From af707c262a99bf4e7931b5fc3600d84fab1f339f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EA=B0=95=EC=84=9D=20=EC=B5=9C?= <cks0504_p@daum.net>
Date: Mon, 22 Nov 2021 18:33:19 +0900
Subject: [PATCH] =?UTF-8?q?=EC=A4=91=EA=B0=84=EC=A0=80=EC=9E=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitignore                                    | 37 ++++++++++++
 .jpb/persistence-units.xml                    | 12 ++++
 build.gradle                                  | 22 +++----
 .../config/WebSecurityConfig.java             | 47 +++++----------
 .../kcgfilemanager/userInfo/UserInfo.java     | 57 ++++++-------------
 .../repository/UserInfoRepository.java        |  4 +-
 .../userInfo/service/UserInfoService.java     |  9 ++-
 src/main/resources/application.properties     |  2 +
 8 files changed, 102 insertions(+), 88 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 .jpb/persistence-units.xml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c2065bc
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,37 @@
+HELP.md
+.gradle
+build/
+!gradle/wrapper/gradle-wrapper.jar
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+bin/
+!**/src/main/**/bin/
+!**/src/test/**/bin/
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+out/
+!**/src/main/**/out/
+!**/src/test/**/out/
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+
+### VS Code ###
+.vscode/
diff --git a/.jpb/persistence-units.xml b/.jpb/persistence-units.xml
new file mode 100644
index 0000000..acbdf85
--- /dev/null
+++ b/.jpb/persistence-units.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="PersistenceUnitSettings">
+    <persistence-units>
+      <persistence-unit name="Default">
+        <packages>
+          <package value="com.dbnt.kcgfilemanager" />
+        </packages>
+      </persistence-unit>
+    </persistence-units>
+  </component>
+</project>
\ No newline at end of file
diff --git a/build.gradle b/build.gradle
index ebb643f..570ab26 100644
--- a/build.gradle
+++ b/build.gradle
@@ -19,16 +19,16 @@ repositories {
 }
 
 dependencies {
-    compileOnly 'org.projectlombok:lombok'
-    annotationProcessor 'org.projectlombok:lombok'
-    developmentOnly 'org.springframework.boot:spring-boot-devtools'
-    implementation 'org.springframework.boot:spring-boot-starter-web'
-    implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
-    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
+    compileOnly 'org.projectlombok:lombok:1.18.22'
+    annotationProcessor 'org.projectlombok:lombok:1.18.22'
+    developmentOnly 'org.springframework.boot:spring-boot-devtools:2.5.6'
+    implementation 'org.springframework.boot:spring-boot-starter-web:2.5.6'
+    implementation 'org.springframework.boot:spring-boot-starter-thymeleaf:2.5.6'
+    implementation 'org.springframework.boot:spring-boot-starter-data-jpa:2.5.6'
 
-    implementation 'org.springframework.boot:spring-boot-starter-security'
-    implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5'
-    implementation 'io.jsonwebtoken:jjwt:0.9.1'
+    implementation 'org.springframework.boot:spring-boot-starter-security:2.5.6'
+    implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5:3.0.4.RELEASE'
+    // implementation 'io.jsonwebtoken:jjwt:0.9.1'
 
     implementation group: 'org.mariadb.jdbc', name: 'mariadb-java-client', version: '2.7.0'
     implementation 'org.bgee.log4jdbc-log4j2:log4jdbc-log4j2-jdbc4.1:1.16'
@@ -36,8 +36,8 @@ dependencies {
 //    implementation group: 'org.webjars', name: 'bootstrap', version: '5.1.3'
 //    implementation group: 'org.webjars', name: 'popper.js', version: '2.9.3'
 
