[FEAT] 비밀번호 복호화 과정 진행

lehojun · lehojun · commit 5bf87931418f · 2025-06-24T14:25:52.000+09:00
diff --git a/src/main/java/com/example/be/config/SecurityConfig.java b/src/main/java/com/example/be/config/SecurityConfig.java
@@ -10,6 +10,8 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.annotation.web.configurers.HttpBasicConfigurer;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
@@ -26,6 +28,11 @@ public class SecurityConfig {
     private final OAuthLoginSuccessHandler oAuthLoginSuccessHandler;
     private final OAuthLoginFailureHandler oAuthLoginFailureHandler;
 
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
     @Bean
     CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration config = new CorsConfiguration();
diff --git a/src/main/java/com/example/be/service/UserServiceImpl.java b/src/main/java/com/example/be/service/UserServiceImpl.java
@@ -15,6 +15,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.scheduling.annotation.Scheduled;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -31,6 +32,7 @@ public class UserServiceImpl extends SimpleUrlAuthenticationSuccessHandler {
     private final UserRepository userRepository;
     private final JwtUtilServiceImpl jwtUtilService;
     private final RefreshTokenRepository refreshTokenRepository;
+    private final PasswordEncoder passwordEncoder;
 
     @Value("${jwt.access-token.expiration-time}")
     private long ACCESS_TOKEN_EXPIRATION_TIME; // 액세스 토큰 유효기간
@@ -59,7 +61,7 @@ public CommonDTO.IsSuccessDTO signUp(UserDTO.SingUpRequestDto request) {
 
         User user = User.builder()
                 .email(request.getEmail())
-                .password(request.getPassword())
+                .password(passwordEncoder.encode(request.getPassword()))
                 .name(request.getName())
                 .userId(UUID.randomUUID())
                 .provider("general")
@@ -82,7 +84,7 @@ public CommonDTO.IsSuccessDTO login(UserDTO.LoginRequestDto request, HttpServlet
         User user = userRepository.findByEmail(request.getEmail()).orElseThrow(()
                 -> new UserHandler(ErrorStatus._NOT_FOUND_USER));
 
-        if (!user.getPassword().equals(request.getPassword()))
+        if (!passwordEncoder.matches(request.getPassword(), user.getPassword()))
             throw new UserHandler(ErrorStatus._NOT_CORRECT_PASSWORD);
 
         refreshTokenRepository.deleteByUserId(user.getUserId());
