Open
Conversation
* refactor: Spring Boot, Java 및 주요 의존성 버전업, commons-lang3 추가 - SpringBoot 버전업 (-> 3.5.11) - Java 버전업 (-> 21) - JJWT 버전업 (-> 0.12.6) - 기존 EnumUtils deprecate 대응을 위해 org.apache.commons:commons-lang3 의존성 추가 * refactor: JJWT deprecated API를 신규 API로 마이그레이션 * chore: ci/cd 파일 및 도커파일Java 17 → 21, Spring Boot 버전 업 반영 * test: @MockBean, @spybean을 @MockitoBean, @MockitoSpyBean으로 마이그레이션 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: 누락된 변경사항 추가 * refactor: 코드래빗 리뷰사항 적용 - 테스트에서 Token 생성 시, TTL을 30초로 수정 - TTL이 너무 짧으면 테스트가 간헐적으로 꺠질 위험 존재
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (1)
Walkthrough
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Suggested reviewers
🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
whqtker
changed the title
whqtker
requested review from
Gyuhyeok99,
Hexeong,
JAEHEE25,
lsy1307,
sukangpunch and
wibaek
as code owners
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (5)
src/test/java/com/example/solidconnection/university/service/UnivApplyInfoQueryServiceTest.java (1)
195-213: 기존 TODO 주석 관련 확인 필요이 테스트는 Redis 관련 에러로 인해 임시 비활성화된 상태입니다. 이 PR의 변경 사항은 아니지만, Spring Boot 버전 업그레이드 후 Redis 설정이 변경되었을 수 있으므로 이 테스트가 다시 활성화 가능한지 확인해 보시는 것을 권장드립니다.
이 이슈를 추적하기 위한 별도 이슈를 생성해 드릴까요?
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/test/java/com/example/solidconnection/university/service/UnivApplyInfoQueryServiceTest.java` around lines 195 - 213, The test method 캐시가_적용된다() was commented out due to Redis errors; re-enable it by restoring the `@Test` annotation and fix the underlying Redis test setup used by univApplyInfoQueryService.searchUnivApplyInfoByText so the cache is available during tests (either configure an embedded Redis, Testcontainers Redis, or mock the cache manager in the test context), then verify the repository interaction assertion that univApplyInfoRepository.findAllByText(text, term.getId()) is called only once still holds; update test configuration (application-test.properties or test `@Import`) to match the Spring Boot upgrade Redis settings and add a follow-up issue if you cannot make the Redis test infra stable now.src/main/java/com/example/solidconnection/common/filter/HttpLoggingFilter.java (1)
66-74: PathPattern 매칭 로직이 올바르게 구현되었습니다.
AntPathMatcher에서 PathPattern으로 전환
- Spring Boot 3.x의 기본 매칭 전략에 맞게
PathPatternAPI를 사용하여 전환되었습니다.구현 로직 검증
PathContainer.parsePath()와PathPattern.matches()의 조합이 올바릅니다.향후 고려 사항 (선택적)
- 현재
application.yml에server.servlet.context-path가 설정되어 있지 않아 문제가 없습니다.- 다만, 향후 context-path가 설정될 경우
req.getRequestURI()는 context-path를 포함하므로/actuator/**패턴과 매칭되지 않을 수 있습니다.- 필요시
req.getServletPath()를 사용하거나 context-path를 제거한 경로로 매칭하는 것을 고려할 수 있습니다.🛡️ context-path 대응을 위한 선택적 개선안
private boolean isExcluded(HttpServletRequest req) { - PathContainer path = PathContainer.parsePath(req.getRequestURI()); + String contextPath = req.getContextPath(); + String uri = req.getRequestURI(); + String pathWithoutContext = uri.startsWith(contextPath) + ? uri.substring(contextPath.length()) + : uri; + PathContainer path = PathContainer.parsePath(pathWithoutContext); for (PathPattern p : EXCLUDE_PATTERNS) { if (p.matches(path)) { return true; } } return false; }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/main/java/com/example/solidconnection/common/filter/HttpLoggingFilter.java` around lines 66 - 74, The isExcluded method currently