@Override
protected void configure(HttpSecurity http) throws Exception {
	http.anonymous()
			.and()
		.formLogin()
			.and()
		.authorizeRequests()
			.mvcMatchers(HttpMethod.GET, "/api/**").authenticated()
			.anyRequest().authenticated();
}

사용자 정보를 가진 인증 사용자라면 접근 가능

현재 인증할 때 passwordEncoder를 등록했는데 유저를 저장할 때는 패스워드를 인코딩 하지 않고 바로 저장했다. 해보자

저장 시 인코딩

@Service
public class AccountService implements UserDetailsService {

	@Autowired
	AccountRepository accountRepository;

	@Autowired
	PasswordEncoder passwordEncoder;

	public Account saveAccount(Account account) {
		account.setPassword(this.passwordEncoder.encode(account.getPassword()));
		return this.accountRepository.save(account);
	}

테스트 코드

@Test
public void findByUsername() {
	Set<AccountRole> roles = new HashSet<>();
	roles.add(AccountRole.ADMIN);
	roles.add(AccountRole.USER);

	String username = "[email protected]";
	String password = "pass";
	Account account = Account.builder()
			.email(username)
			.password(password)
			.roles(roles)
			.build();

	this.accountService.saveAccount(account);

	UserDetailsService userDetailsService = accountService;
	UserDetails userDetails = userDetailsService.loadUserByUsername(username);

	assertThat(passwordEncoder.matches(password, userDetails.getPassword())).isTrue();
}

기본 계정 생성

@Bean
public ApplicationRunner applicationRunner() {
	return new ApplicationRunner() {

		@Autowired
		AccountService accountService;

		@Override
		public void run(ApplicationArguments args) throws Exception {
			Set<AccountRole> roles = new HashSet<>();
			roles.add(AccountRole.ADMIN);
			roles.add(AccountRole.USER);

			Account cmlee = Account.builder()
					.email("[email protected]")
					.password("pass")
					.roles(roles)
					.build();

			accountService.saveAccount(cmlee);
		}
	};
}