관심있는것들

oAuth = Authorization between services only giving other service with limited credential. once user permit different service to access google OAuth gives a token with limited access authorites written. token is JWT Terminology Resource Server has burden of security. flow 1 1. log to photo printing service and say "my picture is in google drive can you access there and fetch my picture and print ..

public interface MemberRepositoryCustom { List search(MemberSearchCondition condition); } public class MemberRepositoryImpl implements MemberRepositoryCustom { private final JPAQueryFactory queryFactory; public MemberRepositoryImpl(EntityManager em) { this.queryFactory = new JPAQueryFactory(em); } @Override public List search(MemberSearchCondition condition) { return queryFactory .select(new QMe..

DTO 조회 @Test public void findDtoByJPQL() throws Exception { List resultList = em.createQuery( "select new study.querydsl.dto.MemberDto(m.username, m.age) from Member m", MemberDto.class) .getResultList(); } @Test public void findDtoSetter() throws Exception { List result = queryFactory .select(Projections.bean(MemberDto.class, member.username, member.age)) .from(member) .fetch(); for (MemberDto ..

@Service public class JwtUtil { private String SECRET_KEY = "secret"; public String extractUsername(String token) { return extractClaim(token, Claims::getSubject); } public Date extractExpiration(String token) { return extractClaim(token, Claims::getExpiration); } public T extractClaim(String token , Function claimsResolver) { final Claims claims = extractAllClaims(token); return claimsResolver...

server: port : 8083 #spring: # datasource: # url: jdbc:h2:tcp://localhost/D:\H2\jpashop; # username: sa # password: # driver-class-name: org.h2.Driver spring: datasource: url: jdbc:mysql://localhost:3306/spring_data_jpa?serverTimezone=UTC&characterEncoding=UTF-8&useSSL=false&allowPublicKeyRetrieval=true username: tony password: 1234 driver-class-name: com.mysql.cj.jdbc.Driver jpa: hibernate: ddl..

In case of dynamic web application server needs to validate user in order to show adequate page. since http protocol is stateless we need to use other option first one is session The first time someone login server create new Session and save them in some database and gives logged in user a Session ID. User saves Session ID in cookies. whenever logged in user sends request browser sends with Coo..

@Repository @Transactional(readOnly = true) public class SimpleJpaRepository implements JpaRepositoryImplementation 실제 구현체가 들어있는 클래스이다. @Repository 1. Component Scan 의 대상이 되어 Spring Container 에 올라감 2. JDBC, JPA Exception 이 터질때 이것들을 Spring Exception 으로 바꿔서줌 Spring data jpa 에서의 save는 @Transactional @Override public S save(S entity) { Assert.notNull(entity, "Entity must not be null."); if (entityIn..

@EnableWebSecurity @RequiredArgsConstructor public class SecurityConfiguration extends WebSecurityConfigurerAdapter { private final DataSource dataSource; private final UserDetailsService userDetailsService; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService); } @Override protected void configure(HttpSecurity http) ..

public interface MemberRepository extends JpaRepository , MemberRepositoryCustom public interface MemberRepositoryCustom { List findMemberCustom(); } @RequiredArgsConstructor public class MemberRepositoryImpl implements MemberRepositoryCustom { private final EntityManager em; @Override public List findMemberCustom() { return em.createQuery("select m from Member m") .getResultList(); } } 기존 Repos..

Boot Strap Spring Security is not call api or anything . it works as Filter if we are not using SpringBoot we need to add this in configure xml. how Authenticate works? Authentication is internal spring security interface. it's object acts like DTO for example it holds credenitals before authentication whe jobs is done it will hold Principal. inside AuthenticaitonProvider class autheticate metho..