Skip to content

<chapter8> 로그인 이슈 #79

Description

@leeseungeon92

package me.shinsunyoung.springbootdeveloper.config;

import lombok.RequiredArgsConstructor;
import me.shinsunyoung.springbootdeveloper.service.UserDetailService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

import static org.springframework.boot.autoconfigure.security.servlet.PathRequest.toH2Console;

@configuration
@EnableWebSecurity
@requiredargsconstructor
public class WebSecurityConfig {

private final UserDetailService userService;

@Bean
public WebSecurityCustomizer configure() {
    return (web) -> web.ignoring()
            .requestMatchers(toH2Console())
            .requestMatchers(new AntPathRequestMatcher("/static/**"));
}

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    return http
            .authorizeRequests(auth -> auth
                    .requestMatchers(
                            new AntPathRequestMatcher("/login"),
                            new AntPathRequestMatcher("/signup"),
                            new AntPathRequestMatcher("/user")
                    ).permitAll()
                    .anyRequest().authenticated())
            .formLogin(formLogin -> formLogin
                    .loginPage("/login")
                    .defaultSuccessUrl("/articles")
            )
            .logout(logout -> logout
                    .logoutSuccessUrl("/login")
                    .invalidateHttpSession(true)
            )
            .csrf(AbstractHttpConfigurer::disable)
            .build();
}

@Bean
public AuthenticationManager authenticationManager(HttpSecurity http,
                                                   BCryptPasswordEncoder bCryptPasswordEncoder,
                                                   UserDetailService userDetailService) {
    DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
    authProvider.setUserDetailsService(userDetailService);
    authProvider.setPasswordEncoder(bCryptPasswordEncoder);
    return new ProviderManager(authProvider);
}

@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
    return new BCryptPasswordEncoder();
}

}

이게 본문 책의 내용이고,

깃허브에 올라온 소스는 좀 다릅니다.

회원가입 후 H2-CONSOLE에 가보면 EMAIL과 ENCODE된 비밀번호는 정상적으로 저장되는데,

로그인 시도 시 http://localhost:8080/login?error라고 뜨네요.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions