스프링 시큐리티 컨트롤러에서 로그인한 customUser 받아오기

컨트롤러에서

마이 페이지를 조회하는 경우

위와 같이 Principal을 이용해 지금 로그인한 유저의 정보를 받아왔는데,

이때 principal.getName()으로 아이디를 받아오고

이 아이디로 또 dao에서 회원 정보를 조회하는 방식이 조금 이상하게 느껴졌다.

 

세션을 쓸까 했는데 시큐리티를 쓰는 거

시큐리티에도 분명히 방법이 있을텐데 해서 찾아봤다

https://itstory.tk/entry/Spring-Security-%ED%98%84%EC%9E%AC-%EB%A1%9C%EA%B7%B8%EC%9D%B8%ED%95%9C-%EC%82%AC%EC%9A%A9%EC%9E%90-%EC%A0%95%EB%B3%B4-%EA%B0%80%EC%A0%B8%EC%98%A4%EA%B8%B0

[Spring Security] 현재 로그인한 사용자 정보 가져오기

다 비슷한 얘기를 하던데

아직 시큐리티에 대한 개념이 확실치 않아서 조금 어려웠다

 

package kr.or.kosa.security;

import java.util.Collection;
import java.util.List;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import kr.or.kosa.dto.Member;
import kr.or.kosa.dto.MemberAuth;

public class CustomUserDetails implements UserDetails {
	

	private static final long serialVersionUID = 1L;
	
	
	private String username;
	private String universityCode;
	private String memberId;
	private String password;
	private String name;
	private String major;
	private String email;
	private String gender;
	private String phone;
	private String parentsPhone;
	private String room;
	private int memberPoint;
	private int demerit;
	private int status;
	private String enabled;
	private boolean isEnabled;
	private boolean isAccountNonExpired;
	private boolean isAccountNonLocked;
	private boolean isCredentialsNonExpired;
	private List<MemberAuth> authList;
	
	private Collection<?extends GrantedAuthority>authorities;

	@Override
	public String getUsername() {
		return username;
	}

	public void setUsername(String username) {
		this.username = username;
	}

	public String getUniversityCode() {
		return universityCode;
	}

	public void setUniversityCode(String universityCode) {
		this.universityCode = universityCode;
	}

	public String getMemberId() {
		return memberId;
	}

	public void setMemberId(String memberId) {
		this.memberId = memberId;
	}
	
	@Override
	public String getPassword() {
		return password;
	}

	public void setPassword(String password) {
		this.password = password;
	}

	public String getName() {
		return name;
	}

	public void setName(String name) {
		this.name = name;
	}

	public String getMajor() {
		return major;
	}

	public void setMajor(String major) {
		this.major = major;
	}

	public String getEmail() {
		return email;
	}

	public void setEmail(String email) {
		this.email = email;
	}

	public String getGender() {
		return gender;
	}

	public void setGender(String gender) {
		this.gender = gender;
	}

	public String getPhone() {
		return phone;
	}

	public void setPhone(String phone) {
		this.phone = phone;
	}

	public String getParentsPhone() {
		return parentsPhone;
	}

	public void setParentsPhone(String parentsPhone) {
		this.parentsPhone = parentsPhone;
	}

	public String getRoom() {
		return room;
	}

	public void setRoom(String room) {
		this.room = room;
	}

	public int getMemberPoint() {
		return memberPoint;
	}

	public void setMemberPoint(int memberPoint) {
		this.memberPoint = memberPoint;
	}

	public int getDemerit() {
		return demerit;
	}

	public void setDemerit(int demerit) {
		this.demerit = demerit;
	}

	public int getStatus() {
		return status;
	}

	public void setStatus(int status) {
		this.status = status;
	}

	public String getEnabled() {
		return enabled;
	}

	public void setEnabled(String enabled) {
		this.enabled = enabled;
	}

	public boolean isEnabled() {
		return isEnabled;
	}

	public void setEnabled(boolean isEnabled) {
		this.isEnabled = isEnabled;
	}
	@Override
	public boolean isAccountNonExpired() {
		return isAccountNonExpired;
	}

	public void setAccountNonExpired(boolean isAccountNonExpired) {
		this.isAccountNonExpired = isAccountNonExpired;
	}
	@Override
	public boolean isAccountNonLocked() {
		return isAccountNonLocked;
	}

