refactor: 회원가입 및 로그인 기능 수정 (Season-Hackathon#3)

dotori/src/main/java/season/blossom/dotori/config/SecurityConfig.java

@@ -5,8 +5,6 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -15,8 +13,6 @@
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import season.blossom.dotori.user.JsonLoginProcessingFilter;
 
 @Configuration
 @EnableWebSecurity
@@ -37,28 +33,25 @@ public WebSecurityCustomizer webSecurityCustomizer() {
                 .antMatchers(HttpMethod.POST, "/api/user/**");
     }
     @Bean
-    public SecurityFilterChain filterChain(HttpSecurity http, AuthenticationManager authenticationManager) throws Exception {
-        JsonLoginProcessingFilter jsonLoginProcessingFilter = new JsonLoginProcessingFilter();
-        jsonLoginProcessingFilter.setAuthenticationManager(authenticationManager);
-
-        http.csrf().disable()
-                .addFilterAt(jsonLoginProcessingFilter, UsernamePasswordAuthenticationFilter.class);
-
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
-                .authorizeRequests()
-                        .antMatchers("/?**")
-                        .authenticated();
-
-        http.authorizeRequests()
-                        .antMatchers("/", "/api/signin", "/api/login")
-                        .permitAll();
-
+                .csrf()
+                    .disable()
 
+                .authorizeRequests()
+                    .antMatchers("/api/user/register",  "/api/login")
+                    .permitAll()
+                    .anyRequest()
+                    .authenticated()
+                    .and()
+                .formLogin()
+                    .disable()
+                .logout()
+                    .logoutUrl("/api/user/logout")
+                    .deleteCookies("JSESSIONID");
         http.userDetailsService(userDetailsService);
 
-
         return http.build();
-
     }
 
 

dotori/src/main/java/season/blossom/dotori/user/AuthRequestDto.java → dotori/src/main/java/season/blossom/dotori/user/LoginRequestDto.java

@@ -3,7 +3,7 @@
 import lombok.Data;
 
 @Data
-public class AuthRequestDto {
+public class LoginRequestDto {
     private String email;
     private String password;
 }

dotori/src/main/java/season/blossom/dotori/user/RegisterRequestDto.java

@@ -0,0 +1,9 @@
+package season.blossom.dotori.user;
+
+import lombok.Data;
+
+@Data
+public class RegisterRequestDto {
+    private String email;
+    private String password;
+}

dotori/src/main/java/season/blossom/dotori/user/User.java

@@ -37,4 +37,9 @@ public User encodePassword(PasswordEncoder passwordEncoder){
         password = passwordEncoder.encode(password);
         return this;
     }
+
+    public User commonRegister(){
+        authority = Authority.ROLE_USER;
+        return this;
+    }
 }

dotori/src/main/java/season/blossom/dotori/user/UserController.java

@@ -3,29 +3,62 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.util.ArrayList;
+
 @RestController
 @RequiredArgsConstructor
+@RequestMapping("/api/user")
 public class UserController {
 
-    private final UserRepository userRepository;
+    private final UserService userService;
     private final PasswordEncoder passwordEncoder;
 
-    @PostMapping("/api/signin")
-    public ResponseEntity<HttpStatus> signIn(@RequestBody AuthRequestDto authRequestDto) {
+
+    @PostMapping("/register")
+    public ResponseEntity<User> register(@RequestBody RegisterRequestDto authRequestDto) {
         User user = User.builder()
                 .email(authRequestDto.getEmail())
                 .password(authRequestDto.getPassword())
                 .build();
 
         user.encodePassword(passwordEncoder);
-        userRepository.save(user);
 
-        return new ResponseEntity<>(HttpStatus.OK);
+        User registeredUser = userService.registerUser(user);
+
+        return new ResponseEntity<>(registeredUser, HttpStatus.OK);
+    }
+
+    @PostMapping("/login")
+    public ResponseEntity<?> login(HttpServletRequest request, HttpServletResponse response,
+                                   @RequestBody LoginRequestDto loginRequestDto){
+        Authentication authentication
+                = new UsernamePasswordAuthenticationToken(loginRequestDto.getEmail(), loginRequestDto.getPassword(), new ArrayList<>());
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+        HttpSession session = request.getSession();
+        session.setAttribute
+                (HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+                        SecurityContextHolder.getContext());
+
+        Cookie cookie = new Cookie("JSESSIONID", session.getId());
+        cookie.setPath("/");
+        cookie.setHttpOnly(true);
+        cookie.setMaxAge(30 * 60);
+        response.addCookie(cookie);
+        return ResponseEntity.ok(authentication.getPrincipal());
     }
 
 

dotori/src/main/java/season/blossom/dotori/user/CustomUserDetailsService.java → dotori/src/main/java/season/blossom/dotori/user/UserService.java

@@ -4,11 +4,12 @@
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 
 @Service
 @RequiredArgsConstructor
-public class CustomUserDetailsService implements UserDetailsService {
+public class UserService implements UserDetailsService {
 
     private final UserRepository userRepository;
 
@@ -24,4 +25,9 @@ public UserDetails loadUserByUsername(String email) throws UsernameNotFoundExcep
 
         return new CustomUserDetail(user);
     }
+
+    public User registerUser(User user) {
+        user.commonRegister();
+        return userRepository.save(user);
+    }
 }