-    testImplementation 'org.springframework.boot:spring-boot-starter-test'
-    testImplementation 'org.springframework.security:spring-security-test'
+    testImplementation 'org.springframework.boot:spring-boot-starter-test:2.5.6'
+    testImplementation 'org.springframework.security:spring-security-test:5.5.1'
 }
 
 test {
diff --git a/src/main/java/com/dbnt/kcgfilemanager/config/WebSecurityConfig.java b/src/main/java/com/dbnt/kcgfilemanager/config/WebSecurityConfig.java
index 617ebf0..72eef7c 100644
--- a/src/main/java/com/dbnt/kcgfilemanager/config/WebSecurityConfig.java
+++ b/src/main/java/com/dbnt/kcgfilemanager/config/WebSecurityConfig.java
@@ -5,6 +5,8 @@ import lombok.RequiredArgsConstructor;
 import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.BeanIds;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
@@ -13,7 +15,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 @RequiredArgsConstructor
 @EnableWebSecurity
@@ -26,39 +28,20 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     public PasswordEncoder passwordEncoder(){
         return new Pbkdf2PasswordEncoder();
     }
-
     @Override
-    public void configure(WebSecurity web){
-        web.ignoring().requestMatchers(PathRequest.toStaticResources().atCommonLocations());
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userInfoService);
     }
-
+    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
     @Override
-    protected void configure(HttpSecurity http) throws Exception{
-        http.csrf().disable().authorizeRequests()
-                .anyRequest().permitAll()
-                .and()
-                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                .and()
-                .formLogin().disable();
-//        http.authorizeRequests()
-//                .antMatchers("/login", "/signup", "/user").permitAll()
-//                .anyRequest().authenticated() // 나머지 요청들은 권한의 종류에 상관 없이 권한이 있어야 접근 가능
-//                .and()
-//            .formLogin()
-//                .loginPage("/login")
-//                .defaultSuccessUrl("/")
-//                .and()
-//            .logout()
-//                .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
-//                .logoutSuccessUrl("/login")
-//                .invalidateHttpSession(true)
-//                .and()
-//            .exceptionHandling();
-
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.csrf().disable().authorizeRequests().antMatchers("/authenticate")
+                .permitAll().anyRequest().authenticated()
+                .and().exceptionHandling().and().sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
     }
-
-//    @Override
-//    protected void configure(AuthenticationManagerBuilder auth) throws Exception{
-//        auth.userDetailsService(userInfoService).passwordEncoder(passwordEncoder());
-//    }
 }
diff --git a/src/main/java/com/dbnt/kcgfilemanager/userInfo/UserInfo.java b/src/main/java/com/dbnt/kcgfilemanager/userInfo/UserInfo.java
index 0923de6..474014e 100644
--- a/src/main/java/com/dbnt/kcgfilemanager/userInfo/UserInfo.java
+++ b/src/main/java/com/dbnt/kcgfilemanager/userInfo/UserInfo.java
@@ -1,24 +1,29 @@
 package com.dbnt.kcgfilemanager.userInfo;
 
-import lombok.Getter;
+import lombok.AllArgsConstructor;
+import lombok.Data;
 import lombok.NoArgsConstructor;
-import lombok.Setter;
-import org.springframework.data.annotation.Id;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 
+import javax.persistence.*;
 import java.util.Collection;
 import java.util.Date;
 import java.util.HashSet;
 import java.util.Set;
 
-@Getter
-@Setter
+@Data
+@AllArgsConstructor
 @NoArgsConstructor
-public class UserInfo implements UserDetails {
+@Entity
+@Table(name = "USER_INFO")
+public class UserInfo{
     @Id
-    private int userSeq;
+    @GeneratedValue(strategy = GenerationType.SEQUENCE)
+    @Column(name = "user_seq", nullable = false)
+    private Integer userSeq;
+
     private String userId;
     private String password;
     private String name;
@@ -27,42 +32,12 @@ public class UserInfo implements UserDetails {
     private String userRole;
     private Date createDate;
 
