본문 바로가기
개발 Story/spring-security

05. spring security sha256 암호화 적용하기

by niee 2015. 9. 9.
반응형

spring security 에서는 기본적으로 아래와 같은 암호화 모듈을 제공하고 있다.

 

 
BaseDigestPasswordEncoder
BasePasswordEncoder
LdapShaPasswordEncoder
Md4PasswordEncoder
Md5PasswordEncoder
MessageDigestPasswordEncoder
PlaintextPasswordEncoder
ShaPasswordEncoder 

 

참조 문서 : http://docs.spring.io/autorepo/docs/spring-security/3.1.6.RELEASE/apidocs/org/springframework/security/authentication/encoding/package-summary.html

 

이중에서 ShaPasswordEncoder​ 를 이용해 비밀번호를 sha256 암호화를 적용해 보도록 하겠다.

이번에는 DB insert를 위해 mybatis를 연동하였다.

 

1.security.xml에 ShaPasswordEncoder​ bean등록 

 
<beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
  <beans:constructor-arg name="strength" value="256"></beans:constructor-arg>
</beans:bean>

 

2.authentication-provider에 사용자 인증시 비밀번호 암호화빈 등록

 
<authentication-manager>
 <authentication-provider user-service-ref="userService">
  <password-encoder ref="passwordEncoder"/>
 </authentication-provider>
</authentication-manager> 

 

3.회원 가입 jsp생성(귀찮아서 로그인 페이지에 폼을 두개만들어 처리함)

 
<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<link rel="stylesheet" type="text/css" href="<c:url value="/resources/css/main.css"/>">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
${errMsg }
<form action='<c:url value="/user/login"/>' method="post">
 <input type="text" name="email" id="email"/>
 <input type="password" name="passwd" id="passwd"/>
 <input type="submit" value="로그인">
</form>
<form action='<c:url value="/user/insertUser"/>' method="post">
 <input type="text" name="email" id="email"/>
 <input type="password" name="passwd" id="passwd"/>
 <select name="authority">
  <option value="ROLE_USER">사용자</option>
  <option value="ROLE_ADMIN">관리자</option>
 </select>
 <input type="submit" value="회원가입">
</form>
</body>
</html> 

 

4.회원 가입시 비밀번호 암호화를 위한 Service ​class생성

 
package com.min.study.core.util;
 
import javax.annotation.Resource;
 
import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
import org.springframework.stereotype.Service;
 
@Service("shaEncoder")
public class ShaEncoder {
 
 @Resource(name="passwordEncoder")
 private ShaPasswordEncoder encoder;
 
 public String encoding(String str){
  return encoder.encodePassword(str,null);
 }
}

 

5.pom.xml에 mybatis추가

 
<!-- MyBatis -->
<dependency>
 <groupId>org.mybatis</groupId>
 <artifactId>mybatis</artifactId>
 <version>3.1.1</version>
</dependency>
 
<dependency>
 <groupId>org.mybatis</groupId>
 <artifactId>mybatis-spring</artifactId>
 <version>1.1.1</version>
</dependency> 

 

6.resource폴더에 sqlmap폴더 생성 후 mybatis.xml생성

 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN" "HTTP://mybatis.org/dtd/mybatis-3-config.dtd">
 
<configuration>
 <settings>
   <setting name="cacheEnabled" value="true"/>
   <setting name="lazyLoadingEnabled" value="false"/>
   <setting name="multipleResultSetsEnabled" value="true"/>
   <setting name="useColumnLabel" value="true"/>
   <setting name="useGeneratedKeys" value="false"/>
   <setting name="autoMappingBehavior" value="PARTIAL"/>
   <setting name="defaultExecutorType" value="SIMPLE"/>
   <setting name="defaultStatementTimeout" value="25"/>
   <setting name="safeRowBoundsEnabled" value="false"/>
   <setting name="mapUnderscoreToCamelCase" value="false"/>
   <setting name="localCacheScope" value="SESSION"/>
   <setting name="jdbcTypeForNull" value="OTHER"/>
   <setting name="lazyLoadTriggerMethods" value="equals,clone,hashCode,toString"/>
 </settings>
 
 <typeAliases>
  <typeAlias type="java.util.Map" alias="map"/>
 </typeAliases>
 
</configuration> 

 

7.datasource-context.xml에 mybatis SqlSessionFactoryBean 등록 및 트랜잭션 선언

 
 <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
  <property name="dataSource" ref="dataSource" />
  <property name="configLocation" value="classpath:sqlmap/mybatis.xml" />
  <property name="mapperLocations" value="classpath:sqlmap/*/*.xml" />
 </bean>
 
 <tx:annotation-driven transaction-manager="transactionManager"/>
 <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
  <property name="dataSource" ref="dataSource"></property>
 </bean>
 
 <bean id="sqlSession" class="org.mybatis.spring.SqlSessionTemplate">
  <constructor-arg index="0" ref="sqlSessionFactory" />
 </bean> 

 

8.회원 가입을 위한 DAO service생성 및 impl클레스 구현

 
package com.min.study.user.dao;
 
import java.util.Map;
 
public interface UserDaoService {
 public int insertUser(Map<String, String> paramMap);
}
 
package com.min.study.user.dao;
 
import java.util.Map;
 
import org.mybatis.spring.support.SqlSessionDaoSupport;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
 
@Service("userDaoService")
public class UserDaoServiceImpl extends SqlSessionDaoSupport implements UserDaoService {
 
 @Override
 @Transactional
 public int insertUser(Map<String, String> paramMap) {
  // TODO Auto-generated method stub
  return getSqlSession().insert("user.insertUser",paramMap);
 }
 
} 

 

9.sql query.xml생성(예제는 sqlmap/mysql/user.xml)

 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="user">
 <insert id="insertUser">
  INSERT INTO USER
  VALUES(#{email},#{passwd},1,#{authority})
 </insert> 
</mapper> 

 

10.usercontroller에 암호화 서비스 & daoservice 주입 및 가입시 비밀번호 암호화 설정

ex)

 
package com.min.study.user.web;
 
import java.util.HashMap;
import java.util.Map;
 
import javax.annotation.Resource;
 
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
 
import com.min.study.core.util.ShaEncoder;
import com.min.study.user.dao.UserDaoServiceImpl;
 
@Controller
public class UserController {
 
 private static final Logger logger = LoggerFactory.getLogger(UserController.class);
 
 @Resource(name="shaEncoder")
 private ShaEncoder encoder;
 
 @Resource(name="userDaoService")
 private UserDaoServiceImpl dao;
 
 @RequestMapping("/user/loginPage")
 public String loginPage(){
  return "/user/loginPage";
 }
 
 @RequestMapping(value = "/user/insertUser",method=RequestMethod.POST)
 public String insertUser(@RequestParam("email")String email, @RequestParam("passwd")String passwd, @RequestParam("authority")String authority){
  String dbpw = encoder.encoding(passwd);
  Map<String, String> paramMap = new HashMap<String, String>();
  paramMap.put("email", email);
  paramMap.put("passwd", dbpw);
  paramMap.put("authority", authority);
  int result = dao.insertUser(paramMap);
  logger.info("result ===> {}", result);
  return "/user/loginPage";
 }
 
}

 

11. 회원가입 & 인증 확인.

 

ex)패스워드가 test인 경우 sha256 암호화를 하면 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 이다.

 

 ------------------------------------------------------------------------------------------

소스확인 : https://github.com/ParkMinKyu/security

반응형