parses req.getRequestURI() which includes any configured context-path, so matching against PathPattern instances in EXCLUDE_PATTERNS may fail if a context-path is set; update isExcluded to derive the path to match by using req.getServletPath() (or by stripping req.getContextPath() from req.getRequestURI()) before calling PathContainer.parsePath, then keep the loop over EXCLUDE_PATTERNS and PathPattern.matches as-is so patterns like /actuator/** continue matching correctly.src/test/java/com/example/solidconnection/security/filter/SignOutCheckFilterTest.java (1)
102-105: HS256 키 길이 요구사항을 명시적으로 검증하는 로직을 추가해 주세요.현재 테스트 설정의 JWT 시크릿(
1234567-1234-1234-1234-12345678901)은 34바이트로, HS256에 필요한 최소 32바이트 요구사항을 충족합니다. 다만, 다음과 같은 이유로 명시적 검증을 추가하면 좋습니다:
런타임 보호: 시크릿이 32바이트 미만으로 변경되면
Keys.hmacShaKeyFor()에서 즉시 실패하게 되는데, 사전에 검증 로직을 두면 이를 방지할 수 있습니다.의도의 명확화: 설정이나 테스트 코드에서 최소 길이 요구사항을 명시하면, 향후 유지보수 시 누군가 실수로 짧은 값으로 변경하는 것을 방지할 수 있습니다.
여러 테스트 파일 영향:
SignOutCheckFilterTest,TokenAuthenticationFilterTest,TokenAuthenticationProviderTest등 여러 테스트에서 동일 패턴을 사용하고 있으므로,JwtProperties또는 테스트 고정 설정에서 검증하면 효과적입니다.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/test/java/com/example/solidconnection/security/filter/SignOutCheckFilterTest.java` around lines 102 - 105, 테스트와 설정에서 HS256 키 최소 길이(32바이트)를 명시적으로 검증하도록 추가하세요: JwtProperties의 secret 반환부(예: JwtProperties.secret()) 또는 공용 유틸(예: validateHmacSecretLength(String))에 길이 검증 로직을 넣어 값이 null이거나 UTF_8 바이트 길이가 32보다 작으면 적절한 예외를 던지도록 하고, 테스트들(SignOutCheckFilterTest, TokenAuthenticationFilterTest, TokenAuthenticationProviderTest)에서는 Keys.hmacShaKeyFor(...) 호출 전에 이 검증 메서드를 호출하거나 JwtProperties가 이미 검증되었음을 보장하도록 변경하세요.src/test/java/com/example/solidconnection/security/filter/TokenAuthenticationFilterTest.java (1)
45-46: 주석 내용 수정이 필요합니다.주석에서 "MockBean"이라고 언급하고 있지만, 실제로는
@MockitoBean으로 변경되었습니다. 주석을 일치시키면 코드 이해도가 높아집니다.✏️ 주석 수정 제안
- `@MockitoBean` // 이 테스트코드에서 사용자를 조회할 필요는 없으므로 MockBean 으로 대체 + `@MockitoBean` // 이 테스트코드에서 사용자를 조회할 필요는 없으므로 MockitoBean 으로 대체🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/test/java/com/example/solidconnection/security/filter/TokenAuthenticationFilterTest.java` around lines 45 - 46, 주석이 "@MockitoBean" 대신 "MockBean"을 언급하고 있으므로 주석을 수정해 일치시키세요: TokenAuthenticationFilterTest 클래스에서 siteUserDetailsService 필드에 붙은 `@MockitoBean` 어노테이션을 참조하여 주석 텍스트를 "이 테스트코드에서 사용자를 조회할 필요는 없으므로 `@MockitoBean` 으로 모킹"처럼 변경해 코드와 주석이 일치하도록 업데이트하세요.src/main/java/com/example/solidconnection/auth/token/JwtTokenProvider.java (1)
48-50: 서명 키 캐싱을 고려해 볼 수 있습니다. (선택 사항)
getSigningKey()가 토큰 생성/검증 시마다 호출되어 매번 새SecretKey객체를 생성합니다. 성능이 크리티컬한 환경에서는 초기화 시점에 캐싱하는 것을 고려해 볼 수 있습니다.💡 캐싱 적용 예시
`@Component` `@RequiredArgsConstructor` public class JwtTokenProvider implements TokenProvider { private final JwtProperties jwtProperties; + private SecretKey signingKey; + + `@PostConstruct` + private void initSigningKey() { + this.signingKey = Keys.hmacShaKeyFor( + jwtProperties.secret().getBytes(StandardCharsets.UTF_8) + ); + } - private SecretKey getSigningKey() { - return Keys.hmacShaKeyFor(jwtProperties.secret().getBytes(StandardCharsets.UTF_8)); + private SecretKey getSigningKey() { + return signingKey; }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/main/java/com/example/solidconnection/auth/token/JwtTokenProvider.java` around lines 48 - 50, getSigningKey() currently creates a new SecretKey on every