From 9f8257c40e78ee725e9158f4911fbce20c0bafe0 Mon Sep 17 00:00:00 2001
From: nahwasa <nahwasa@gmail.com>
Date: Tue, 7 Feb 2023 23:19:22 +0900
Subject: [PATCH 1/2] =?UTF-8?q?=EB=B8=94=EB=A1=9C=EA=B7=B8=EC=97=90?=
 =?UTF-8?q?=EC=84=9C=20=EC=8A=A4=ED=94=84=EB=A7=81=20=EC=8B=9C=ED=81=90?=
 =?UTF-8?q?=EB=A6=AC=ED=8B=B0=EB=A5=BC=20=EB=B6=99=EC=97=AC=EB=82=98?=
 =?UTF-8?q?=EA=B0=80=EB=8A=94=20=EA=B3=BC=EC=A0=95=EC=9D=84=20=EB=B3=B4?=
 =?UTF-8?q?=EA=B8=B0=20=EC=9C=84=ED=95=B4=20=EC=8B=9C=ED=81=90=EB=A6=AC?=
 =?UTF-8?q?=ED=8B=B0=20=EA=B4=80=EB=A0=A8=EB=90=9C=20=EB=82=B4=EC=9A=A9?=
 =?UTF-8?q?=EC=9D=84=20=EB=AA=A8=EB=91=90=20=EC=A0=9C=EC=99=B8=ED=95=9C=20?=
 =?UTF-8?q?=ED=94=84=EB=A1=9C=EC=A0=9D=ED=8A=B8.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
 build.gradle &#124; 2 -
 .../config/AdminAuthorize.java &#124; 14 ------
 .../config/MyUserDetailService.java &#124; 34 ---------------
 .../config/SpringSecurityConfig.java &#124; 43 -------------------
 .../config/UserAuthorize.java &#124; 14 ------
 .../controller/AuthorizationController.java &#124; 2 -
 .../controller/LoginController.java &#124; 30 +++++++++++++
 .../controller/ViewController.java &#124; 10 +----
 .../domain/Member.java &#124; 5 +--
 .../dto/MemberLoginDto.java &#124; 23 ++++++++++
 .../service/MemberService.java &#124; 8 ++++
 .../service/RegisterMemberService.java &#124; 7 +--
 src/main/resources/data.sql &#124; 4 +-
 13 files changed, 68 insertions(+), 128 deletions(-)
 delete mode 100644 src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/AdminAuthorize.java
 delete mode 100644 src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/MyUserDetailService.java
 delete mode 100644 src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/SpringSecurityConfig.java
 delete mode 100644 src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/UserAuthorize.java
 create mode 100644 src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/LoginController.java
 create mode 100644 src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/dto/MemberLoginDto.java
diff --git a/build.gradle b/build.gradle
index 89aeeb7..4a7a1ae 100644
--- a/build.gradle
+++ b/build.gradle
@@ -13,14 +13,12 @@ repositories {
 }
 
 dependencies {
- implementation 'org.springframework.boot:spring-boot-starter-security'
 implementation 'org.springframework.boot:spring-boot-starter-web'
 implementation 'org.apache.tomcat.embed:tomcat-embed-jasper'
 implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
 runtimeOnly 'com.h2database:h2'
 
 testImplementation 'org.springframework.boot:spring-boot-starter-test'
- testImplementation 'org.springframework.security:spring-security-test'
 }
 
