Spring Boot에서 어노테이션으로 세션 사용자 가져오기

Spring Boot 애플리케이션에서 로그인한 사용자 정보를 컨트롤러에서 손쉽게 가져오고 싶을 때, 세션에서 사용자 정보를 가져오는 기능은 매우 유용합니다. 특히, 반복적인 코드 없이 어노테이션을 사용해 현재 사용자의 정보를 쉽게 접근할 수 있도록 커스텀 어노테이션을 구현하는 방법을 소개하겠습니다.

---

## 1. 프로젝트 구성

이 예제는 다음과 같은 의존성을 포함합니다:

- **Spring Web**
- **Spring Security**
- **Spring Boot DevTools**

`build.gradle` 또는 `pom.xml`에 의존성을 추가합니다.

### Gradle

```groovy
dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.springframework.boot:spring-boot-starter-security'
}
```

### Maven

```xml
<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
</dependencies>
```

---

## 2. 사용자 정보 저장 및 세션 관리

### `User` 클래스

사용자 정보를 표현하는 엔티티 또는 DTO 객체를 생성합니다.

```java
package cohttp://m.example.demo.model;

public class User {

    private String username;
    private String email;

    // 기본 생성자, Getter, Setter
    public User() {}

    public User(String username, String email) {
        this.username = username;
        this.email = email;
    }

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    public String getEmail() {
        return email;
    }

    public void setEmail(String email) {
        this.email = email;
    }
}
```

---

## 3. 커스텀 어노테이션 구현

### `@CurrentUser` 어노테이션

로그인된 사용자 정보를 컨트롤러 매개변수에서 바로 접근할 수 있도록 커스텀 어노테이션을 만듭니다.

```java
package cohttp://m.example.demo.annotation;

import java.lang.annotation.*;

@Target(ElementType.PARAMETER)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface CurrentUser {
}
```

---

## 4. 어노테이션 동작을 위한 Resolver 구현

어노테이션이 적용된 매개변수에 사용자 정보를 주입하도록 HandlerMethodArgumentResolver를 구현합니다.

### `CurrentUserArgumentResolver`

```java
package cohttp://m.example.demo.resolver;

import cohttp://m.example.demo.annotation.CurrentUser;
import cohttp://m.example.demo.model.User;
import org.springframework.core.MethodParameter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;

import javax.servlet.http.HttpServletRequest;

@Component
public class CurrentUserArgumentResolver implements HandlerMethodArgumentResolver {

    @Override
    public boolean supportsParameter(MethodParameter parameter) {
        return parameter.getParameterAnnotation(CurrentUser.class) != null
                && parameter.getParameterType().equals(User.class);
    }

    @Override
    public Object resolveArgument(MethodParameter parameter, 
                                  ModelAndViewContainer mavContainer, 
                                  HttpServletRequest webRequest, 
                                  org.springframework.web.context.request.NativeWebRequest nativeWebRequest) {

        // Spring Security에서 인증 정보 가져오기
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

        if (authentication != null && authentication.getPrincipal() instanceof User) {
            return authentication.getPrincipal();
        }

        return null; // 인증되지 않은 사용자인 경우 null 반환
    }
}
```

---

## 5. Resolver 등록

Spring MVC에 `HandlerMethodArgumentResolver`를 등록하여 `@CurrentUser` 어노테이션이 동작하도록 설정합니다.

### `WebConfig`

```java
package cohttp://m.example.demo.config;

import cohttp://m.example.demo.resolver.CurrentUserArgumentResolver;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

import java.util.List;

@Configuration
public class WebConfig implements WebMvcConfigurer {

    private final CurrentUserArgumentResolver currentUserArgumentResolver;

    public WebConfig(CurrentUserArgumentResolver currentUserArgumentResolver) {
        this.currentUserArgumentResolver = currentUserArgumentResolver;
    }

    @Override
    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
        resolvers.add(currentUserArgumentResolver);
    }
}
```

---

## 6. 컨트롤러에서 사용자 정보 사용하기

컨트롤러에서 `@CurrentUser` 어노테이션을 사용하여 로그인된 사용자 정보를 간단히 가져올 수 있습니다.

### `UserController`

```java
package cohttp://m.example.demo.controller;

import cohttp://m.example.demo.annotation.CurrentUser;
import cohttp://m.example.demo.model.User;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class UserController {

    @GetMapping("/profile")
    public String getUserProfile(@CurrentUser User user) {
        if (user == null) {
            return "No authenticated user found.";
        }
        return "Hello, " + user.getUsername() + "! Your email is " + user.getEmail();
    }
}
```

---

## 7. 인증 처리 및 테스트

Spring Security를 설정하여 인증 정보를 설정합니다. 이 예제에서는 간단한 `inMemoryAuthentication`을 사용합니다.

### `SecurityConfig`

```java
package cohttp://m.example.demo.config;

import cohttp://m.example.demo.model.User;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
public class SecurityConfig {

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .withUser("user").password(passwordEncoder().encode("password")).roles("USER");
    }

    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
            .authorizeRequests()
            .antMatchers("/profile").authenticated()
            .anyRequest().permitAll()
            .and()
            .httpBasic();
    }
}
```

---

## 8. 결과 확인

1. 애플리케이션을 실행합니다.
2. `/profile` 엔드포인트에 접근합니다.
3. Basic Authentication으로 로그인(`username: user`, `password: password`)하면 사용자 정보를 확인할 수 있습니다.

---

## 마무리

이 글에서는 Spring Boot에서 세션 사용자 정보를 쉽게 가져올 수 있도록 커스텀 어노테이션(`@CurrentUser`)을 구현하고 사용하는 방법을 설명했습니다. 이를 통해 코드의 재사용성을 높이고, 컨트롤러에서 깔끔하게 사용자 정보를 주입받을 수 있습니다. 

이 방식은 특히 JWT 또는 OAuth 인증을 사용하는 경우에도 쉽게 확장 가능합니다.