[Spring MVC] 인상진 미션 제출합니다. #83
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
YehyeokBang
suggested changes
Jul 28, 2024
Comment on lines
+27
to
+33
| @Override | ||
| public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception { | ||
| HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest(); | ||
| String token = memberService.extractTokenFromCookie(request.getCookies()); | ||
| MemberResponse member = memberService.findByToken(token); | ||
| return new LoginMember(member.getId(), member.getName(), member.getEmail(), "USER"); | ||
| } |
There was a problem hiding this comment.
누가 로그인을 하더라도 LoginMember의 객체에서 role 필드는 항상 "USER"인 것인가요??
Comment on lines
+27
to
+31
| @Override | ||
| public void addInterceptors(InterceptorRegistry registry) { | ||
| registry.addInterceptor(roleHandler) | ||
| .addPathPatterns("/admin/**"); | ||
| } |
There was a problem hiding this comment.
Ant 경로 패턴을 사용하셨는데, 이 패턴을 사용하면 어떤 단점이 있을까요?
어노테이션을 사용하는 방식과 같은 다른 방식을 고려해보셨나요?
Comment on lines
+31
to
+39
| public MemberResponse findByToken(String token) { | ||
| Long memberId = Long.valueOf(Jwts.parserBuilder() | ||
| .setSigningKey(Keys.hmacShaKeyFor("Yn2kjibddFAWtnPJ2AFlL8WXmohJMCvigQggaEypa5E=".getBytes())) | ||
| .build() | ||
| .parseClaimsJws(token) | ||
| .getBody().getSubject()); | ||
| Member member = memberDao.findById(memberId); | ||
| return new MemberResponse(member.getId(), member.getName(), member.getEmail(), member.getRole()); | ||
| } |
There was a problem hiding this comment.
여기도 토큰 서명을 위한 비밀 키를 상수로 빼면 더 좋을 것 같아요! (다른 코드에서는 빼셔서 말씀드려요!)
Comment on lines
+50
to
+53
| public String createToken(MemberResponse memberResponse){ | ||
| String accessToken = tokenProvider.createToken(new Member(memberResponse.getId(), memberResponse.getName(), memberResponse.getEmail(), "USER")); | ||
| return accessToken; | ||
| } |
There was a problem hiding this comment.
항상 만들어진 token의 role 필드 claim은 USER인건가요?
dd-jiyun
reviewed
Jul 28, 2024
Comment on lines
+27
to
+31
| @Override | ||
| public void addInterceptors(InterceptorRegistry registry) { | ||
| registry.addInterceptor(roleHandler) | ||
| .addPathPatterns("/admin/**"); | ||
| } |
There was a problem hiding this comment.
Ant 경로 패턴을 사용하셨는데, 이 패턴을 사용하면 어떤 단점이 있을까요?
어노테이션을 사용하는 방식과 같은 다른 방식을 고려해보셨나요?
| @@ -0,0 +1,31 @@ | |||
| package roomescape.global; | |||
Comment on lines
-29
to
-35
| public ResponseEntity create(@RequestBody ReservationRequest reservationRequest) { | ||
| if (reservationRequest.getName() == null | ||
| || reservationRequest.getDate() == null | ||
| || reservationRequest.getTheme() == null | ||
| || reservationRequest.getTime() == null) { | ||
| return ResponseEntity.badRequest().build(); | ||
| } |
There was a problem hiding this comment.
save 메서드를 호출할 때, 이름을 제외한 다른 필드들이 null인 경우에 대한 처리는 어디서 이루어지나요?
Comment on lines
+56
to
+58
| @Test | ||
| void 이단계() { | ||
|
|
There was a problem hiding this comment.
테스트 코드 메서드명을 한글로 작성할 경우에 제약이 생길 수 있는 것으로 알고 있어요!
테스트 코드 메서드 명명규칙에 대해서 알아보시면 좋을 것 같습니다 :)
shinheekim
suggested changes
Aug 2, 2024
| import roomescape.member.MemberService; | ||
|
|
||
| @Component | ||
| public class LoginMemberArgumentResolver implements HandlerMethodArgumentResolver { |
There was a problem hiding this comment.
HandlerMethodArgumentResolver를 사용하는 이유는 무엇인가요? 어떤 장점이 있나요?
| .compact(); | ||
| return accessToken; | ||
| } | ||
| } |
| private final LoginMemberArgumentResolver loginMemberArgumentResolver; | ||
| private final RoleHandler roleHandler; | ||
|
|
||
| public WebConfig(LoginMemberArgumentResolver loginMemberArgumentResolver, final RoleHandler roleHandler) { |
There was a problem hiding this comment.
final RoleHandler roleHandler 여기만 한번더 final을 붙인 이유가 있을까요?
shinheekim
approved these changes
Aug 2, 2024
dd-jiyun
approved these changes
Aug 8, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
구현
토큰을 사용하여 로그인 기능
로그인한 유저만 예약 생성 기능
어드민 페이지 진입은 admin권한이 있는 사람만 할 수 있도록 제한 기능
느낀 점
로그인 기능 같은 경우는 SpringSercurity를 사용해서 구현해 봐서 SpringSercurity 없이 구현은 처음이었습니다.
HandlerMethodArgumentResolver를 사용해 컨트롤러 진입 전 Cookie 값을 확인하여 멤버 정보를 확인했습니다.
HandlerInterceptor를 사용해 �컨트롤러� 진입하기 전에 Cookie 값을 확인하여 role를 확인했습니다.
고민한 점, 공부할 점
어떻게 코드 인증(token)과 기본 로직을 분리시킬지 고민했습니다.
SpringSecurity를 사용한 것과 어떠한 차이가 있는지 깊게 공부해야겠습니다.