2024-06-03 오늘의 TIL - Jwt (2)

기초설정

SecurityConfig 클래스 기본설정

JWT를 통한 인증/인가를 위해서 세션을 STATELESS 상태로 설정

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

				//csrf disable
        http
                .csrf((auth) -> auth.disable());

				//From 로그인 방식 disable
        http
                .formLogin((auth) -> auth.disable());

				//http basic 인증 방식 disable
        http
                .httpBasic((auth) -> auth.disable());

				//경로별 인가 작업
        http
                .authorizeHttpRequests((auth) -> auth
                .requestMatchers("/").permitAll()
				.requestMatchers("/admin").hasRole("ADMIN")
                .anyRequest().authenticated());

				//세션 설정
        http
                .sessionManagement((session) -> session
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS));

        return http.build();
    }
}

BCryptPaasswordEncoder 등록

@Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {

        return new BCryptPasswordEncoder();
    }

Entity 작성: user

@Entity
@Setter
@Getter
public class User {

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private int id;

    private String username;
    private String password;
    private String nickname;

    private String role;
}

Repository 작성

public interface UserRepository extends JpaRepository<User, Integer> {

}

application.properties 설정

spring.application.name=demo
spring.datasource.url=jdbc:{}
spring.datasource.username={}
spring.datasource.password={}

spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver


spring.jpa.show-sql=true
spring.jpa.database-platform=org.hibernate.dialect.MySQL8Dialect
spring.jpa.properties.hibernate.use_sql_comments=true

spring.jpa.database=mysql
spring.jpa.hibernate.ddl-auto=none
spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
spring.jpa.generate-ddl=false
spring.jpa.properties.hibernate.format_sql=true
spring.jpa.properties.hibernate.enable_lazy_load_no_trans=true

jwt.secret.key={}
jwt.expiration = {}

Dto, Controller, Service 작성

Dto

@Setter
@Getter
public class LoginDTO {

    private String username;
    private String password;
}

Controller

@Controller
@ResponseBody
public class LoginController {
    
    private final JoinService joinService;

    public JoinController(LoginService loginService) {
        
        this.loginService = loginService;
    }

    @PostMapping("/login")
    public String joinProcess(LoginDTO loginDTO) {

        System.out.println(loginDTO.getUsername());
        joinService.joinProcess(loginDTO);

        return "ok";
    }
}

Service

@Service
public class JoinService {

    private final UserRepository userRepository;
    private final BCryptPasswordEncoder bCryptPasswordEncoder;

    public JoinService(UserRepository userRepository, BCryptPasswordEncoder bCryptPasswordEncoder) {

        this.userRepository = userRepository;
        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
    }

    public void loginProcess(LoginDTO loginDTO) {

        String username = loginDTO.getUsername();
        String password = loginDTO.getPassword();

        Boolean isExist = userRepository.existsByUsername(username);

        if (isExist) {

            return;
        }

        UserEntity data = new UserEntity();

        data.setUsername(username);
        data.setPassword(bCryptPasswordEncoder.encode(password));
        data.setRole("ROLE_ADMIN");

        userRepository.save(data);
    }
}