org/schema/context"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                                 http://www.springframework.org/schema/beans/spring-beans.xsd
                                 http://www.springframework.org/schema/security
                                 http://www.springframework.org/schema/security/spring-security.xsd
                                 http://www.springframework.org/schema/mvc https://www.springframework.org/schema/mvc/spring-mvc.xsd
                                 http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd">
                                 

		<context:component-scan base-package="com.lec.security"/>


        <http auto-config="true" use-expressions="false">
            <intercept-url pattern="/**" access="ROLE_USER" />
        </http>

        
		<authentication-manager>
			<authentication-provider ref="userAuthProvider"/>
		    <authentication-provider user-service-ref="userService"></authentication-provider>
		</authentication-manager>
		
		<beans:bean id="userService" class="com.lec.security.CustomUserDetailsService"/>
		<beans:bean id="userAuthProvider" class="com.lec.security.CustomAuthenticationProvider"/>

</beans:beans>
profile
Web 개발자 입니다.

0개의 댓글