diff --git a/src/main/java/study/spring_boot_c/domain/member/domain/entity/Manner.java b/src/main/java/study/spring_boot_c/domain/member/domain/entity/Manner.java index 78b71ca..652241f 100644 --- a/src/main/java/study/spring_boot_c/domain/member/domain/entity/Manner.java +++ b/src/main/java/study/spring_boot_c/domain/member/domain/entity/Manner.java @@ -19,11 +19,11 @@ public class Manner extends BaseEntity { private int score; @ManyToOne(fetch = FetchType.LAZY) - @JoinColumn(name = "member_id", nullable = false) + @JoinColumn(name = "evaluatee_id", nullable = false) private Member evaluatee; @ManyToOne(fetch = FetchType.LAZY) - @JoinColumn(name = "member_id", nullable = false) + @JoinColumn(name = "evaluator_id", nullable = false) private Member evaluator; } diff --git a/src/main/java/study/spring_boot_c/domain/member/domain/entity/SaleReview.java b/src/main/java/study/spring_boot_c/domain/member/domain/entity/SaleReview.java index 2b8bfba..b3745d3 100644 --- a/src/main/java/study/spring_boot_c/domain/member/domain/entity/SaleReview.java +++ b/src/main/java/study/spring_boot_c/domain/member/domain/entity/SaleReview.java @@ -22,11 +22,11 @@ public class SaleReview extends BaseEntity { private String content; @ManyToOne(fetch = FetchType.LAZY) - @JoinColumn(name = "member_id", nullable = false) + @JoinColumn(name = "reviewer_id", nullable = false) private Member reviewer; @ManyToOne(fetch = FetchType.LAZY) - @JoinColumn(name = "member_id", nullable = false) + @JoinColumn(name = "reviwee_id", nullable = false) private Member reviewee; @ManyToOne(fetch = FetchType.LAZY) diff --git a/src/main/java/study/spring_boot_c/domain/notification/domain/entity/CarrotNotification.java b/src/main/java/study/spring_boot_c/domain/notification/domain/entity/CarrotNotification.java index c152b62..107bc2e 100644 --- a/src/main/java/study/spring_boot_c/domain/notification/domain/entity/CarrotNotification.java +++ b/src/main/java/study/spring_boot_c/domain/notification/domain/entity/CarrotNotification.java @@ -19,11 +19,11 @@ public class CarrotNotification extends BaseEntity { private int score; @ManyToOne(fetch = FetchType.LAZY) - @JoinColumn(name = "member_id", nullable = false) + @JoinColumn(name = "evaluatee_id", nullable = false) private Member evaluatee; @ManyToOne(fetch = FetchType.LAZY) - @JoinColumn(name = "member_id", nullable = false) + @JoinColumn(name = "evaluator_id", nullable = false) private Member evaluator; } diff --git a/src/main/java/study/spring_boot_c/domain/notification/domain/repository/CarrotNotificationRepository.java b/src/main/java/study/spring_boot_c/domain/notification/domain/repository/CarrotNotificationRepository.java index e7253b6..b343496 100644 --- a/src/main/java/study/spring_boot_c/domain/notification/domain/repository/CarrotNotificationRepository.java +++ b/src/main/java/study/spring_boot_c/domain/notification/domain/repository/CarrotNotificationRepository.java @@ -1,6 +1,7 @@ package study.spring_boot_c.domain.notification.domain.repository; import org.springframework.data.jpa.repository.JpaRepository; +import study.spring_boot_c.domain.notification.domain.entity.CarrotNotification; -public interface CarrotNotificationRepository extends JpaRepository { +public interface CarrotNotificationRepository extends JpaRepository { } diff --git a/src/main/java/study/spring_boot_c/domain/product/domain/entity/Product.java