Created
January 5, 2017 06:43
-
-
Save yevgnenll/5ef97cc92132b27ea4a9c8070b967f4f to your computer and use it in GitHub Desktop.
SecurityContextHolder.getContext() 없애도 되는가
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.yevgnenll; | |
| import java.util.ArrayList; | |
| import java.util.List; | |
| import org.slf4j.Logger; | |
| import org.slf4j.LoggerFactory; | |
| import org.springframework.beans.factory.annotation.Autowired; | |
| import org.springframework.security.authentication.AuthenticationProvider; | |
| import org.springframework.security.authentication.BadCredentialsException; | |
| import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; | |
| import org.springframework.security.core.Authentication; | |
| import org.springframework.security.core.AuthenticationException; | |
| import org.springframework.security.core.GrantedAuthority; | |
| import org.springframework.security.core.authority.SimpleGrantedAuthority; | |
| import org.springframework.security.core.context.SecurityContextHolder; | |
| import org.springframework.stereotype.Component; | |
| import com.yevgnenll.config.UserDetail; | |
| import com.yevgnenll.domain.User; | |
| import com.yevgnenll.service.Impl.UserServiceImpl; | |
| import com.yevgnenll.utils.EncryptPassword; | |
| @Component | |
| public class LoginProcessProvider implements AuthenticationProvider { | |
| private static final Logger logger = LoggerFactory.getLogger(LoginProcessProvider.class); | |
| @Autowired | |
| private UserServiceImpl userService; | |
| @Override | |
| public Authentication authenticate(Authentication authentication) throws AuthenticationException { | |
| String id = (String) authentication.getPrincipal(); | |
| String password = (String) authentication.getCredentials(); | |
| User user = userService.getUserInfo(id); | |
| logger.info("user data: " + id + " password: " + password + " encoded: " + user.getPassword()); | |
| if(userService.isHaveUser(id) && EncryptPassword.isCorrectPassword(password, user.getPassword())){ | |
| List<GrantedAuthority> list = new ArrayList<>(); | |
| list.add(new SimpleGrantedAuthority("ROLE_USER")); | |
| UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(id, password, list); | |
| result.setDetails(new UserDetail(user)); | |
| // 직접 넣는게 올바른 동작인가? | |
| SecurityContextHolder.getContext().setAuthentication(result); | |
| return result; | |
| } else { | |
| throw new BadCredentialsException("Bad credentials"); | |
| } | |
| } | |
| @Override | |
| public boolean supports(Class<?> authentication) { | |
| return authentication.equals(UsernamePasswordAuthenticationToken.class); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment