728x90
반응형
기존 [Spring]MVC_1. 기본설정 순서
[Spring]MVC_2. filter, aop
[Spring]MVC_3.로그인
[Spring]MVC_4.Interceptor, Transaction 에 이어서 진행한다.
* security는 살짝 맛보기만 해보았다.
security 설정 순서
26. pom.xml : spring-security-web
27. WEb-INF/spring/appServlet/security-context.xml
28. web.xml/ security-context추가
29. 회원가입 기능 : dao, biz, controller
30. member-mapper.xml : login sql에서 password 조건 삭제
▶︎ security-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="bcryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
</beans>▶︎ web.xml: 기존내용 중 param-value에 /WEB-INF/spring/appServlet/security-context.xml 추가
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/appServlet/servlet-context.xml
/WEB-INF/spring/appServlet/aop-context.xml
/WEB-INF/spring/appServlet/security-context.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>▶︎ Controller에 변수 BCryptPasswordEncoder를 추가하고 회원가입을 위한 register 메소드 작성
package com.mvc.upgrade.controller;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import com.mvc.upgrade.model.biz.MyMemberBiz;
import com.mvc.upgrade.model.dto.MyMemberDto;
@Controller
public class MyMemberController {
@Autowired
private MyMemberBiz biz;
@Autowired
private BCryptPasswordEncoder passwordEncoder;
@RequestMapping("/loginform.do")
public String loginForm() {
return "mylogin";
}
@RequestMapping(value="/ajaxlogin.do", method=RequestMethod.POST)
@ResponseBody
public Map<String, Boolean> ajaxLogin(@RequestBody MyMemberDto dto, HttpSession session){
/*
* @RequestBody : request 객체를 통해 넘어온 데이터를 java 객체에 binding
* @ResponseBody : response 객체의 데이터로 binding
*/
MyMemberDto res = biz.login(dto);
System.out.println(res.getMemberid() + " : " + res.getMemberpw());
boolean check = false;
if(res!=null) {
// mathches(내가 보내준 pw, db에 저장된 암호화된 pw)
// 두개의 pw가 같은 값인지 확인
if(passwordEncoder.matches(dto.getMemberpw(), res.getMemberpw())) {
session.setAttribute("login", res);
check=true;
}
}
Map<String, Boolean> map = new HashMap<String, Boolean>();
map.put("check", check);
return map;
}
@RequestMapping("registerForm.do")
public String register() {
return "myregister";
}
@RequestMapping("register.do")
public String registerRes(MyMemberDto dto) {
System.out.println("암호화 전: " + dto.getMemberpw());
// 화면에서 넘어온 password를 암호화
dto.setMemberpw(passwordEncoder.encode(dto.getMemberpw()));
System.out.println("암호화 후: " + dto.getMemberpw());
if(biz.register(dto)>0) {
return "redirect:loginform.do";
}
return "redirect:registerForm.do";
}
}728x90
반응형
'Web > Spring' 카테고리의 다른 글
| [Spring]MVC_07.update (0) | 2020.11.07 |
|---|---|
| [Spring]MVC_06.file (0) | 2020.11.06 |
| [Spring]MVC_04.Interceptor, Transaction (0) | 2020.11.05 |
| [Spring]MVC_3.로그인 (0) | 2020.11.05 |
| [Spring]MVC_2. filter, aop 설정 (0) | 2020.11.04 |
