반응형
config패키지의 SecurityConfig.java에 fromLogin() 을 이용하여 로그인에 관련된 부분을 다룰 수 있다.
failureHandler와 successHandler로 실패 핸들러와 성공핸들러를 작성해보자
SecurityConfig.java
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/login").permitAll()
//.antMatchers("/admin").hasRole("ADMIN")
.antMatchers("/favicon.ico").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/authenticate")
.defaultSuccessUrl("/main")
.failureHandler(authenticationFailureHandler()) //로그인실패했을 때
.successHandler(successHandler()) //로그인성공했을 때
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login")
.deleteCookies("auth_code", "JSESSIONID")
.invalidateHttpSession(true)
.permitAll();
http.csrf().disable();
}
@Bean
public PasswordEncoder passwordEncoder()
{
return new BCryptPasswordEncoder();
}
//실패 핸들러
@Bean
public AuthenticationFailureHandler authenticationFailureHandler() {
return new CustomizeAuthenticationFailureHandler();
}
//성공 핸들러
@Bean
public AuthenticationSuccessHandler successHandler() {
return new AuthenticationSuccessHandler();
}
실패핸들러 CustomizeAuthenticationFailureHandler.java
public class CustomizeAuthenticationFailureHandler implements AuthenticationFailureHandler{
@Autowired
private UserDao userDao;
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
// TODO Auto-generated method stub
String msg = "";
String ID = request.getParameter("username");
String PW = request.getParameter("password");
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
String password = userDao.check_account(ID);
if(password == null || password.equals("")) {
msg = "NotFound";
}
boolean result = encoder.matches(PW, password);
if(result == false) {
msg = "NotFound";
}
//msg = URLEncoder.encode(msg, "UTF-8");
response.sendRedirect("/login?msg="+msg);
}
}
성공핸들러 (CustomizeAuthenticationSuccessHandler.java)
public class CustomizeAuthenticationSuccessHandler implements AuthenticationSuccessHandler{
@Autowired
private MemberServiceImpl memberService;
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException, ServletException {
// TODO Auto-generated method stub
HttpSession session = request.getSession();
if(session != null){
String name = authentication.getName();
MemberVo member = (MemberVo)session.getAttribute("LoginMember");
if(member == null)
{
member = memberService.getMemberDetail(name);
session.setAttribute("LoginMember", member);
}
}
response.sendRedirect("/main");
}
}
핸들러 파일은 securityConfig.java 와 같은 뎁스에 만들면 됨
'자바' 카테고리의 다른 글
| Autowired해줬는데도 NullException뜰 때 [Java, Spring Boot] (0) | 2024.02.19 |
|---|---|
| jasypt 라이브러리를 이용해 민감정보 숨기기 [Java, Spring Boot, jasypt] (0) | 2021.06.23 |
| 스프링 부트 스케쥴러 생성 [Java, Spring Boot, Scheduler] (0) | 2021.06.23 |
| 백엔드에서 카카오 맵 API 요청하기 [Java, REST API, Kakao Map] (0) | 2021.06.23 |
