![[Spring] security(비밀번호 암호화)](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdna%2FuxeAg%2Fbtrnpe3j4eY%2FAAAAAAAAAAAAAAAAAAAAAMDB4t9urLghV2ZUgC4gupyNu4tUzaCRVRStZB2XS-Vw%2Fimg.png%3Fcredential%3DyqXZFxpELC7KVnFOS48ylbz2pIh7yKj8%26expires%3D1753973999%26allow_ip%3D%26allow_referer%3D%26signature%3DvQ08I6OnU3Xq2pmR%252FwujtCOiwio%253D)
728x90
우선 mymemberregist.jsp에서 PW 부분 input type="password"로 바꿔주세요!!
<tr>
<th>PW</th>
<td><input type="password" name="memberpw" /></td>
</tr>27. pom.xml : spring-security-web
<!-- spring-security-web -->
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-web -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${org.springframework-version}</version>
</dependency>
28. /WEB-INF/spring/appServlet/security-context.xml (security)
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="bcryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
</beans>
29. web.xml
이제 Controller에서
@RequestMapping(value="registres.do", method=RequestMethod.POST)
public String registRes(MYMemberDto dto) {
logger.info("[Controller] : registres.do");
System.out.println("암호화 전 : " + dto.getMemberpw());
passwordEncoder.encode(dto.getMemberpw());
System.out.println("암호화 후 : " + dto.getMemberpw());
if(biz.registRes(dto) > 0) {
return "redirect:loginform.do";
}
return "redirect:registform.do";
}registres.do로 이동했을때 암호화를 시키는코드로 수정하면 회원가입 시 password가 암호화 되어있을겁니다.
30. mymember-mapper.xml (login에서 'AND MEMBERPW = #{memberpw}' 삭제)
<select id="login" parameterType="myMemberDto" resultType="myMemberDto">
SELECT MEMBERNO, MEMBERID, MEMBERPW, MEMBERNAME
FROM MYNOMEMBER
WHERE MEMBERID = #{memberid}
</select>비밀번호에 대한 조건문이 사라진다면 일단 id가 있는지부터 확인하고 비밀번호에 대한것은
@RequestMapping(value="/ajaxlogin.do", method=RequestMethod.POST)
@ResponseBody
public Map<String, Boolean> ajaxLogin(HttpSession session, @RequestBody MYMemberDto dto){
logger.info("[Controller] : ajaxlogin.do");
MYMemberDto res = biz.login(dto);
boolean check = false;
if(res != null) {
if(passwordEncoder.matches(dto.getMemberpw(), res.getMemberpw())) {
session.setAttribute("login", res);
check = true;
} else {
logger.info("[Controller] : password failed");
}
}
Map<String, Boolean> map = new HashMap<String, Boolean>();
map.put("check", check);
return map;
}해당 코드에서 db에 저장되어있는 비밀번호와 입력된 비밀번호를 매치시켜서 확인합니다.
728x90
'Java 관련 > Spring Legecy' 카테고리의 다른 글
| Spring] update(버전설정 잡기) (0) | 2022.04.10 |
|---|---|
| [Spring] 파일 업로드 / 다운로드(file upload / download) (0) | 2022.04.09 |
| [Spring] transation(트랜잭션 - 원자성) (0) | 2022.04.07 |
| [Spring] Interceptor(인터셉터) (0) | 2022.04.06 |
| [Spring] Login / Regist(로그인 / 회원가입) (0) | 2022.04.05 |