์คํ๋ง/์ผํ๋ชฐ ํ๋ก์ ํธ
์คํ๋ง ์ํ๋ฆฌํฐ๋ฅผ ์ด์ฉํ ๋ก๊ทธ์ธ/๋ก๊ทธ์์
KIMHYEYUN
2022. 11. 21. 20:15
๋ฐ์ํ
๐ ์ฐธ๊ณ ํ ์ฑ
์์๋ WebSecurityConfigureAdapter๋ฅผ ํตํด security config๋ฅผ override ํ์ง๋ง, ์ฌ์ฉํ๊ณ ์๋ ๋ฒ์ ์์๋ ์ค๋ฅ ๋ฐ์!!
UserDetailService
- ๋ฐ์ดํฐ๋ฒ ์ด์ค์์ ํ์ ์ ๋ณด๋ฅผ ๊ฐ์ ธ์ค๋ ์ธํฐํ์ด์ค
loadUserByUsername()๋ฉ์๋๊ฐ ์กด์ฌํ๋ฉฐ, ํ์ ์ ๋ณด๋ฅผ ์กฐํํ์ฌ ์ฌ์ฉ์์ ์ ๋ณด์ ๊ถํ์ ๊ฐ๋ UserDetail ์ธํฐํ์ด์ค ๋ฐํ
UserDetail
- ์คํ๋ง ์ํ๋ฆฌํฐ์์ ํ์์ ์ ๋ณด๋ฅผ ๋ด๊ธฐ ์ํด์ ์ฌ์ฉํ๋ ์ธํฐํ์ด์ค
MemberService
@RequiredArgsConstructor
@Service
@Transactional
public class MemberService implements UserDetailsService {
/** ์๋ต **/
@Override
public UserDetails loadUserByUsername(String memberId) throws UsernameNotFoundException {
Member member = memberRepository.findByMemberId(memberId);
if (member == null) {
throw new UsernameNotFoundException(memberId);
}
return User.builder()
.username(member.getMemberId())
.password(member.getPassword())
.roles(member.getRole().toString())
.build();
}
}SecurityFilterChanin Bean ๋ฑ๋ก
์คํ๋ง ๊ณต์ ํ์ด์ง๋ฅผ ์ฐธ์กฐํ์ฌ ์ค์
@EnableWebSecurity
@RequiredArgsConstructor
@Configuration(proxyBeanMethods = false)
@ConditionalOnDefaultWebSecurity
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig {
@Autowired
MemberService memberService;
@Bean
@Order(SecurityProperties.BASIC_AUTH_ORDER)
public SecurityFilterChain filterChain(HttpSecurity http)throws Exception {
http
.csrf().disable()
.headers().frameOptions().disable()
.and()
.authorizeRequests()
.antMatchers("/", "/css/**", "/images/**", "/js/**", "/h2-console/**", "/member/**").permitAll()
.antMatchers("/", "/members/**").permitAll()
.and()
.formLogin()
.loginPage("/members/login")
.defaultSuccessUrl("/").permitAll()
.usernameParameter("memberId")
.failureUrl("/members/login/error")
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/members/logout"))
.logoutSuccessUrl("/");
return http.build();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
}http.formLogin()- http๋ฅผ ํตํด ๋ค์ด์ค๋ form ๊ธฐ๋ฐ request๋ฅผ ์ด์ฉํ์ฌ ๋ก๊ทธ์ธ์ ์ฒ๋ฆฌ
๋ก๊ทธ์ธ ํ ์คํธ
@SpringBootTest
@AutoConfigureMockMvc
@Transactional
@TestPropertySource(locations = "classpath:application-test.properties")
class MemberControllerTest {
@Autowired
private MemberController memberController;
@Autowired
private MockMvc mockMvc;
@Test
void ๋ก๊ทธ์ธ_์ฑ๊ณต_ํ
์คํธ() throws Exception {
String memberId = "test";
String password = "12345678";
this.createMember(memberId, password);
mockMvc.perform(formLogin().userParameter("memberId")
.loginProcessingUrl("/members/login")
.user(memberId).password(password)
).andExpect(SecurityMockMvcResultMatchers.authenticated());
}
private void createMember(String memberId, String password) {
MemberFormDto memberFormDto = new MemberFormDto();
memberFormDto.setMemberId(memberId);
memberFormDto.setPassword(password);
memberFormDto.setName("ํ
์คํธ");
memberFormDto.setPostCode(2222);
memberFormDto.setAddress("ํ
์คํธ");
memberFormDto.setAdditionalAddress("ํ
์คํธ");
memberController.join(memberFormDto);
}
@Test
void ๋ก๊ทธ์ธ_์คํจ_ํ
์คํธ() throws Exception {
String memberId = "test";
String password = "12345678";
this.createMember(memberId, password);
mockMvc.perform(formLogin().userParameter("memberId")
.loginProcessingUrl("/members/login")
.user(memberId).password("123456789")
).andExpect(SecurityMockMvcResultMatchers.unauthenticated());
}
}
๊ถํ์ ๋ฐ๋ผ, ํค๋์ ๋ํ๋๋ ๋ฉ๋ด ๋ณ๊ฒฝ
728x90
๋ฐ์ํ