Spring Security

[Spring Security] Empty encoded password ์—๋Ÿฌ

์šฐ์ฃผ๋ฌผ๊ณ ๊ธฐ 2025. 5. 4. 12:50
๋ฐ˜์‘ํ˜•

์Šคํ”„๋ง ์‹œํ๋ฆฌํ‹ฐ๊ฐ€ ๋กœ๊ทธ์ธํ• ๋•Œ pw๊ฐ€ ๋น„์–ด์žˆ๋‹ค๊ณ  ํ•ด์„œ

ํ„ฐ์ง€๋Š” ์˜ˆ์™ธ

โ€‹

๋‚ด๊ฐ€ ๋ฐ”๋ณด์ง“ํ•œ๊ฑฐ์ž„..ใ…Ž

 

 

@Table(name = "users")
@NoArgsConstructor(access = AccessLevel.PROTECTED)
@Getter
@Entity
public class User implements UserDetails {

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    @Column(name = "id", updatable = false)
    private Long id;

    @Column(name = "email", nullable = false, unique = true)
    private String email;

    @Column(name = "password")
    private String password;

    @Builder
    public User(String email, String password, String auth) {
    this.email = email;
    this.password = password;
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return List.of(new SimpleGrantedAuthority("user"));
    }

    @Override
    public String getUsername() {
        return "";     // ์—ฌ๊ธฐ๊ฐ€ ๋ฌธ์ œ!!!!!!!!!!!!
    }

    @Override
    public String getPassword() {
        return "";     // ์—ฌ๊ธฐ๊ฐ€ ๋ฌธ์ œ!!!!!!!!!!!!
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;  // ์—ฐ์Šต ์ค‘์ด๋ผ ์ผ๋‹จ ์ „๋ถ€ true๋กœ ํ•จ
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return true;
    }
}

 

User์—”ํ‹ฐํ‹ฐ ์ฝ”๋“œ์ธ๋ฐ,

์˜ค๋ฒ„๋ผ์ด๋“œ ํ•˜๋Š” ๋ฉ”์†Œ๋“œ๋“ค์€ alt+Insertํ‚ค๋กœ

ํ•ญ์ƒ ์ธํ…”๋ฆฌ์ œ์ดํ•ด์„œ ์ œ๊ณตํ•˜๋Š” ๊ธฐ๋Šฅ์œผ๋กœ ์ป์Œ

์†์œผ๋กœ ์•ˆํ•˜๊ณ 

โ€‹

โ€‹

๋ฌธ์ œ๋Š” ์ธํ…”๋ฆฌ์ œ์ด๊ฐ€ ์ž๋™์ƒ์„ฑํ•ด์ค€ ์˜ค๋ฒ„๋ผ์ด๋“œ ๋ฉ”์†Œ๋“œ๋“ค์„

ํ™•์ธ์„ ์•ˆํ•˜๊ณ 

์•Œ์•„์„œ ์ž˜ ํ–‡๊ฒŸ์ง€~ ํ•˜๊ณ  ๋„˜๊ธด๊ฑฐ

ใ…‹ใ…‹ใ…‹ใ…‹ใ…‹ใ…‹ใ…‹ใ…‹

๋•๋ถ„์— return ""; ํ•˜๊ณ ์žˆ์—ˆ๊ณ 

๊ทธ๋‹ˆ๊นŒ ๋‹น์—ฐํžˆ empth password๊ฐ€ ๋œจ๋Š”๊ฑฐ

โ€‹

โ€‹

๋‹ค๋“ค ๋‚˜๊ฐ™์€ ๋ฐ”๋ณด๊ฐ™์€ ์‹ค์ˆ˜ ํ•˜์ง€๋งˆ์‡ผ

โ€‹ใ…‹ใ…‹;;;

 

 

 

์•”ํŠผ ์ˆ˜์ •ํ•˜๋ฉด

 

@Table(name = "users")
@NoArgsConstructor(access = AccessLevel.PROTECTED)
@Getter
@Entity
public class User implements UserDetails {

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    @Column(name = "id", updatable = false)
    private Long id;

    @Column(name = "email", nullable = false, unique = true)
    private String email;

    @Column(name = "password")
    private String password;

    @Builder
    public User(String email, String password, String auth) {
    this.email = email;
    this.password = password;
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return List.of(new SimpleGrantedAuthority("user"));
    }

    @Override
    public String getUsername() {
        return email;
    }

    @Override
    public String getPassword() {
        return password;
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return true;
    }
}

 

 

๋ฐ˜์‘ํ˜•
์ €์ž‘์žํ‘œ์‹œ ๋น„์˜๋ฆฌ ๋ณ€๊ฒฝ๊ธˆ์ง€ (์ƒˆ์ฐฝ์—ด๋ฆผ)