Skip to content

[Spring MVC] 인상진 미션 제출합니다.#83

Open
sangjin6439 wants to merge 3 commits intonext-step:sangjin6439from
sangjin6439:SpringMVC
Open

[Spring MVC] 인상진 미션 제출합니다.#83
sangjin6439 wants to merge 3 commits intonext-step:sangjin6439from
sangjin6439:SpringMVC

Conversation

@sangjin6439
Copy link
Copy Markdown

@sangjin6439 sangjin6439 commented Jul 27, 2024

구현

토큰을 사용하여 로그인 기능
로그인한 유저만 예약 생성 기능
어드민 페이지 진입은 admin권한이 있는 사람만 할 수 있도록 제한 기능

느낀 점

로그인 기능 같은 경우는 SpringSercurity를 사용해서 구현해 봐서 SpringSercurity 없이 구현은 처음이었습니다.

HandlerMethodArgumentResolver를 사용해 컨트롤러 진입 전 Cookie 값을 확인하여 멤버 정보를 확인했습니다.

HandlerInterceptor를 사용해 �컨트롤러� 진입하기 전에 Cookie 값을 확인하여 role를 확인했습니다.

고민한 점, 공부할 점

어떻게 코드 인증(token)과 기본 로직을 분리시킬지 고민했습니다.
SpringSecurity를 사용한 것과 어떠한 차이가 있는지 깊게 공부해야겠습니다.

YehyeokBang
YehyeokBang suggested changes Jul 28, 2024
View reviewed changes
Copy link
Copy Markdown

@YehyeokBang YehyeokBang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

고생하셨습니다!

src/main/java/roomescape/global/LoginMemberArgumentResolver.java
Comment on lines +27 to +33
@Override
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception {
HttpServletRequest request = (HttpServletRequest) webRequest.getNativeRequest();
String token = memberService.extractTokenFromCookie(request.getCookies());
MemberResponse member = memberService.findByToken(token);
return new LoginMember(member.getId(), member.getName(), member.getEmail(), "USER");
}
Copy link
Copy Markdown

@YehyeokBang YehyeokBang Jul 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

누가 로그인을 하더라도 LoginMember의 객체에서 role 필드는 항상 "USER"인 것인가요??

src/main/java/roomescape/global/WebConfig.java
Comment on lines +27 to +31
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(roleHandler)
.addPathPatterns("/admin/**");
}
Copy link
Copy Markdown

@YehyeokBang YehyeokBang Jul 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"/admin/**"와 같은 Ant 경로 패턴 사용 굳!

Copy link
Copy Markdown

@dd-jiyun dd-jiyun Jul 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ant 경로 패턴을 사용하셨는데, 이 패턴을 사용하면 어떤 단점이 있을까요?
어노테이션을 사용하는 방식과 같은 다른 방식을 고려해보셨나요?

src/main/java/roomescape/member/MemberService.java
Comment on lines +31 to +39
public MemberResponse findByToken(String token) {
Long memberId = Long.valueOf(Jwts.parserBuilder()
.setSigningKey(Keys.hmacShaKeyFor("Yn2kjibddFAWtnPJ2AFlL8WXmohJMCvigQggaEypa5E=".getBytes()))
.build()
.parseClaimsJws(token)
.getBody().getSubject());
Member member = memberDao.findById(memberId);
return new MemberResponse(member.getId(), member.getName(), member.getEmail(), member.getRole());
}
Copy link
Copy Markdown

@YehyeokBang YehyeokBang Jul 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

여기도 토큰 서명을 위한 비밀 키를 상수로 빼면 더 좋을 것 같아요! (다른 코드에서는 빼셔서 말씀드려요!)

src/main/java/roomescape/member/MemberService.java
Comment on lines +50 to +53
public String createToken(MemberResponse memberResponse){
String accessToken = tokenProvider.createToken(new Member(memberResponse.getId(), memberResponse.getName(), memberResponse.getEmail(), "USER"));
return accessToken;
}
Copy link
Copy Markdown

@YehyeokBang YehyeokBang Jul 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

항상 만들어진 token의 role 필드 claim은 USER인건가요?

dd-jiyun
dd-jiyun reviewed Jul 28, 2024
View reviewed changes
Copy link
Copy Markdown

@dd-jiyun dd-jiyun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

고생하셨습니다 👍🏻

src/main/java/roomescape/global/WebConfig.java
Comment on lines +27 to +31
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(roleHandler)
.addPathPatterns("/admin/**");
}
Copy link
Copy Markdown

@dd-jiyun dd-jiyun Jul 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ant 경로 패턴을 사용하셨는데, 이 패턴을 사용하면 어떤 단점이 있을까요?
어노테이션을 사용하는 방식과 같은 다른 방식을 고려해보셨나요?

src/main/java/roomescape/global/LoginMember.java
@@ -0,0 +1,31 @@
package roomescape.global;
Copy link
Copy Markdown

@dd-jiyun dd-jiyun Jul 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

패키지 구조를 global로 설정하신 이유가 있을까요?

src/main/java/roomescape/reservation/ReservationController.java
Comment on lines -29 to -35
public ResponseEntity create(@RequestBody ReservationRequest reservationRequest) {
if (reservationRequest.getName() == null
|| reservationRequest.getDate() == null
|| reservationRequest.getTheme() == null
|| reservationRequest.getTime() == null) {
return ResponseEntity.badRequest().build();
}
Copy link
Copy Markdown

@dd-jiyun dd-jiyun Jul 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

save 메서드를 호출할 때, 이름을 제외한 다른 필드들이 null인 경우에 대한 처리는 어디서 이루어지나요?

src/test/java/roomescape/MissionStepTest.java
Comment on lines +56 to +58
@Test
void 이단계() {

Copy link
Copy Markdown

@dd-jiyun dd-jiyun Jul 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

테스트 코드 메서드명을 한글로 작성할 경우에 제약이 생길 수 있는 것으로 알고 있어요!
테스트 코드 메서드 명명규칙에 대해서 알아보시면 좋을 것 같습니다 :)

shinheekim
shinheekim suggested changes Aug 2, 2024
View reviewed changes
Copy link
Copy Markdown

@shinheekim shinheekim left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

수고하셨습니다~!

src/main/java/roomescape/global/LoginMemberArgumentResolver.java
import roomescape.member.MemberService;

@Component
public class LoginMemberArgumentResolver implements HandlerMethodArgumentResolver {
Copy link
Copy Markdown

@shinheekim shinheekim Aug 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HandlerMethodArgumentResolver를 사용하는 이유는 무엇인가요? 어떤 장점이 있나요?

src/main/java/roomescape/global/TokenProvider.java
.compact();
return accessToken;
}
} No newline at end of file
Copy link
Copy Markdown

@shinheekim shinheekim Aug 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

EOL(파일 마지막 줄 공백)을 지키면 좋을 거 같습니다!

src/main/java/roomescape/global/WebConfig.java
private final LoginMemberArgumentResolver loginMemberArgumentResolver;
private final RoleHandler roleHandler;

public WebConfig(LoginMemberArgumentResolver loginMemberArgumentResolver, final RoleHandler roleHandler) {
Copy link
Copy Markdown

@shinheekim shinheekim Aug 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

final RoleHandler roleHandler 여기만 한번더 final을 붙인 이유가 있을까요?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

3 more reviewers

@YehyeokBang YehyeokBang YehyeokBang requested changes

@dd-jiyun dd-jiyun dd-jiyun approved these changes

@shinheekim shinheekim shinheekim approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sangjin6439 @dd-jiyun @YehyeokBang @shinheekim