Spring/spring secutiry
spring security 6.1 mysql signin, signup-rest api
slow333
2023. 6. 12. 00:12
관련 Dto 생성 -> controller 생성 -> filterchain 설정(접속권한 부여)
DTO 생성
@Data
public class LoginDto {
private String usernameOrEmail;
private String password;
}
public class LoginDto {
private String usernameOrEmail;
private String password;
}
@Data
public class SignUpDto {
private String name;
private String username;
private String email;
private String password;
}
public class SignUpDto {
private String name;
private String username;
private String email;
private String password;
}
AuthController 생성
@RestController
@RequestMapping("/api/auth")
public class AuthController {
@Autowired
AuthenticationManager authenticationManager;
@Autowired
UserRepository userRepository;
@Autowired
RoleRepository roleRepository;
@Autowired
PasswordEncoder passwordEncoder;
private final ModelMapper mapper;
@Autowired
public AuthController(ModelMapper mapper) {
this.mapper = mapper;
}
@PostMapping("/sign-in")
public ResponseEntity<String> autheticateUser(@RequestBody LoginDto loginDto) {
Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
loginDto.getUsernameOrEmail(), loginDto.getPassword()));
SecurityContextHolder.getContext().setAuthentication(authentication);
return new ResponseEntity<>("User signed-in successfully", HttpStatus.OK);
}
@PostMapping("/sign-up")
public ResponseEntity<?> registerUser(@RequestBody SignUpDto signUpDto){
if (userRepository.existsByUsername(signUpDto.getUsername())) {
return new ResponseEntity<>("Username is already exits", HttpStatus.BAD_REQUEST);
}
if (userRepository.existsByEmail(signUpDto.getEmail())) {
return new ResponseEntity<>("Email is already exits", HttpStatus.BAD_REQUEST);
}
User user = mapper.map(signUpDto, User.class);
user.setPassword(passwordEncoder.encode(signUpDto.getPassword()));
Role roles = roleRepository.findByName("ROLE_ADMIN").get();
user.setRoles(Collections.singleton(roles));
userRepository.save(user);
return new ResponseEntity<>("User registered OK", HttpStatus.OK);
}
}
@RequestMapping("/api/auth")
public class AuthController {
@Autowired
AuthenticationManager authenticationManager;
@Autowired
UserRepository userRepository;
@Autowired
RoleRepository roleRepository;
@Autowired
PasswordEncoder passwordEncoder;
private final ModelMapper mapper;
@Autowired
public AuthController(ModelMapper mapper) {
this.mapper = mapper;
}
@PostMapping("/sign-in")
public ResponseEntity<String> autheticateUser(@RequestBody LoginDto loginDto) {
Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
loginDto.getUsernameOrEmail(), loginDto.getPassword()));
SecurityContextHolder.getContext().setAuthentication(authentication);
return new ResponseEntity<>("User signed-in successfully", HttpStatus.OK);
}
@PostMapping("/sign-up")
public ResponseEntity<?> registerUser(@RequestBody SignUpDto signUpDto){
if (userRepository.existsByUsername(signUpDto.getUsername())) {
return new ResponseEntity<>("Username is already exits", HttpStatus.BAD_REQUEST);
}
if (userRepository.existsByEmail(signUpDto.getEmail())) {
return new ResponseEntity<>("Email is already exits", HttpStatus.BAD_REQUEST);
}
User user = mapper.map(signUpDto, User.class);
user.setPassword(passwordEncoder.encode(signUpDto.getPassword()));
Role roles = roleRepository.findByName("ROLE_ADMIN").get();
user.setRoles(Collections.singleton(roles));
userRepository.save(user);
return new ResponseEntity<>("User registered OK", HttpStatus.OK);
}
}
SecurityFilterChain 설정
.requestMatchers("/api/auth/**").permitAll()