Service Layer 에서 로그인 사용자 정보에 접근하기 위해 org.springframework.security.core.context. SecurityContextHolder 를 사용한다.
package com.u2ware.springfield.sample.security;
public interface AuthenticationContext {
public String getPasswordSalt();
public String getPassword(String password, Object salt);
public String getUsername() ;
public String getUsername(String password) ;
public void logoff() ;
}
package com.u2ware.springfield.sample.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.SaltSource;
import org.springframework.security.authentication.encoding.PasswordEncoder;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
@Component
public class AuthenticationContextImpl implements AuthenticationContext{
@Autowired(required=false)
private AuthenticationManager authenticationManager;
@Autowired(required=false)
private PasswordEncoder passwordEncoder;
@Autowired(required=false)
private SaltSource saltSource;
public String getPasswordSalt() {
return ""+System.currentTimeMillis();
}
public String getPassword(String password, Object salt) {
if(passwordEncoder == null) return password;
return passwordEncoder.encodePassword(password, salt);
}
public boolean hasAuthentication() {
return SecurityContextHolder.getContext().getAuthentication() != null;
}
public Authentication getAuthentication() {
return SecurityContextHolder.getContext().getAuthentication();
}
public Authentication getAuthentication(String password) {
if(authenticationManager == null) return null;
Authentication a = getAuthentication();
if(a == null) return null;
authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(a.getName(), password));
return a;
}
public String getUsername() {
Authentication a = getAuthentication();
if(a == null) return null;
return a.getName();
}
@Override
public String getUsername(String password) {
Authentication a = getAuthentication(password);
if(a == null) return null;
return a.getName();
}
public void logoff() {
SecurityContextHolder.clearContext();
}
}
package com.u2ware.springfield.sample.security.member.password;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import com.u2ware.springfield.repository.EntityRepository;
import com.u2ware.springfield.sample.security.AuthenticationContext;
import com.u2ware.springfield.sample.security.Users;
import com.u2ware.springfield.service.EntityServiceTemplate;
@Service
public class MemberPasswordService extends EntityServiceTemplate<MemberPassword, MemberPassword>{
@Autowired
protected AuthenticationContext authenticationContext;
@Autowired @Qualifier("usersRepository")
private EntityRepository<Users, String> usersRepository;
@Override
public MemberPassword createForm(MemberPassword entity) {
String username = authenticationContext.getUsername();
entity.setUsername(username);
return entity;
}
@Override
@Transactional
public MemberPassword create(MemberPassword entity) {
String username = authenticationContext.getUsername();
Users user = usersRepository.read(username);
String password = authenticationContext.getPassword(entity.getNewPassword1(), user.getSalt());
user.setPassword(password);
authenticationContext.logoff();
return entity;
}
}