 tasks.named('test') {
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/AdminAuthorize.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/AdminAuthorize.java
deleted file mode 100644
index ddc81e5..0000000
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/AdminAuthorize.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package com.nahwasa.springsecuritybasicsettingforspringboot3.config;
-
-import org.springframework.security.access.prepost.PreAuthorize;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-@Target({ ElementType.METHOD, ElementType.TYPE })
-@Retention(RetentionPolicy.RUNTIME)
-@PreAuthorize("hasAnyRole('ADMIN')")
-public @interface AdminAuthorize {
-}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/MyUserDetailService.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/MyUserDetailService.java
deleted file mode 100644
index 6b4d315..0000000
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/MyUserDetailService.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package com.nahwasa.springsecuritybasicsettingforspringboot3.config;
-
-import com.nahwasa.springsecuritybasicsettingforspringboot3.domain.Member;
-import com.nahwasa.springsecuritybasicsettingforspringboot3.service.MemberService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.stereotype.Component;
-
-import java.util.Optional;
-
-@Component
-public class MyUserDetailService implements UserDetailsService {
- private final MemberService memberService;
-
- @Autowired
- public MyUserDetailService(MemberService memberService) {
- this.memberService = memberService;
- }
-
- @Override
- public UserDetails loadUserByUsername(String insertedUserId) throws UsernameNotFoundException {
- Optional<member> findOne = memberService.findOne(insertedUserId);
- Member member = findOne.orElseThrow(() -> new UsernameNotFoundException("없는 회원입니다 ᅲ"));
-
- return User.builder()
- .username(member.getUserid())
- .password(member.getPw())
- .roles(member.getRoles())
- .build();
- }
-}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/SpringSecurityConfig.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/SpringSecurityConfig.java
deleted file mode 100644
index a060d31..0000000
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/SpringSecurityConfig.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package com.nahwasa.springsecuritybasicsettingforspringboot3.config;
-
-import jakarta.servlet.DispatcherType;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.web.SecurityFilterChain;
-
-import static org.springframework.security.config.Customizer.withDefaults;
-
-@Configuration
-@EnableMethodSecurity
-public class SpringSecurityConfig {
-
- @Bean
- public PasswordEncoder passwordEncoder() {
- return new BCryptPasswordEncoder();
- }
-
- @Bean
- public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
- http.csrf().disable().cors().disable()
- .authorizeHttpRequests(request -> request
- .dispatcherTypeMatchers(DispatcherType.FORWARD).permitAll()
- .requestMatchers("/status", "/images/**", "/view/join", "/auth/join").permitAll()
- .anyRequest().authenticated()
- )
- .formLogin(login -> login
- .loginPage("/view/login")
- .loginProcessingUrl("/login-process")
- .usernameParameter("userid")
- .passwordParameter("pw")
- .defaultSuccessUrl("/view/dashboard", true)
- .permitAll()
- )
- .logout(withDefaults());
-
- return http.build();
- }
-}
\ No newline at end of file
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/UserAuthorize.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/UserAuthorize.java
deleted file mode 100644
index c75b3a5..0000000
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/config/UserAuthorize.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package com.nahwasa.springsecuritybasicsettingforspringboot3.config;
-
-import org.springframework.security.access.prepost.PreAuthorize;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-@Target({ ElementType.METHOD, ElementType.TYPE })
-@Retention(RetentionPolicy.RUNTIME)
-@PreAuthorize("hasAnyRole('USER')")
-public @interface UserAuthorize {
-}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/AuthorizationController.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/AuthorizationController.java
index b552b6d..b64538b 100644
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/AuthorizationController.java
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/AuthorizationController.java
@@ -11,14 +11,12 @@
 @RestController
 @RequestMapping("/auth")
 public class AuthorizationController {
-
 private final RegisterMemberService registerMemberService;
 
 public AuthorizationController(RegisterMemberService registerMemberService) {
 this.registerMemberService = registerMemberService;
 }
 
-
 @PostMapping("/join")
 public ResponseEntity<string> join(@RequestBody MemberJoinDto dto) {
 try {
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/LoginController.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/LoginController.java
new file mode 100644
index 0000000..e95856e
--- /dev/null
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/LoginController.java
@@ -0,0 +1,30 @@
+package com.nahwasa.springsecuritybasicsettingforspringboot3.controller;
+
+import com.nahwasa.springsecuritybasicsettingforspringboot3.dto.MemberLoginDto;
+import com.nahwasa.springsecuritybasicsettingforspringboot3.service.MemberService;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+@RequestMapping("/")
+public class LoginController {
+ private final MemberService memberService;
+
+ public LoginController(MemberService memberService) {
+ this.memberService = memberService;
+ }
+
+ @PostMapping("/login-process")
+ public String login(MemberLoginDto dto) {
+ boolean isValidMember = memberService.isValidMember(dto.getUserid(), dto.getPw());
+ if (isValidMember)
+ return "dashboard";
+ return "login";
+ }
+
+ @PostMapping("/logout")
+ public String logout() {
+ return "login";
+ }
+}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/ViewController.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/ViewController.java
index 9902b7c..572fe9f 100644
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/ViewController.java
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/controller/ViewController.java
@@ -1,9 +1,5 @@
 package com.nahwasa.springsecuritybasicsettingforspringboot3.controller;
 
-import com.nahwasa.springsecuritybasicsettingforspringboot3.config.AdminAuthorize;
-import com.nahwasa.springsecuritybasicsettingforspringboot3.config.UserAuthorize;
-import org.springframework.security.core.annotation.AuthenticationPrincipal;
-import org.springframework.security.core.userdetails.User;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -24,20 +20,16 @@ public String joinPage() {
 }
 
 @GetMapping("/dashboard")
- public String dashboardPage(@AuthenticationPrincipal User user, Model model) {
- model.addAttribute("loginId", user.getUsername());
- model.addAttribute("loginRoles", user.getAuthorities());
+ public String dashboardPage(Model model) {
 return "dashboard";
 }
 