-    @Override
-    public Collection<? extends GrantedAuthority> getAuthorities() {
-        Set<GrantedAuthority> roles = new HashSet<>();
-        for (String role : userRole.split(",")) {
-            roles.add(new SimpleGrantedAuthority(role));
-        }
-        return roles;
+    public Integer getUserSeq() {
+        return userSeq;
     }
 
-    @Override
-    public String getPassword() {
-        return password;
+    public void setUserSeq(Integer userSeq) {
+        this.userSeq = userSeq;
     }
 
-    @Override
-    public String getUsername() {
-        return userId;
-    }
-
-    @Override
-    public boolean isAccountNonExpired() {
-        return true;
-    }
-
-    @Override
-    public boolean isAccountNonLocked() {
-        return true;
-    }
-
-    @Override
-    public boolean isCredentialsNonExpired() {
-        return true;
-    }
-
-    @Override
-    public boolean isEnabled() {
-        return true;
-    }
 }
diff --git a/src/main/java/com/dbnt/kcgfilemanager/userInfo/repository/UserInfoRepository.java b/src/main/java/com/dbnt/kcgfilemanager/userInfo/repository/UserInfoRepository.java
index a1466cf..060698d 100644
--- a/src/main/java/com/dbnt/kcgfilemanager/userInfo/repository/UserInfoRepository.java
+++ b/src/main/java/com/dbnt/kcgfilemanager/userInfo/repository/UserInfoRepository.java
@@ -1,11 +1,11 @@
 package com.dbnt.kcgfilemanager.userInfo.repository;
 
 import com.dbnt.kcgfilemanager.userInfo.UserInfo;
-import org.springframework.data.repository.CrudRepository;
+import org.springframework.data.jpa.repository.JpaRepository;
 
 import java.util.Optional;
 
 
-public interface UserInfoRepository extends CrudRepository<UserInfo, String> {
+public interface UserInfoRepository extends JpaRepository<UserInfo, String> {
     Optional<UserInfo> findByUserId(String userId);
 }
diff --git a/src/main/java/com/dbnt/kcgfilemanager/userInfo/service/UserInfoService.java b/src/main/java/com/dbnt/kcgfilemanager/userInfo/service/UserInfoService.java
index 68b4e6e..e301ff5 100644
--- a/src/main/java/com/dbnt/kcgfilemanager/userInfo/service/UserInfoService.java
+++ b/src/main/java/com/dbnt/kcgfilemanager/userInfo/service/UserInfoService.java
@@ -3,12 +3,16 @@ package com.dbnt.kcgfilemanager.userInfo.service;
 import com.dbnt.kcgfilemanager.userInfo.UserInfo;
 import com.dbnt.kcgfilemanager.userInfo.repository.UserInfoRepository;
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+import java.util.ArrayList;
+
 @Service
 @RequiredArgsConstructor
 public class UserInfoService implements UserDetailsService {
@@ -23,7 +27,8 @@ public class UserInfoService implements UserDetailsService {
     }
 
     @Override
-    public UserInfo loadUserByUsername(String userId) throws UsernameNotFoundException {
-        return userInfoRepository.findByUserId(userId).orElseThrow(()->new UsernameNotFoundException(userId));
+    public UserDetails loadUserByUsername(String userId) throws UsernameNotFoundException {
+        UserInfo userInfo = userInfoRepository.findByUserId(userId).orElseThrow(()->new UsernameNotFoundException(userId));
+        return new User(userInfo.getUserId(), userInfo.getPassword(), new ArrayList<>());
     }
 }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index eacdbd9..004ac8f 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,3 +1,5 @@
+spring.jpa.show-sql=true
+spring.jpa.generate-ddl=false
 
 spring.datasource.driverClassName=net.sf.log4jdbc.sql.jdbcapi.DriverSpy
 spring.datasource.url=jdbc:log4jdbc:mariadb://106.247.244.146:57306/kcg_fm?characterEncoding=UTF-8&serverTimezone=UTC