	public void setAccountNonLocked(boolean isAccountNonLocked) {
		this.isAccountNonLocked = isAccountNonLocked;
	}
	@Override
	public boolean isCredentialsNonExpired() {
		return isCredentialsNonExpired;
	}

	public void setCredentialsNonExpired(boolean isCredentialsNonExpired) {
		this.isCredentialsNonExpired = isCredentialsNonExpired;
	}

	public List<MemberAuth> getAuthList() {
		return authList;
	}

	public void setAuthList(List<MemberAuth> authList) {
		this.authList = authList;
	}
	@Override
	public Collection<? extends GrantedAuthority> getAuthorities() {
		return authorities;
	}

	public void setAuthorities(Collection<? extends GrantedAuthority> authorities) {
		this.authorities = authorities;
	}
	
	public CustomUserDetails(Member vo, Collection<GrantedAuthority> auth) {
		
		username = vo.getMemberId();
		universityCode = vo.getUniversityCode();
		memberId = vo.getMemberId();
		password = vo.getPassword();
		name = vo.getName();
		major = vo.getMajor();
		email = vo.getEmail();
		gender = vo.getGender();
		phone = vo.getPhone();
		parentsPhone = vo.getParentsPhone();
		room = vo.getRoom();
		memberPoint = vo.getMemberPoint();
		demerit = vo.getDemerit();
		status = vo.getStatus();
		enabled = vo.getEnabled();
		isEnabled = true;
		isAccountNonExpired = true;
		isAccountNonLocked = true;
		isCredentialsNonExpired = true;
		authList = vo.getAuthList();
		
		authorities = auth;
	}

	@Override
	public String toString() {
		return "CustomUserDetails [username=" + username + ", universityCode=" + universityCode + ", memberId="
				+ memberId + ", password=" + password + ", name=" + name + ", major=" + major + ", email=" + email
				+ ", gender=" + gender + ", phone=" + phone + ", parentsPhone=" + parentsPhone + ", room=" + room
				+ ", memberPoint=" + memberPoint + ", demerit=" + demerit + ", status=" + status + ", enabled="
				+ enabled + ", isEnabled=" + isEnabled + ", isAccountNonExpired=" + isAccountNonExpired
				+ ", isAccountNonLocked=" + isAccountNonLocked + ", isCredentialsNonExpired=" + isCredentialsNonExpired
				+ ", authList=" + authList + ", authorities=" + authorities + "]";
	}

	
    
}

기본적인 회원 정보가 많다보니 난리가 났지만...

앞으로 DTO로 쓸, userDetails를 구현하는 CustomUserDetails

 

package kr.or.kosa.security;

import java.util.HashSet;
import java.util.Set;

import org.apache.ibatis.session.SqlSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import kr.or.kosa.dao.MemberDao;
import kr.or.kosa.dto.Member;
import kr.or.kosa.dto.MemberAuth;
import kr.or.kosa.service.MemberService;

@Service
public class CustomUserDetailService implements UserDetailsService {
	
	@Autowired
	MemberDao dao;
	
	@Override
	public UserDetails loadUserByUsername(String memberid) throws UsernameNotFoundException {
		
		Member dto = dao.getMember(memberid);
		
		if(dto == null) {
			throw new UsernameNotFoundException("Invalid User");
		}
		
		System.out.println("유저 : " + dto);
		 Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
		for(MemberAuth a : dto.getAuthList()) {
			grantedAuthorities.add(new SimpleGrantedAuthority(a.getAuth()));
		}
		CustomUserDetails user = new CustomUserDetails(dto, grantedAuthorities);
		System.out.println(user.toString());

		return user;
	}

}

UserDetailsService를 구현한 CustomUserDetailService

 

 

	@GetMapping("/notebox")
	public ResponseEntity<String> getReceivedMsg(){
		CustomUserDetails user = (CustomUserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();

		System.out.println(user);
		return null;
	     
	}

유저 정보를 조회할 컨트롤러

 

나는 어째선지 @AuthenticationPrincipal을 써도 nullPointerException이 떠서

방법을 찾다보니 이렇게 하면 됐다

CustomUserDetails user = (CustomUserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();

이 긴 한줄을 쓰면 된다...

이제 매번 db에서 조회 작업을 하지 않아도 된다

아싸...