Skip to content

[기믕] Chapter 8. Spring Security - Security 구조, 폼 로그인#120

Open
ennseo wants to merge 3 commits into
gimeung/mainfrom
gimeung/#116
Open

[기믕] Chapter 8. Spring Security - Security 구조, 폼 로그인#120
ennseo wants to merge 3 commits into
gimeung/mainfrom
gimeung/#116

Conversation

@ennseo
Copy link
Copy Markdown

@ennseo ennseo commented May 24, 2026
edited
Loading

✏️ 작업 내용

#️⃣ 연관된 이슈

closes #116


💡 함께 공유하고 싶은 부분

해당 주차를 공부하면서 함께 이야기하고 싶은 주제를 남겨주세요.

(어려웠던 부분과 해결 과정, 핵심 코드, 참고한 자료 등)


🤔 질문

해당 주차 워크북을 공부하면서 궁금했던 질문들을 남겨주세요.


✅ 워크북 체크리스트

  • 모든 핵심 키워드 정리를 마쳤나요?
  • 핵심 키워드에 대해 완벽히 이해하셨나요?
  • 이론 학습 이후 직접 실습을 해보는 시간을 가졌나요?
  • 미션을 수행하셨나요?
  • 미션을 기록하셨나요?

✅ 컨벤션 체크리스트

  • 디렉토리 구조 컨벤션을 잘 지켰나요?
  • pr 제목을 컨벤션에 맞게 작성하였나요?
  • pr에 해당되는 이슈를 연결하였나요?
  • 적절한 라벨을 설정하였나요?
  • 스터디원들에게 code review를 요청하기 위해 reviewer를 등록하였나요?
  • 닉네임/main 브랜치의 최신 상태를 반영하고 있는지 확인했나요?

📌 주안점

@ennseo ennseo requested review from CokaNuri and Copilot May 24, 2026 12:44
@ennseo ennseo self-assigned this May 24, 2026
@ennseo ennseo requested a review from a team May 24, 2026 12:44
@ennseo ennseo added the 🚀Week 8 8주차 워크북 미션 label May 24, 2026
Copilot AI reviewed May 24, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Spring Security를 프로젝트에 도입해 폼 로그인 기반 인증을 적용하고, 회원가입 시 비밀번호를 BCrypt로 인코딩하여 저장하도록 확장한 PR입니다. 또한 인증/인가 실패 시 응답 포맷을 기존 ApiResponse 규격으로 통일하기 위한 핸들러를 추가했습니다.

Changes:

  • Spring Security(formLogin) 설정 및 Public/Private API 접근 제어 추가
  • 인증/인가 실패(401/403) 시 ApiResponse.onFailure(...)로 응답 통일하는 핸들러 추가
  • 회원가입 시 비밀번호 저장(BCrypt 인코딩) 및 이메일 기반 조회(findByEmail) 지원

Reviewed changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
src/main/java/com/example/umc10th/global/security/service/CustomUserDetailsService.java 이메일로 회원 조회 후 UserDetails 제공
src/main/java/com/example/umc10th/global/security/handler/CustomAuthenticationEntryPoint.java 미인증(401) 시 공통 에러 응답(JSON) 반환
src/main/java/com/example/umc10th/global/security/handler/CustomAccessDeniedHandler.java 접근 거부(403) 시 공통 에러 응답(JSON) 반환
src/main/java/com/example/umc10th/global/security/entity/AuthMember.java MemberUserDetails로 감싸는 어댑터
src/main/java/com/example/umc10th/global/config/SecurityConfig.java SecurityFilterChain, allowlist, formLogin/logout, 예외 핸들러 구성
src/main/java/com/example/umc10th/domain/member/service/MemberService.java 회원가입 시 비밀번호 BCrypt 인코딩 저장
src/main/java/com/example/umc10th/domain/member/repository/MemberRepository.java 이메일 조회용 findByEmail 추가
src/main/java/com/example/umc10th/domain/member/entity/Member.java password 컬럼 추가
build.gradle Spring Security 의존성 추가

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/main/java/com/example/umc10th/global/security/service/CustomUserDetailsService.java
Comment on lines +24 to +28

Member member = memberRepository.findByEmail(username)
.orElseThrow(() -> new MemberException(MemberErrorCode.MEMBER_NOT_FOUND));

return new AuthMember(member);
Comment thread src/main/java/com/example/umc10th/global/security/handler/CustomAuthenticationEntryPoint.java
Comment on lines +11 to +22

import java.io.IOException;

public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {

@Override
public void commence(
HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException
) throws IOException {
ObjectMapper objectMapper = new ObjectMapper();
Comment thread src/main/java/com/example/umc10th/global/security/handler/CustomAccessDeniedHandler.java
Comment on lines +22 to +23
ObjectMapper objectMapper = new ObjectMapper();
BaseErrorCode code = GeneralErrorCode.FORBIDDEN;
Comment thread src/main/java/com/example/umc10th/domain/member/repository/MemberRepository.java
Comment on lines 9 to +10
public interface MemberRepository extends JpaRepository<Member, Long> {
Optional<Member> findByEmail(String email);
Comment thread src/main/java/com/example/umc10th/global/config/SecurityConfig.java
Comment on lines +29 to +33
http
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(requests -> requests
.requestMatchers(allowUris).permitAll()
.anyRequest().authenticated()
Comment thread src/main/java/com/example/umc10th/global/config/SecurityConfig.java
Comment on lines +31 to +34
.authorizeHttpRequests(requests -> requests
.requestMatchers(allowUris).permitAll()
.anyRequest().authenticated()
)
sekong11
sekong11 reviewed May 25, 2026
View reviewed changes
Copy link
Copy Markdown

@sekong11 sekong11 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Spring Security 구조에 맞춰 잘 짜신 것 같아요 고생하셨어요!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@sekong11 sekong11 sekong11 left review comments

@CokaNuri CokaNuri Awaiting requested review from CokaNuri

At least 1 approving review is required to merge this pull request.

Assignees

@ennseo ennseo

Labels

🚀Week 8 8주차 워크북 미션

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ennseo @sekong11