9oormthon-UNIV-SSU · wnd01jun · Apr 7, 2025 · Apr 7, 2025 · Apr 7, 2025 · Apr 7, 2025
diff --git a/src/main/java/study/spring_boot_c/domain/member/domain/entity/Manner.java b/src/main/java/study/spring_boot_c/domain/member/domain/entity/Manner.java
@@ -19,11 +19,11 @@ public class Manner extends BaseEntity {
     private int score;
 
     @ManyToOne(fetch = FetchType.LAZY)
-    @JoinColumn(name = "member_id", nullable = false)
+    @JoinColumn(name = "evaluatee_id", nullable = false)
     private Member evaluatee;
 
     @ManyToOne(fetch = FetchType.LAZY)
-    @JoinColumn(name = "member_id", nullable = false)
+    @JoinColumn(name = "evaluator_id", nullable = false)
     private Member evaluator;
 
 }
diff --git a/src/main/java/study/spring_boot_c/domain/member/domain/entity/SaleReview.java b/src/main/java/study/spring_boot_c/domain/member/domain/entity/SaleReview.java
@@ -22,11 +22,11 @@ public class SaleReview extends BaseEntity {
     private String content;
 
     @ManyToOne(fetch = FetchType.LAZY)
-    @JoinColumn(name = "member_id", nullable = false)
+    @JoinColumn(name = "reviewer_id", nullable = false)
     private Member reviewer;
 
     @ManyToOne(fetch = FetchType.LAZY)
-    @JoinColumn(name = "member_id", nullable = false)
+    @JoinColumn(name = "reviwee_id", nullable = false)
     private Member reviewee;
 
     @ManyToOne(fetch = FetchType.LAZY)

diff --git a/src/main/java/study/spring_boot_c/domain/notification/domain/entity/CarrotNotification.java b/src/main/java/study/spring_boot_c/domain/notification/domain/entity/CarrotNotification.java
@@ -19,11 +19,11 @@ public class CarrotNotification extends BaseEntity {
     private int score;
 
     @ManyToOne(fetch = FetchType.LAZY)
-    @JoinColumn(name = "member_id", nullable = false)
+    @JoinColumn(name = "evaluatee_id", nullable = false)
     private Member evaluatee;
 
     @ManyToOne(fetch = FetchType.LAZY)
-    @JoinColumn(name = "member_id", nullable = false)
+    @JoinColumn(name = "evaluator_id", nullable = false)
     private Member evaluator;
 
 }

diff --git a/...udy/spring_boot_c/domain/notification/domain/repository/CarrotNotificationRepository.java b/...udy/spring_boot_c/domain/notification/domain/repository/CarrotNotificationRepository.java
@@ -1,6 +1,7 @@
 package study.spring_boot_c.domain.notification.domain.repository;
 
 import org.springframework.data.jpa.repository.JpaRepository;
+import study.spring_boot_c.domain.notification.domain.entity.CarrotNotification;
 
-public interface CarrotNotificationRepository extends JpaRepository<CarrotNotificationRepository,Long> {
+public interface CarrotNotificationRepository extends JpaRepository<CarrotNotification,Long> {
 }
diff --git a/src/main/java/study/spring_boot_c/domain/product/domain/entity/Product.java b/src/main/java/study/spring_boot_c/domain/product/domain/entity/Product.java
@@ -41,11 +41,11 @@ public class Product extends BaseEntity {
     private Category category;
 
     @ManyToOne(fetch = FetchType.LAZY)
-    @JoinColumn(name = "member_id", nullable = false)
+    @JoinColumn(name = "seller_id", nullable = false)
     private Member seller;
 
     @ManyToOne(fetch = FetchType.LAZY)
-    @JoinColumn(name = "member_id", nullable = false)
+    @JoinColumn(name = "buyer_id", nullable = false)
     private Member buyer;
 
 }
diff --git a/src/main/java/study/spring_boot_c/global/config/SecurityConfig.java b/src/main/java/study/spring_boot_c/global/config/SecurityConfig.java
@@ -0,0 +1,75 @@
+package study.spring_boot_c.global.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
+import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+
+@EnableWebSecurity
+@Configuration
+public class SecurityConfig {
+
+    /*
+        Swagger 접속을 위한 위한 Spring Security 입니다.
+     */
+    @Bean
+    @Order(1)
+    public SecurityFilterChain swaggerFilterChain(HttpSecurity http) throws Exception {
+        http.securityMatcher("/swagger-ui/**")
+                .authorizeHttpRequests(
+                        auth -> auth.anyRequest().hasRole("ADMIN") // swagger-ui 접근은 admin 이상 권한 요구
+                ).formLogin(Customizer.withDefaults())
+                .sessionManagement(
+                        session -> session.invalidSessionUrl("/login") // 세션 만료시 로그인 페이지로 이동
+                                .maximumSessions(4)) // ADMIN 로그인 4명까지 가능 (스터디원 4명)
+                .csrf(
+                        csrf -> csrf.disable()); // csrf 끄기
+
+
+
+        return http.build();
+    }
+
+    @Bean
+    @Order(2)
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http.authorizeHttpRequests(authorize -> authorize.anyRequest()
+                .permitAll())
+                .csrf(
+                        csrf -> csrf.disable())
+                .formLogin(Customizer.withDefaults()); // 임시 테스트 용으로, 일단 swagger 제외한 모든 api 제한없이 접근 가능
+
+        return http.build();
+    }
+
+    /*
+        임시 유저 정보들...
+     */
+    @Bean
+    public UserDetailsService userDetailsService(){
+        UserDetails user = User.withUsername("user").password("{noop}1111").roles("USER").build();
+        UserDetails admin = User.withUsername("admin").password("{noop}1111").roles("ADMIN").build();
+        return  new InMemoryUserDetailsManager(user, admin);
+    }
+
+    /*
+        role 간의 계층적 구조 추가를 위하여 Hierarchy를 추가합니다.
+        상위 role은 하위 role의 권한이 필요하더라도 접근할 수 있습니다.
+        (Hierarchy 설정을 안하면 접근 못합니다!)
+     */
+    @Bean
+    public RoleHierarchy roleHierarchy() {
+        return RoleHierarchyImpl.fromHierarchy(
+                "ROLE_ADMIN > ROLE_USER"
+        );
+    }
+}
diff --git a/src/main/java/study/spring_boot_c/global/config/SwaggerConfig.java b/src/main/java/study/spring_boot_c/global/config/SwaggerConfig.java
@@ -16,7 +16,7 @@ public class SwaggerConfig {
     public OpenAPI stewAPI() {
         Info info = new Info()
                 .title("구름톤 당근 마켓 API")
-                .description("당근 맡켓 API 명세서")
+                .description("당근 마켓 API 명세서")
                 .version("1.0.0");
 
         String jwtSchemeName = "JWT TOKEN";