관련 Dto 생성 -> controller 생성 -> filterchain 설정(접속권한 부여)
DTO 생성
@Data
public class LoginDto {
private String usernameOrEmail;
private String password;
}
public class LoginDto {
private String usernameOrEmail;
private String password;
}
@Data
public class SignUpDto {
private String name;
private String username;
private String email;
private String password;
}
public class SignUpDto {
private String name;
private String username;
private String email;
private String password;
}
AuthController 생성
@RestController
@RequestMapping("/api/auth")
public class AuthController {
@Autowired
AuthenticationManager authenticationManager;
@Autowired
UserRepository userRepository;
@Autowired
RoleRepository roleRepository;
@Autowired
PasswordEncoder passwordEncoder;
private final ModelMapper mapper;
@Autowired
public AuthController(ModelMapper mapper) {
this.mapper = mapper;
}
@PostMapping("/sign-in")
public ResponseEntity<String> autheticateUser(@RequestBody LoginDto loginDto) {
Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
loginDto.getUsernameOrEmail(), loginDto.getPassword()));
SecurityContextHolder.getContext().setAuthentication(authentication);
return new ResponseEntity<>("User signed-in successfully", HttpStatus.OK);
}
@PostMapping("/sign-up")
public ResponseEntity<?> registerUser(@RequestBody SignUpDto signUpDto){
if (userRepository.existsByUsername(signUpDto.getUsername())) {
return new ResponseEntity<>("Username is already exits", HttpStatus.BAD_REQUEST);
}
if (userRepository.existsByEmail(signUpDto.getEmail())) {
return new ResponseEntity<>("Email is already exits", HttpStatus.BAD_REQUEST);
}
User user = mapper.map(signUpDto, User.class);
user.setPassword(passwordEncoder.encode(signUpDto.getPassword()));
Role roles = roleRepository.findByName("ROLE_ADMIN").get();
user.setRoles(Collections.singleton(roles));
userRepository.save(user);
return new ResponseEntity<>("User registered OK", HttpStatus.OK);
}
}
@RequestMapping("/api/auth")
public class AuthController {
@Autowired
AuthenticationManager authenticationManager;
@Autowired
UserRepository userRepository;
@Autowired
RoleRepository roleRepository;
@Autowired
PasswordEncoder passwordEncoder;
private final ModelMapper mapper;
@Autowired
public AuthController(ModelMapper mapper) {
this.mapper = mapper;
}
@PostMapping("/sign-in")
public ResponseEntity<String> autheticateUser(@RequestBody LoginDto loginDto) {
Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
loginDto.getUsernameOrEmail(), loginDto.getPassword()));
SecurityContextHolder.getContext().setAuthentication(authentication);
return new ResponseEntity<>("User signed-in successfully", HttpStatus.OK);
}
@PostMapping("/sign-up")
public ResponseEntity<?> registerUser(@RequestBody SignUpDto signUpDto){
if (userRepository.existsByUsername(signUpDto.getUsername())) {
return new ResponseEntity<>("Username is already exits", HttpStatus.BAD_REQUEST);
}
if (userRepository.existsByEmail(signUpDto.getEmail())) {
return new ResponseEntity<>("Email is already exits", HttpStatus.BAD_REQUEST);
}
User user = mapper.map(signUpDto, User.class);
user.setPassword(passwordEncoder.encode(signUpDto.getPassword()));
Role roles = roleRepository.findByName("ROLE_ADMIN").get();
user.setRoles(Collections.singleton(roles));
userRepository.save(user);
return new ResponseEntity<>("User registered OK", HttpStatus.OK);
}
}
SecurityFilterChain 설정
.requestMatchers("/api/auth/**").permitAll()
'Spring > spring secutiry' 카테고리의 다른 글
| spring security 6.1 mysql authentication(개정 생성, login) (0) | 2023.06.11 |
|---|---|
| spring security login basic 기본적인 로그인 관련-in memory 방식 (0) | 2023.06.11 |