Java 관련/Spring Legecy

[Spring] security(비밀번호 암호화)

씨네 2022. 4. 8. 12:56
728x90

우선 mymemberregist.jsp에서 PW 부분 input type="password"로 바꿔주세요!!

			<tr>
				<th>PW</th>
				<td><input type="password" name="memberpw" /></td>
			</tr>

27. pom.xml : spring-security-web

		<!-- spring-security-web -->
		<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-web -->
		<dependency>
		    <groupId>org.springframework.security</groupId>
		    <artifactId>spring-security-web</artifactId>
		    <version>${org.springframework-version}</version>
		</dependency>

28. /WEB-INF/spring/appServlet/security-context.xml (security)

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

	<bean id="bcryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />

</beans>

29. web.xml

이제 Controller에서

	@RequestMapping(value="registres.do", method=RequestMethod.POST)
	public String registRes(MYMemberDto dto) {
		logger.info("[Controller] : registres.do");
		
		System.out.println("암호화 전 : " + dto.getMemberpw());
		passwordEncoder.encode(dto.getMemberpw());
		System.out.println("암호화 후 : " + dto.getMemberpw());
		
		if(biz.registRes(dto) > 0) {
			return "redirect:loginform.do";
		}
		return "redirect:registform.do";
	}

registres.do로 이동했을때 암호화를 시키는코드로 수정하면 회원가입 시 password가 암호화 되어있을겁니다.

30. mymember-mapper.xml (login에서 'AND MEMBERPW = #{memberpw}' 삭제)

	<select id="login" parameterType="myMemberDto" resultType="myMemberDto">
		SELECT MEMBERNO, MEMBERID, MEMBERPW, MEMBERNAME
		FROM MYNOMEMBER
		WHERE MEMBERID = #{memberid}
	</select>

비밀번호에 대한 조건문이 사라진다면 일단 id가 있는지부터 확인하고 비밀번호에 대한것은 

	@RequestMapping(value="/ajaxlogin.do", method=RequestMethod.POST)
	@ResponseBody
	public Map<String, Boolean> ajaxLogin(HttpSession session, @RequestBody MYMemberDto dto){
		logger.info("[Controller] : ajaxlogin.do");
		
		MYMemberDto res = biz.login(dto);
		boolean check = false;
		if(res != null) {
			
			if(passwordEncoder.matches(dto.getMemberpw(), res.getMemberpw())) {
				
				session.setAttribute("login", res);
				check = true;
			} else {
				logger.info("[Controller] : password failed");
			}
			
		}
		
		Map<String, Boolean> map = new HashMap<String, Boolean>();
		map.put("check", check);
		
		return map;
	}

해당 코드에서 db에 저장되어있는 비밀번호와 입력된 비밀번호를 매치시켜서 확인합니다.

728x90