call (in JwtTokenProvider), which can be cached to avoid repeated allocations: compute the SecretKey once (e.g., in the JwtTokenProvider constructor or an eagerly initialized final field) using Keys.hmacShaKeyFor(jwtProperties.secret().getBytes(StandardCharsets.UTF_8)) and reuse that field in getSigningKey(); if you prefer lazy init, use a thread-safe pattern (volatile + synchronized or an AtomicReference) to ensure a single SecretKey instance is created and reused for token creation/verification.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@build.gradle`:
- Around line 3-5: Update the plugin versions in build.gradle: bump id
'org.springframework.boot' from '3.5.11' to '3.5.13' and keep id
'io.spring.dependency-management' at '1.1.7'; retain id 'org.flywaydb.flyway' at
'10.15.0' but ensure you apply Flyway 10.x migration changes (verify flyway
configuration keys, explicitly set SQL migration folder and separate
database-specific module dependencies) before committing; also consider updating
any Testcontainers dependency elsewhere in the project to 2.0.4 if present.
In `@claude.md`:
- Around line 10-11: The document has inconsistent Spring Boot version numbers:
the top-level versions were updated to "3.5.11" but the "Core Framework" section
still shows "3.1.5"; search for the string "3.1.5" and replace it with "3.5.11"
(including the "Core Framework" heading and any other occurrences) so all
version references match, and verify the header/summary and any "Spring Boot"
mentions use "3.5.11" consistently.
---
Nitpick comments:
In `@src/main/java/com/example/solidconnection/auth/token/JwtTokenProvider.java`:
- Around line 48-50: getSigningKey() currently creates a new SecretKey on every
call (in JwtTokenProvider), which can be cached to avoid repeated allocations:
compute the SecretKey once (e.g., in the JwtTokenProvider constructor or an
eagerly initialized final field) using
Keys.hmacShaKeyFor(jwtProperties.secret().getBytes(StandardCharsets.UTF_8)) and
reuse that field in getSigningKey(); if you prefer lazy init, use a thread-safe
pattern (volatile + synchronized or an AtomicReference) to ensure a single
SecretKey instance is created and reused for token creation/verification.
In
`@src/main/java/com/example/solidconnection/common/filter/HttpLoggingFilter.java`:
- Around line 66-74: The isExcluded method currently parses req.getRequestURI()
which includes any configured context-path, so matching against PathPattern
instances in EXCLUDE_PATTERNS may fail if a context-path is set; update
isExcluded to derive the path to match by using req.getServletPath() (or by
stripping req.getContextPath() from req.getRequestURI()) before calling
PathContainer.parsePath, then keep the loop over EXCLUDE_PATTERNS and
PathPattern.matches as-is so patterns like /actuator/** continue matching
correctly.
In
`@src/test/java/com/example/solidconnection/security/filter/SignOutCheckFilterTest.java`:
- Around line 102-105: 테스트와 설정에서 HS256 키 최소 길이(32바이트)를 명시적으로 검증하도록 추가하세요:
JwtProperties의 secret 반환부(예: JwtProperties.secret()) 또는 공용 유틸(예:
validateHmacSecretLength(String))에 길이 검증 로직을 넣어 값이 null이거나 UTF_8 바이트 길이가 32보다
작으면 적절한 예외를 던지도록 하고, 테스트들(SignOutCheckFilterTest, TokenAuthenticationFilterTest,
TokenAuthenticationProviderTest)에서는 Keys.hmacShaKeyFor(...) 호출 전에 이 검증 메서드를
호출하거나 JwtProperties가 이미 검증되었음을 보장하도록 변경하세요.
In
`@src/test/java/com/example/solidconnection/security/filter/TokenAuthenticationFilterTest.java`:
- Around line 45-46: 주석이 "@MockitoBean" 대신 "MockBean"을 언급하고 있으므로 주석을 수정해 일치시키세요:
TokenAuthenticationFilterTest 클래스에서 siteUserDetailsService 필드에 붙은 `@MockitoBean`
어노테이션을 참조하여 주석 텍스트를 "이 테스트코드에서 사용자를 조회할 필요는 없으므로 `@MockitoBean` 으로 모킹"처럼 변경해 코드와
주석이 일치하도록 업데이트하세요.
In
`@src/test/java/com/example/solidconnection/university/service/UnivApplyInfoQueryServiceTest.java`:
- Around line 195-213: The test method 캐시가_적용된다() was commented out due to Redis
errors; re-enable it by restoring the `@Test` annotation and fix the underlying
Redis test setup used by univApplyInfoQueryService.searchUnivApplyInfoByText so
the cache is available during tests (either configure an embedded Redis,
Testcontainers Redis, or mock the cache manager in the test context), then
verify the repository interaction assertion that
univApplyInfoRepository.findAllByText(text, term.getId()) is called only once
still holds; update test configuration (application-test.properties or test
`@Import`) to match the Spring Boot upgrade Redis settings and add a follow-up
issue if you cannot make the Redis test infra stable now.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro
Run ID: 5744898f-e319-47ce-8b5a-6f02fa2b907b
📒 Files selected for processing (30)
.github/workflows/ci.yml.github/workflows/dev-cd.yml.github/workflows/prod-cd.ymlDockerfilebuild.gradleclaude.mdsrc/main/java/com/example/solidconnection/auth/client/AppleOAuthClient.javasrc/main/java/com/example/solidconnection/auth/client/AppleOAuthClientSecretProvider.javasrc/main/java/com/example/solidconnection/auth/token/JwtTokenProvider.javasrc/main/java/com/example/solidconnection/common/filter/HttpLoggingFilter.javasrc/main/java/com/example/solidconnection/score/repository/custom/LanguageTestScoreFilterRepositoryImpl.javasrc/main/resources/application.ymlsrc/main/resources/config/application-cloud.ymlsrc/main/resources/config/application-db.ymlsrc/test/java/com/example/solidconnection/admin/service/AdminHostUniversityServiceTest.javasrc/test/java/com/example/solidconnection/auth/controller/RefreshTokenCookieManagerTest.javasrc/test/java/com/example/solidconnection/auth/service/JwtTokenProviderTest.javasrc/test/java/com/example/solidconnection/auth/service/oauth/OAuthServiceTest.javasrc/test/java/com/example/solidconnection/auth/service/signup/SignUpTokenProviderTest.javasrc/test/java/com/example/solidconnection/chat/service/ChatServiceTest.javasrc/test/java/com/example/solidconnection/community/post/service/PostCommandServiceTest.javasrc/test/java/com/example/solidconnection/mentor/service/MentorApplicationServiceTest.javasrc/test/java/com/example/solidconnection/news/service/NewsCommandServiceTest.javasrc/test/java/com/example/solidconnection/score/service/ScoreServiceTest.javasrc/test/java/com/example/solidconnection/security/authentication/TokenAuthenticationProviderTest.javasrc/test/java/com/example/solidconnection/security/filter/SignOutCheckFilterTest.javasrc/test/java/com/example/solidconnection/security/filter/TokenAuthenticationFilterTest.javasrc/test/java/com/example/solidconnection/siteuser/service/MyPageServiceTest.javasrc/test/java/com/example/solidconnection/university/service/UnivApplyInfoQueryServiceTest.javasrc/test/resources/application.yml
💤 Files with no reviewable changes (3)
- src/main/resources/config/application-cloud.yml
- src/test/resources/application.yml
- src/main/resources/config/application-db.yml
Comment on lines
+3
to
+5
| id 'org.springframework.boot' version '3.5.11' | ||
| id 'io.spring.dependency-management' version '1.1.7' | ||
| id 'org.flywaydb.flyway' version '10.15.0' |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
What is the latest stable version of Spring Boot 3.5.x as of April 2026?
