[Docs] week7 & [Feat] Security & JWT 구현 #64
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Juser0
approved these changes
May 27, 2024
| private final JwtProvider jwtProvider; | ||
| @Bean | ||
| public static BCryptPasswordEncoder bCryptPasswordEncoder() { | ||
| public static BCryptPasswordEncoder passwordEncoder() { |
There was a problem hiding this comment.
여기서 static class로 빈을 등록한 이유는?
그럴거면 따로 클래스를 만들어도 되지 않아?
| .sessionManagement(session -> session | ||
| .sessionCreationPolicy(SessionCreationPolicy.STATELESS)) | ||
| .addFilterBefore(new JwtAuthenticationFilter(jwtProvider), UsernamePasswordAuthenticationFilter.class); | ||
| return http.build(); | ||
| } | ||
|
|
||
|
|
||
| @Bean | ||
| public AuthenticationProvider authenticationProvider(){ |
There was a problem hiding this comment.
이거는 언제 쓰는 거야?
이것도 따로 클래스로 빼도 괜찮지 않을까?
| return new BCryptPasswordEncoder(); | ||
| } | ||
|
|
||
| @Bean | ||
| public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { | ||
| http | ||
| .httpBasic(AbstractHttpConfigurer::disable) | ||
| .csrf(AbstractHttpConfigurer::disable) | ||
|
|
||
| //접근 제어 |
There was a problem hiding this comment.
접근 제어를 다루는 부분이 100개면 100개의 requestMatchers를 적어줘야 할까?
| @Override | ||
| public UserDetails loadUserByUsername(String userId) throws CustomException { | ||
| return memberRepository.findByUserId(userId) | ||
| .orElseThrow(()-> new CustomException(HttpStatus.UNAUTHORIZED, ErrorCode.NO_AUTHENTICATION_MEMBER)); | ||
| Member member = memberRepository.findByUserId(userId) |
There was a problem hiding this comment.
해당 메서드는 결국 member의 정보를 가져오는 건데 리턴을 할 때는 왜 user.builder로 인스턴스화 해서 보내주는거야?
| @@ -28,25 +36,37 @@ public SecretKey getSecretKey() { | |||
| return Keys.hmacShaKeyFor(Decoders.BASE64.decode(secretKey)); | |||
| } | |||
|
|
|||
| public JwtDTO createToken(String userId) { | |||
| public JwtDTO createToken(Authentication authentication) { | |||
| log.info("createToken 메소드 들어옴"); | |||
| Date now = new Date(); | |||
There was a problem hiding this comment.
Date 타입은 Java 8부터 Deprecated 됐는데 해당 타입을 사용한 이유가 있을까?
| @@ -28,25 +36,37 @@ public SecretKey getSecretKey() { | |||
| return Keys.hmacShaKeyFor(Decoders.BASE64.decode(secretKey)); | |||
| } | |||
|
|
|||
| public JwtDTO createToken(String userId) { | |||
| public JwtDTO createToken(Authentication authentication) { | |||
There was a problem hiding this comment.
토큰을 만들 때 authentication 객체를 담는 이유가 뭐야?
| @@ -7,11 +7,13 @@ | |||
| @Getter | |||
| @Setter | |||
| public class JwtDTO { | |||
| private String grantType; | |||
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
📋 이슈 내용
close #60
close #61
✅ 체크리스트
📚 레퍼런스