Spring Security를 이용한 비밀번호 암호화

회원가입 시 비밀번호를 PasswordEncoder를 통해 암호화하여 저장합니다.

 

 

1. build.gradle 설정

	implementation 'org.springframework.boot:spring-boot-starter-security'
	testImplementation 'org.springframework.security:spring-security-test'

 

 

2. Bean 설정

@Configuration
@EnableWebSecurity
public class SecurityConfig {
	
    ...

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
}

비밀번호를 암호화할 때 사용할 PasswordEncoder를 Bean으로 설정한다.

 

3. PasswordEncoder.encode()

    
@RequestMapping("/members")
@Controller
@RequiredArgsConstructor
public class MemberController {
    private final MemberService memberService;
    private final PasswordEncoder passwordEncoder;

	...

    @PostMapping(value="/new")
    public String createNewMember(@Valid MemberFormDto memberFormDto,
    BindingResult bindingResult, Model model){
        if(bindingResult.hasErrors())
            return "member/memberForm";
        try {
            Member member = Member.createMember(memberFormDto, passwordEncoder);
            memberService.saveMember(member);
        }catch(IllegalStateException e){
            model.addAttribute("errorMessage:"+e.getMessage());
            return "member/memberForm";
        }
        return "main";
    }

passwordEncoder를 memberForm과 같이 넘겨준다.

 

    public static Member createMember(MemberFormDto memberFormDto, PasswordEncoder passwordEncoder){
        Member member=new Member();
        member.setName(memberFormDto.getName());
        member.setEmail(memberFormDto.getEmail());
        String password= passwordEncoder.encode(memberFormDto.getPassword());
        member.setPassword(password);
        member.setRole(Role.USER);
        return member;
    }

Member Entity에 createMember란 함수를 통해 전달받은 passwordEncoder를 이용하여 encode를 통해 비밀번호를 암호화한다.

 

결과