💡 Result:
The latest stable version of Spring Boot 3.5.x as of April 2, 2026, is 3.5.13.
Citations:
- 1: https://spring.io/blog/2026/03/26/spring-boot-3-5-13-available-now
- 2: https://github.com/spring-projects/spring-boot/releases/tag/v3.5.13
- 3: https://endoflife.date/spring-boot
- 4: https://docs.spring.io/spring-boot/appendix/dependency-versions/index.html
🌐 Web query:
Flyway 10.15.0 release notes breaking changes from 9.x to 10.x
💡 Result:
Flyway 10.15.0 has no breaking changes listed in its release notes. The breaking changes from Flyway 9.x to 10.x occurred primarily in Flyway 10.0.0 and subsequent minor releases within the 10.x series. Key breaking changes for the 9.x to 10.x upgrade: - Removed deprecated flyway.check.reportFilename; use flyway.reportFilename instead. Report generation is now off by default (enable with reportEnabled). - 'SQL' folder removed as a default location for migration scripts (bad practice; specify locations explicitly). - flyway.plugins parameter namespace retired (backwards compatible but deprecate usage; e.g., flyway.plugins.clean -> sqlserver.clean.mode). - Database modules separated from flyway-core into individual modules (update dependencies for affected databases). - For Redgate distribution: licenseKey, undoSqlMigrationPrefix, and cherryPick configurations moved. - cherryPick now requires a configuration extension object via plugin registry (API users). - License key logic moved to 'flyway-key-licensing' module. Flyway 10.15.0 (2024-06-11) notes only bug fixes and minor changes, no breaking changes. Sources: Official Redgate Flyway release notes, upgrade guide, and V10 announcement.
Citations:
- 1: https://documentation.red-gate.com/fd/release-notes-for-flyway-engine-179732572.html
- 2: https://flywaydb.org/documentation/learnmore/releaseNotes
- 3: https://documentation.red-gate.com/flyway/flyway-blog/flyway-v10-has-landed
- 4: https://documentation.red-gate.com/fd/flyway-v10-upgrading-from-flyway-v9-224920031.html
- 5: https://documentation.red-gate.com/fd/flyway-v10-has-landed-222627771.html
🌐 Web query:
Spring dependency-management plugin 1.1.7 latest version
💡 Result:
The latest version of the Spring Dependency Management Plugin (io.spring.dependency-management) is 1.1.7, released on December 17, 2024. This is confirmed by the official Gradle Plugin Portal, Maven Central repositories, the plugin's documentation, and the GitHub releases page. As of 2026-04-02, no newer version is indicated in these authoritative sources.
Citations:
- 1: https://plugins.gradle.org/plugin/io.spring.dependency-management
- 2: https://mvnrepository.com/artifact/io.spring.gradle/dependency-management-plugin
- 3: https://docs.spring.io/dependency-management-plugin/docs/current/reference/html/
- 4: https://central.sonatype.com/artifact/io.spring.dependency-management/io.spring.dependency-management.gradle.plugin
- 5: https://mvnrepository.com/artifact/io.spring.dependency-management/io.spring.dependency-management.gradle.plugin/1.1.7
- 6: https://mvnrepository.com/artifact/io.spring.gradle/dependency-management-plugin/1.1.7
🏁 Script executed:
# Search for testcontainers and other key dependency versions in build.gradle
cat build.gradle | grep -E "version|testcontainers|flyway|spring" | head -30Repository: solid-connection/solid-connect-server
Length of output: 1414
🌐 Web query:
Testcontainers 2.0.2 release latest version
💡 Result:
The latest version of Testcontainers for Java is 2.0.4, released on 2026-03-19. Testcontainers 2.0.2 was released on 2025-11-13. As of 2026-04-02, 2.0.4 is the most recent release, confirmed by the official documentation, GitHub releases, and Maven repositories.
