-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Spring MVC] 인상진 미션 제출합니다. #83
base: sangjin6439
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
고생하셨습니다!
@Override | ||
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception { | ||
HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest(); | ||
String token = memberService.extractTokenFromCookie(request.getCookies()); | ||
MemberResponse member = memberService.findByToken(token); | ||
return new LoginMember(member.getId(), member.getName(), member.getEmail(), "USER"); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
누가 로그인을 하더라도 LoginMember의 객체에서 role 필드는 항상 "USER"인 것인가요??
@Override | ||
public void addInterceptors(InterceptorRegistry registry) { | ||
registry.addInterceptor(roleHandler) | ||
.addPathPatterns("/admin/**"); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"/admin/**"
와 같은 Ant 경로 패턴 사용 굳!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ant 경로 패턴을 사용하셨는데, 이 패턴을 사용하면 어떤 단점이 있을까요?
어노테이션을 사용하는 방식과 같은 다른 방식을 고려해보셨나요?
public MemberResponse findByToken(String token) { | ||
Long memberId = Long.valueOf(Jwts.parserBuilder() | ||
.setSigningKey(Keys.hmacShaKeyFor("Yn2kjibddFAWtnPJ2AFlL8WXmohJMCvigQggaEypa5E=".getBytes())) | ||
.build() | ||
.parseClaimsJws(token) | ||
.getBody().getSubject()); | ||
Member member = memberDao.findById(memberId); | ||
return new MemberResponse(member.getId(), member.getName(), member.getEmail(), member.getRole()); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
여기도 토큰 서명을 위한 비밀 키를 상수로 빼면 더 좋을 것 같아요! (다른 코드에서는 빼셔서 말씀드려요!)
public String createToken(MemberResponse memberResponse){ | ||
String accessToken = tokenProvider.createToken(new Member(memberResponse.getId(), memberResponse.getName(), memberResponse.getEmail(), "USER")); | ||
return accessToken; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
항상 만들어진 token의 role 필드 claim은 USER인건가요?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
고생하셨습니다 👍🏻
@Override | ||
public void addInterceptors(InterceptorRegistry registry) { | ||
registry.addInterceptor(roleHandler) | ||
.addPathPatterns("/admin/**"); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ant 경로 패턴을 사용하셨는데, 이 패턴을 사용하면 어떤 단점이 있을까요?
어노테이션을 사용하는 방식과 같은 다른 방식을 고려해보셨나요?
@@ -0,0 +1,31 @@ | |||
package roomescape.global; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
패키지 구조를 global
로 설정하신 이유가 있을까요?
public ResponseEntity create(@RequestBody ReservationRequest reservationRequest) { | ||
if (reservationRequest.getName() == null | ||
|| reservationRequest.getDate() == null | ||
|| reservationRequest.getTheme() == null | ||
|| reservationRequest.getTime() == null) { | ||
return ResponseEntity.badRequest().build(); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
save
메서드를 호출할 때, 이름을 제외한 다른 필드들이 null
인 경우에 대한 처리는 어디서 이루어지나요?
@Test | ||
void 이단계() { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
테스트 코드 메서드명을 한글로 작성할 경우에 제약이 생길 수 있는 것으로 알고 있어요!
테스트 코드 메서드 명명규칙에 대해서 알아보시면 좋을 것 같습니다 :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
수고하셨습니다~!
import roomescape.member.MemberService; | ||
|
||
@Component | ||
public class LoginMemberArgumentResolver implements HandlerMethodArgumentResolver { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
HandlerMethodArgumentResolver를 사용하는 이유는 무엇인가요? 어떤 장점이 있나요?
.compact(); | ||
return accessToken; | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
EOL(파일 마지막 줄 공백)을 지키면 좋을 거 같습니다!
private final LoginMemberArgumentResolver loginMemberArgumentResolver; | ||
private final RoleHandler roleHandler; | ||
|
||
public WebConfig(LoginMemberArgumentResolver loginMemberArgumentResolver, final RoleHandler roleHandler) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
final RoleHandler roleHandler
여기만 한번더 final을 붙인 이유가 있을까요?
구현
토큰을 사용하여 로그인 기능
로그인한 유저만 예약 생성 기능
어드민 페이지 진입은 admin권한이 있는 사람만 할 수 있도록 제한 기능
느낀 점
로그인 기능 같은 경우는 SpringSercurity를 사용해서 구현해 봐서 SpringSercurity 없이 구현은 처음이었습니다.
HandlerMethodArgumentResolver를 사용해 컨트롤러 진입 전 Cookie 값을 확인하여 멤버 정보를 확인했습니다.
HandlerInterceptor를 사용해 �컨트롤러� 진입하기 전에 Cookie 값을 확인하여 role를 확인했습니다.
고민한 점, 공부할 점
어떻게 코드 인증(token)과 기본 로직을 분리시킬지 고민했습니다.
SpringSecurity를 사용한 것과 어떠한 차이가 있는지 깊게 공부해야겠습니다.