b/src/main/java/study/spring_boot_c/domain/product/domain/entity/Product.java index 8816a6f..2de5c11 100644 --- a/src/main/java/study/spring_boot_c/domain/product/domain/entity/Product.java +++ b/src/main/java/study/spring_boot_c/domain/product/domain/entity/Product.java @@ -41,11 +41,11 @@ public class Product extends BaseEntity { private Category category; @ManyToOne(fetch = FetchType.LAZY) - @JoinColumn(name = "member_id", nullable = false) + @JoinColumn(name = "seller_id", nullable = false) private Member seller; @ManyToOne(fetch = FetchType.LAZY) - @JoinColumn(name = "member_id", nullable = false) + @JoinColumn(name = "buyer_id", nullable = false) private Member buyer; } diff --git a/src/main/java/study/spring_boot_c/global/config/SecurityConfig.java b/src/main/java/study/spring_boot_c/global/config/SecurityConfig.java new file mode 100644 index 0000000..d803820 --- /dev/null +++ b/src/main/java/study/spring_boot_c/global/config/SecurityConfig.java @@ -0,0 +1,75 @@ +package study.spring_boot_c.global.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.core.annotation.Order; +import org.springframework.security.access.hierarchicalroles.RoleHierarchy; +import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl; +import org.springframework.security.config.Customizer; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; + +@EnableWebSecurity +@Configuration +public class SecurityConfig { + + /* + Swagger 접속을 위한 위한 Spring Security 입니다. + */ + @Bean + @Order(1) + public SecurityFilterChain swaggerFilterChain(HttpSecurity http) throws Exception { + http.securityMatcher("/swagger-ui/**") + .authorizeHttpRequests( + auth -> auth.anyRequest().hasRole("ADMIN") // swagger-ui 접근은 admin 이상 권한 요구 + ).formLogin(Customizer.withDefaults()) + .sessionManagement( + session -> session.invalidSessionUrl("/login") // 세션 만료시 로그인 페이지로 이동 + .maximumSessions(4)) // ADMIN 로그인 4명까지 가능 (스터디원 4명) + .csrf( + csrf -> csrf.disable()); // csrf 끄기 + + + + return http.build(); + } + + @Bean + @Order(2) + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + http.authorizeHttpRequests(authorize -> authorize.anyRequest() + .permitAll()) + .csrf( + csrf -> csrf.disable()) + .formLogin(Customizer.withDefaults()); // 임시 테스트 용으로, 일단 swagger 제외한 모든 api 제한없이 접근 가능 + + return http.build(); + } + + /* + 임시 유저 정보들... + */ + @Bean + public UserDetailsService userDetailsService(){ + UserDetails user = User.withUsername("user").password("{noop}1111").roles("USER").build(); + UserDetails admin = User.withUsername("admin").password("{noop}1111").roles("ADMIN").build(); + return new InMemoryUserDetailsManager(user, admin); + } + + /* + role 간의 계층적 구조 추가를 위하여 Hierarchy를 추가합니다. + 상위 role은 하위 role의 권한이 필요하더라도 접근할 수 있습니다. + (Hierarchy 설정을 안하면 접근 못합니다!) + */ + @Bean + public RoleHierarchy roleHierarchy() { + return RoleHierarchyImpl.fromHierarchy( + "ROLE_ADMIN > ROLE_USER" + ); + } +} diff --git a/src/main/java/study/spring_boot_c/global/config/SwaggerConfig.java b/src/main/java/study/spring_boot_c/global/config/SwaggerConfig.java index 9735630..ac2b7bb 100644 --- a/src/main/java/study/spring_boot_c/global/config/SwaggerConfig.java +++ b/src/main/java/study/spring_boot_c/global/config/SwaggerConfig.java @@ -16,7 +16,7 @@ public class SwaggerConfig { public OpenAPI stewAPI() { Info info = new Info() .title("구름톤 당근 마켓 API") - .description("당근 맡켓 API 명세서") + .description("당근 마켓 API 명세서") .version("1.0.0"); String jwtSchemeName = "JWT TOKEN";