Feature: OidcProvider 구현 및 Spring Security 초기 설정 #8
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
YongsHub
approved these changes
May 3, 2024
| import org.springframework.security.web.SecurityFilterChain; | ||
|
|
||
| @Configuration | ||
| @EnableWebSecurity |
There was a problem hiding this comment.
Apache Shiro security, Apache Geode's Integrated Security framework 등등 모르는게 많은데 추상화가 진짜 잘 되어 있네요 ㅋㅋㅋ
| private Customizer<AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry> setAuthorizePath() { | ||
| return authorizeHttpRequests -> authorizeHttpRequests | ||
| .requestMatchers("/api/v1/**").permitAll() | ||
| // .requestMatchers("/api/v1/**").hasAnyRole("USER", "MERCHANT", "ADMIN") |
There was a problem hiding this comment.
이게 User Model에 있는 role과 관련이 있는거죠??!
Comment on lines
+24
to
+25
| OidcPublicKey publicKey = publicKeys.getMatchedKey(tokenHeaders.get("kid"), tokenHeaders.get("alg")); | ||
|
|
There was a problem hiding this comment.
kid가 정확히 뭔가요?? alg는 알고리즘이라고 설명해주셔서 알겠는데 잘 모르겠네요
There was a problem hiding this comment.
토큰을 검증하는 키 식별자라고 생각하시면 될것 같아요 ! k가 key입니다.
|
|
||
| import com.fasterxml.jackson.databind.ObjectMapper; | ||
|
|
||
| public abstract class OidcProvider { |
There was a problem hiding this comment.
abstract vs interface, 추상 클래스를 선택한 이유가 있나요??
There was a problem hiding this comment.
이전 버전의 커밋으로 리뷰가 된거 같은데, interface로 교체했습니다 ! 아시다시피 보통 추상클래스는 확장, 인터페이스는 추상화를 위해서 사용하고, 해당 경우는 추상화를 활용하는게 맞아보여 교체했습니다.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#4
(설명으로 대체합니다)
아직 인증 필터는 구현하지 않았으나 기본적인 Spring Security 설정을 마무리했습니다. 인증은 다음과 같은 Flow로 진행됩니다.
토큰 파싱후 JwtProvider로 전달getAuthentication메서드에서 인증 정보 확인 후 Authentication 리턴SecurityContext에 Authentication 저장id token을 활용하는 oidc 인증에 대한 설명은 다음과 같습니다.
id token전달공개 키 리스트를 받음id token과 kid, 알고리즘이 동일한 공개 키를 얻음provider id를 얻어냄해당 기능 구현은 도메인 모델과 관련이 없어 추상화와 책임 분리에만 초점을 맞추어 구현했습니다. 다른 방향성이 있다면 편하게 말씀해주시고, 테스트의 경우, Filter를 구현하면서 작성해 올리겠습니다.
다음 테스크 순서는
Filter 및 ArgumentResolver 구현→애플리케이션 로직 작성→API 구현입니다.