• 카테고리

    질문 & 답변

  • 세부 분야

    백엔드

  • 해결 여부

    미해결

(해결완료) 코드 변경사항 있습니다. 참고들 하세요!

20.09.15 22:00 작성 조회수 471

5

package io.security.basicsecurity.security.provider;

import io.security.basicsecurity.security.common.FormWebAuthenticationDetails;
import io.security.basicsecurity.security.service.AccountContext;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.transaction.annotation.Transactional;

@Slf4j
public class FormAuthenticationProvider implements AuthenticationProvider {

  @Autowired
  private UserDetailsService userDetailsService;

  @Autowired
  private PasswordEncoder passwordEncoder;

  public FormAuthenticationProvider(PasswordEncoder passwordEncoder) {
    this.passwordEncoder = passwordEncoder;
  }

  @Override
  @Transactional
  public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    String username = authentication.getName();
    String password = (String) authentication.getCredentials();

    AccountContext accountContext = (AccountContext) userDetailsService.loadUserByUsername(username);

    if(!passwordEncoder.matches(password, accountContext.getAccount().getPassword())) {
      throw new BadCredentialsException("Invalid Password");
//      throw new BadCredentialsException("BadCredentialsException");
    }

    String secretKey = ( (FormWebAuthenticationDetails) authentication.getDetails() ).getSecretKey();
//    FormWebAuthenticationDetails formWebAuthenticationDetails = (FormWebAuthenticationDetails) authentication.getDetails();
//    String secretKey = formWebAuthenticationDetails.getSecretKey();

    if(secretKey == null || ! secretKey.equals("secret")) {
//    if(secretKey == null || !"secret".equals(secretKey)) {
      throw new IllegalArgumentException("invalid Secret");
//      throw new InsufficientAuthenticationException("InsufficientAuthenticationException");
    }

    return new UsernamePasswordAuthenticationToken(accountContext.getAccount(), null, accountContext.getAuthorities());
//    UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(accountContext.getAccount(), null, accountContext.getAuthorities());
//    return authenticationToken;
  }

  @Override
  public boolean supports(Class<?> authentication) {
    return authentication.equals(UsernamePasswordAuthenticationToken.class);
//    return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
  }

}
course-thumbnail

스프링 시큐리티

3) 인증 처리자 - AjaxAuthenticationProvider

강의실 바로가기

답변 1

답변을 작성해보세요.

0

tt12b님의 프로필

tt12b

2023.07.13

감사합니다.

이 글과 비슷한 Q&A