 @GetMapping("/setting/admin")
- @AdminAuthorize
 public String adminSettingPage() {
 return "admin_setting";
 }
 
 @GetMapping("/setting/user")
- @UserAuthorize
 public String userSettingPage() {
 return "user_setting";
 }
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/domain/Member.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/domain/Member.java
index 988e372..636efc0 100644
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/domain/Member.java
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/domain/Member.java
@@ -1,7 +1,6 @@
 package com.nahwasa.springsecuritybasicsettingforspringboot3.domain;
 
 import jakarta.persistence.*;
-import org.springframework.security.crypto.password.PasswordEncoder;
 
 @Entity
 public class Member {
@@ -25,8 +24,8 @@ private Member(Long id, String userid, String pw, String roleUser) {
 
 protected Member() {}
 
- public static Member createUser(String userId, String pw, PasswordEncoder passwordEncoder) {
- return new Member(null, userId, passwordEncoder.encode(pw), "USER");
+ public static Member createUser(String userId, String pw) {
+ return new Member(null, userId, pw, "USER");
 }
 
 public Long getId() {
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/dto/MemberLoginDto.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/dto/MemberLoginDto.java
new file mode 100644
index 0000000..1210e5a
--- /dev/null
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/dto/MemberLoginDto.java
@@ -0,0 +1,23 @@
+package com.nahwasa.springsecuritybasicsettingforspringboot3.dto;
+
+public class MemberLoginDto {
+
+ private String userid;
+ private String pw;
+
+ public String getUserid() {
+ return userid;
+ }
+
+ public void setUserid(String userid) {
+ this.userid = userid;
+ }
+
+ public String getPw() {
+ return pw;
+ }
+
+ public void setPw(String pw) {
+ this.pw = pw;
+ }
+}
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/MemberService.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/MemberService.java
index 999310d..c2e7314 100644
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/MemberService.java
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/MemberService.java
@@ -19,4 +19,12 @@ public MemberService(MemberRepository repository) {
 public Optional<member> findOne(String userId) {
 return repository.findByUserid(userId);
 }
+
+ public boolean isValidMember(String userId, String password) {
+ Optional<member> member = findOne(userId);
+ if (member.isPresent()) {
+ return member.get().getPw().equals(password);
+ }
+ return false;
+ }
 }
diff --git a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/RegisterMemberService.java b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/RegisterMemberService.java
index 636cfca..b776918 100644
--- a/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/RegisterMemberService.java
+++ b/src/main/java/com/nahwasa/springsecuritybasicsettingforspringboot3/service/RegisterMemberService.java
@@ -3,22 +3,19 @@
 import com.nahwasa.springsecuritybasicsettingforspringboot3.domain.Member;
 import com.nahwasa.springsecuritybasicsettingforspringboot3.repository.MemberRepository;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 
 @Service
 public class RegisterMemberService {
- private final PasswordEncoder passwordEncoder;
 private final MemberRepository repository;
 
 @Autowired
- public RegisterMemberService(PasswordEncoder passwordEncoder, MemberRepository repository) {
- this.passwordEncoder = passwordEncoder;
+ public RegisterMemberService(MemberRepository repository) {
 this.repository = repository;
 }
 
 public Long join(String userid, String pw) {
- Member member = Member.createUser(userid, pw, passwordEncoder);
+ Member member = Member.createUser(userid, pw);
 validateDuplicateMember(member);
 repository.save(member);
 
diff --git a/src/main/resources/data.sql b/src/main/resources/data.sql
index ea7af6c..5566c47 100644
--- a/src/main/resources/data.sql
+++ b/src/main/resources/data.sql
@@ -1,2 +1,2 @@
-insert into member(userid, pw, roles) values ('nahwasa', '2ドルa12ドル$jcKXsj4ZAIkGgZdnUQ6EcOduMlurEtX7Szjhr.kQp2iQXNucjZMI6', 'ADMIN');
-insert into member(userid, pw, roles) values ('user', '2ドルa12ドル$jcKXsj4ZAIkGgZdnUQ6EcOduMlurEtX7Szjhr.kQp2iQXNucjZMI6', 'USER');
\ No newline at end of file
+insert into member(userid, pw, roles) values ('nahwasa', '1234', 'ADMIN');
+insert into member(userid, pw, roles) values ('user', '1234', 'USER');
\ No newline at end of file
From 134b2468f6fbb155fac1e08d0bb7ae2670650397 Mon Sep 17 00:00:00 2001
From: nahwasa <nahwasa@gmail.com>
Date: Tue, 7 Feb 2023 23:32:09 +0900
Subject: [PATCH 2/2] =?UTF-8?q?=EB=B8=94=EB=A1=9C=EA=B7=B8=EC=97=90?=
 =?UTF-8?q?=EC=84=9C=20=EC=8A=A4=ED=94=84=EB=A7=81=20=EC=8B=9C=ED=81=90?=
 =?UTF-8?q?=EB=A6=AC=ED=8B=B0=EB=A5=BC=20=EB=B6=99=EC=97=AC=EB=82=98?=
 =?UTF-8?q?=EA=B0=80=EB=8A=94=20=EA=B3=BC=EC=A0=95=EC=9D=84=20=EB=B3=B4?=
 =?UTF-8?q?=EA=B8=B0=20=EC=9C=84=ED=95=B4=20=EC=8B=9C=ED=81=90=EB=A6=AC?=
 =?UTF-8?q?=ED=8B=B0=20=EA=B4=80=EB=A0=A8=EB=90=9C=20=EB=82=B4=EC=9A=A9?=
 =?UTF-8?q?=EC=9D=84=20=EB=AA=A8=EB=91=90=20=EC=A0=9C=EC=99=B8=ED=95=9C=20?=
 =?UTF-8?q?=ED=94=84=EB=A1=9C=EC=A0=9D=ED=8A=B8=20-=20=ED=94=84=EB=A1=A0?=
 =?UTF-8?q?=ED=8A=B8=EB=8F=84=20sessionStorage=EC=97=90=20id=20=EB=8B=B4?=
 =?UTF-8?q?=EC=95=84=EB=91=90=EB=8F=84=EB=A1=9D=20=EB=B3=80=EA=B2=BD=20?=
 =?UTF-8?q?=E3=85=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
 src/main/webapp/WEB-INF/views/dashboard.jsp &#124; 18 +++++++++++++-----
 src/main/webapp/WEB-INF/views/login.jsp &#124; 10 +++++++++-
 2 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/src/main/webapp/WEB-INF/views/dashboard.jsp b/src/main/webapp/WEB-INF/views/dashboard.jsp
index 2fb9eeb..0112a25 100644
--- a/src/main/webapp/WEB-INF/views/dashboard.jsp
+++ b/src/main/webapp/WEB-INF/views/dashboard.jsp
@@ -16,13 +16,11 @@
 <h3>nahwasa.com</h3>
 
 <h3>접속 아이디</h3>
- <p>
- ${loginId}
+ 
 <hr/>
 <h3>역할</h3>
- <p>
- ${loginRoles}
+ 
 <hr/>
 <h3>역할에 따른 페이지 이동 권한 확인</h3>
@@ -32,8 +30,18 @@
 </p>
 <hr/>
 <form method="post" action="/index.cgi/contrast/https://github.com/logout">
- <button type="submit">로그아웃</button>
+ <button type="submit" id="logout_btn">로그아웃</button>
 </form>
+
+ 
 </div>
 </div><div class="naked_ctrl">
<form action="/index.cgi/contrast" method="get" name="gate">
<p><a href="http://altstyle.alfasado.net">AltStyle</a> によって変換されたページ <a href="https://github.com/nahwasa/spring-security-basic-setting-for-spring-boot-3/compare/main...base-without-spring-security.patch">(-&gt;オリジナル)</a>
/ <label>アドレス: <input type="text" name="naked_post_url" value="https://github.com/nahwasa/spring-security-basic-setting-for-spring-boot-3/compare/main...base-without-spring-security.patch" size="22" /></label> <label>モード: <select name="naked_post_mode">
<option value="default">デフォルト</option>
<option value="speech">音声ブラウザ</option>
<option value="ruby">ルビ付き</option>
<option value="contrast" selected="selected">配色反転</option>
<option value="larger-text">文字拡大</option>
<option value="mobile">モバイル</option>
</select>
<input type="submit" value="表示" />
</p>
</form>
</div>		
</body>
 </html>
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/views/login.jsp b/src/main/webapp/WEB-INF/views/login.jsp
index 916baad..692126c 100644
--- a/src/main/webapp/WEB-INF/views/login.jsp
+++ b/src/main/webapp/WEB-INF/views/login.jsp
@@ -27,12 +27,20 @@
 <label for="password">비밀번호</label>
 <input type="password" id="password" name="pw" placeholder="비밀번호" required="">
 </p>
- <button type="submit">로그인</button>
+ <button type="submit" id="login_btn">로그인</button>
 </form>
 
 <form method="get" action="/index.cgi/contrast/https://github.com/view/join">
 <button type="submit">회원가입하기</button>
 </form>
+
+ 
 </div>
 </body>
 </html>
\ No newline at end of file