Spring Auth

less than 1 minute read

Spring Auth 학습 테스트

  1. HttpSession
    session 주입
    @RequestMapping(..)
    public void fooMethod(HttpSession session) {
     session.setAttribute(Constants.FOO, new Foo());
     //...
     Foo foo = (Foo) session.getAttribute(Constants.FOO);
    }
    

session 얻기

ServletRequestAttributes attr = (ServletRequestAttributes) 
    RequestContextHolder.currentRequestAttributes();
HttpSession session= attr.getRequest().getSession(true); // true == allow create
  • session에 인증 정보 저장, 로그인 정보 추출
    @PostMapping("/login/session")
    public ResponseEntity sessionLogin(HttpServletRequest request, HttpSession session) {
      Map<String, String[]> paramMap = request.getParameterMap();
      String email = paramMap.get(USERNAME_FIELD)[0];
      String password = paramMap.get(PASSWORD_FIELD)[0];
      if (authService.checkInvalidLogin(email, password)) {
          throw new AuthorizationException();
      }
      session.setAttribute(SESSION_KEY, email);
      return ResponseEntity.ok().build();
    }
    
  • session을 통해 인증 정보 조회
    @GetMapping("/members/me")
    public ResponseEntity findMyInfo(HttpSession session) {
      String email = (String) session.getAttribute(SESSION_KEY);
      MemberResponse member = authService.findMember(email);
      return ResponseEntity.ok().body(member);
    }
    
    1. @RequestParam / HttpServletRequest
  • tokenRequest 값을 메서드 파라미터로 받아오기
    @PostMapping("/login/token")
    public ResponseEntity tokenLogin(@RequestBody TokenRequest tokenRequest) {
      TokenResponse tokenResponse = authService.createToken(tokenRequest);
      return ResponseEntity.ok().body(tokenResponse);
    }
    
  • authorization 헤더의 bearer 값 추출
    @GetMapping("/members/you")
    public ResponseEntity findYourInfo(HttpServletRequest request) {
      String token = AuthorizationExtractor.extract(request);
      MemberResponse member = authService.findMemberByToken(token);
      return ResponseEntity.ok().body(member);
    }