• spring security 에서는 기본적으로 아래와 같은 암호화 모듈을 제공하고 있다.
BaseDigestPasswordEncoder
BasePasswordEncoder
LdapShaPasswordEncoder
Md4PasswordEncoder
Md5PasswordEncoder
MessageDigestPasswordEncoder
PlaintextPasswordEncoder
ShaPasswordEncoder

참조 문서 :http://docs.spring.io/autorepo/docs/spring-security/3.1.6.RELEASE/apidocs/org/springframework/security/authentication/encoding/package-summary.html

  • 이중에서 ShaPasswordEncoder​ 를 이용해 비밀번호를 sha256 암호화를 적용해 보도록 하겠다.
  • 이번에는 DB insert를 위해 mybatis를 연동하였다.

  • security.xmlShaPasswordEncoder​ bean등록 ​
<beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
  <beans:constructor-arg name="strength" value="256"></beans:constructor-arg>
</beans:bean>
  • ​authentication-provider에 사용자 인증시 비밀번호 암호화빈 등록​
<authentication-manager>
 <authentication-provider user-service-ref="userService">
  <password-encoder ref="passwordEncoder"/>
 </authentication-provider>
</authentication-manager>
  • 회원 가입 jsp생성(귀찮아서 로그인 페이지에 폼을 두개만들어 처리함)
<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<link rel="stylesheet" type="text/css" href="<c:url value="/resources/css/main.css"/>">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
${errMsg }
<form action='<c:url value="/user/login"/>' method="post">
 <input type="text" name="email" id="email"/>
 <input type="password" name="passwd" id="passwd"/>
 <input type="submit" value="로그인">
</form>
<form action='<c:url value="/user/insertUser"/>' method="post">
 <input type="text" name="email" id="email"/>
 <input type="password" name="passwd" id="passwd"/>
 <select name="authority">
  <option value="ROLE_USER">사용자</option>
  <option value="ROLE_ADMIN">관리자</option>
 </select>
 <input type="submit" value="회원가입">
</form>
</body>
</html>
  • 회원 가입시 비밀번호 암호화를 위한 Service ​class생성
package com.min.study.core.util;

import javax.annotation.Resource;

import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
import org.springframework.stereotype.Service;

@Service("shaEncoder")
public class ShaEncoder {

 @Resource(name="passwordEncoder")
 private ShaPasswordEncoder encoder;

 public String encoding(String str){
  return encoder.encodePassword(str,null);
 }
}
  • pom.xml에 mybatis추가
<!-- MyBatis -->
<dependency>
 <groupId>org.mybatis</groupId>
 <artifactId>mybatis</artifactId>
 <version>3.1.1</version>
</dependency>

<dependency>
 <groupId>org.mybatis</groupId>
 <artifactId>mybatis-spring</artifactId>
 <version>1.1.1</version>
</dependency>
  • resource폴더에 sqlmap폴더 생성 후 mybatis.xml생성
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN" "HTTP://mybatis.org/dtd/mybatis-3-config.dtd">

<configuration>
 <settings>
   <setting name="cacheEnabled" value="true"/>
   <setting name="lazyLoadingEnabled" value="false"/>
   <setting name="multipleResultSetsEnabled" value="true"/>
   <setting name="useColumnLabel" value="true"/>
   <setting name="useGeneratedKeys" value="false"/>
   <setting name="autoMappingBehavior" value="PARTIAL"/>
   <setting name="defaultExecutorType" value="SIMPLE"/>
   <setting name="defaultStatementTimeout" value="25"/>
   <setting name="safeRowBoundsEnabled" value="false"/>
   <setting name="mapUnderscoreToCamelCase" value="false"/>
   <setting name="localCacheScope" value="SESSION"/>
   <setting name="jdbcTypeForNull" value="OTHER"/>
   <setting name="lazyLoadTriggerMethods" value="equals,clone,hashCode,toString"/>
 </settings>

 <typeAliases>
  <typeAlias type="java.util.Map" alias="map"/>
 </typeAliases>

</configuration>
  • datasource-context.xmlmybatis SqlSessionFactoryBean 등록 및 트랜잭션 선언
 <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
  <property name="dataSource" ref="dataSource" />
  <property name="configLocation" value="classpath:sqlmap/mybatis.xml" />
  <property name="mapperLocations" value="classpath:sqlmap/*/*.xml" />
 </bean>

 <tx:annotation-driven transaction-manager="transactionManager"/>
 <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
  <property name="dataSource" ref="dataSource"></property>
 </bean>

 <bean id="sqlSession" class="org.mybatis.spring.SqlSessionTemplate">
  <constructor-arg index="0" ref="sqlSessionFactory" />
 </bean>
  • 회원 가입을 위한 DAO service생성 및 impl클레스 구현
package com.min.study.user.dao;

import java.util.Map;

public interface UserDaoService {
 public int insertUser(Map<String, String> paramMap);
}

package com.min.study.user.dao;

import java.util.Map;

import org.mybatis.spring.support.SqlSessionDaoSupport;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service("userDaoService")
public class UserDaoServiceImpl extends SqlSessionDaoSupport implements UserDaoService {

 @Override
 @Transactional
 public int insertUser(Map<String, String> paramMap) {
  // TODO Auto-generated method stub
  return getSqlSession().insert("user.insertUser",paramMap);
 }

}
  • sql query.xml생성(예제는 sqlmap/mysql/user.xml)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="user">
 <insert id="insertUser">
  INSERT INTO USER
  VALUES(#{email},#{passwd},1,#{authority})
 </insert>
</mapper>
  • usercontroller암호화 서비스 & daoservice 주입 및 가입시 비밀번호 암호화 설정
ex)

package com.min.study.user.web;

import java.util.HashMap;
import java.util.Map;

import javax.annotation.Resource;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;

import com.min.study.core.util.ShaEncoder;
import com.min.study.user.dao.UserDaoServiceImpl;

@Controller
public class UserController {

 private static final Logger logger = LoggerFactory.getLogger(UserController.class);

 @Resource(name="shaEncoder")
 private ShaEncoder encoder;

 @Resource(name="userDaoService")
 private UserDaoServiceImpl dao;

 @RequestMapping("/user/loginPage")
 public String loginPage(){
  return "/user/loginPage";
 }

 @RequestMapping(value = "/user/insertUser",method=RequestMethod.POST)
 public String insertUser(@RequestParam("email")String email, @RequestParam("passwd")String passwd, @RequestParam("authority")String authority){
  String dbpw = encoder.encoding(passwd);
  Map<String, String> paramMap = new HashMap<String, String>();
  paramMap.put("email", email);
  paramMap.put("passwd", dbpw);
  paramMap.put("authority", authority);
  int result = dao.insertUser(paramMap);
  logger.info("result ===> {}", result);
  return "/user/loginPage";
 }

}
  • 회원가입 & 인증 확인.
ex)패스워드가 test인 경우 sha256 암호화를 하면 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 이다.

소스확인 : https://github.com/ParkMinKyu/security