회원관리 관리 수정

2025-12-10 18:30:44 +09:00
parent bdb5ba7011
commit fc2edf7c6d
9 changed files with 68 additions and 72 deletions
--- a/src/main/java/com/kamco/cd/kamcoback/auth/CustomAuthenticationProvider.java
+++ b/src/main/java/com/kamco/cd/kamcoback/auth/CustomAuthenticationProvider.java
@@ -6,9 +6,11 @@ import lombok.RequiredArgsConstructor;
 import org.mindrot.jbcrypt.BCrypt;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.DisabledException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.stereotype.Component;

@Component
@@ -16,6 +18,7 @@ import org.springframework.stereotype.Component;
 public class CustomAuthenticationProvider implements AuthenticationProvider {

  private final MembersRepository membersRepository;
+  private final UserDetailsService userDetailsService;

  @Override
  public Authentication authenticate(Authentication authentication) throws AuthenticationException {
@@ -24,9 +27,9 @@ public class CustomAuthenticationProvider implements AuthenticationProvider {

    // 1. 유저 조회
    MemberEntity member =
-        membersRepository
-            .findByUserId(username)
-            .orElseThrow(() -> new BadCredentialsException("ID 또는 비밀번호가 일치하지 않습니다."));
+      membersRepository
+        .findByUserId(username)
+        .orElseThrow(() -> new BadCredentialsException("ID 또는 비밀번호가 일치하지 않습니다."));

    // 2. jBCrypt + 커스텀 salt 로 저장된 패스워드 비교
    if (!BCrypt.checkpw(rawPassword, member.getPassword())) {
@@ -36,6 +39,11 @@ public class CustomAuthenticationProvider implements AuthenticationProvider {
    // 3. 인증 성공 → UserDetails 생성
    CustomUserDetails userDetails = new CustomUserDetails(member);

+    // 4. 상태값 확인
+    if (!userDetails.isEnabled()) {
+      throw new DisabledException("비활성화된 계정입니다.");
+    }
+
    return new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
  }