Citations:
- 1: https://github.com/testcontainers/testcontainers-java/releases
- 2: https://github.com/testcontainers/testcontainers-java/releases/tag/2.0.4
- 3: https://java.testcontainers.org/
- 4: https://mvnrepository.com/artifact/org.testcontainers
- 5: https://newreleases.io/project/github/testcontainers/testcontainers-java/release/2.0.2
- 6: https://mvnrepository.com/artifact/org.testcontainers/testcontainers/2.0.2
플러그인 버전 확인 및 업데이트 제안
확인 결과, 명시된 모든 버전이 실제로 존재하며 안정적입니다. 다만 다음과 같은 점들을 고려해 주세요:
-
Spring Boot 3.5.11 → 3.5.13 업데이트 권장
- 현재 사용 중인 3.5.11은 유효하지만, 최신 안정판 3.5.13이 릴리스되었습니다 (2패치 최신).
-
Spring Dependency Management 1.1.7
- 최신 안정판입니다 (2024년 12월 17일 릴리스). 유지해도 무방합니다.
-
Flyway 10.15.0 마이그레이션 주의
- Flyway 10.15.0 자체는 안정적이지만, 9.x에서 10.x로 업그레이드할 때 다음 변경 사항을 검토하세요:
- 설정 파일 경로 변경 (예: flyway.plugins.* → database 모듈 설정)
- SQL 마이그레이션 폴더 위치 명시 필요
- 데이터베이스별 모듈 의존성 분리
- Flyway 10.15.0 자체는 안정적이지만, 9.x에서 10.x로 업그레이드할 때 다음 변경 사항을 검토하세요:
-
Testcontainers 2.0.2 → 2.0.4 업데이트 권장
- 현재 2.0.2는 유효하지만, 최신 버전 2.0.4 (2026년 3월 19일 릴리스)로 업데이트 가능합니다.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@build.gradle` around lines 3 - 5, Update the plugin versions in build.gradle:
bump id 'org.springframework.boot' from '3.5.11' to '3.5.13' and keep id
'io.spring.dependency-management' at '1.1.7'; retain id 'org.flywaydb.flyway' at
'10.15.0' but ensure you apply Flyway 10.x migration changes (verify flyway
configuration keys, explicitly set SQL migration folder and separate
database-specific module dependencies) before committing; also consider updating
any Testcontainers dependency elsewhere in the project to 2.0.4 if present.
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
src/main/java/com/example/solidconnection/common/config/redis/RedisConfig.java (1)
49-56:⚠️ Potential issue | 🟠 Major
objectRedisTemplate()빈에 설정되지 않은 기본ObjectMapper사용으로 인한 직렬화/역직렬화 오류 위험deprecated 생성자를 새로운 버전으로 대체한 방향은 올바르지만, 기본
new ObjectMapper()를 사용하면 다음과 같은 문제가 발생할 수 있습니다:
Java 8 날짜/시간 타입 미지원
- SiteUser의
LocalDateTime필드(nicknameModifiedAt),LocalDate필드(quitedAt)- UserBan의
ZonedDateTime필드(expiredAt,unbannedAt)- 이들 타입이 캐시될 경우 역직렬화 오류 발생 가능
타입 정보 부재
- 복잡한 객체의 다형성 역직렬화 불가능
GenericJackson2JsonRedisSerializer와 달리@class정보 미포함코드베이스 일관성 부족
- CustomCacheManager와 ThunderingHerdCachingAspect에서는
GenericJackson2JsonRedisSerializer사용 중- 동일한 용도인데 서로 다른 직렬화 방식 적용
🔧 권장 수정안 1: GenericJackson2JsonRedisSerializer 사용 (권장)
`@Bean` public RedisTemplate<String, Object> objectRedisTemplate() { RedisTemplate<String, Object> redisTemplate = new RedisTemplate<>(); redisTemplate.setKeySerializer(new StringRedisSerializer()); - redisTemplate.setValueSerializer(new Jackson2JsonRedisSerializer<>(new ObjectMapper(), Object.class)); + redisTemplate.setValueSerializer(new GenericJackson2JsonRedisSerializer()); redisTemplate.setConnectionFactory(redisConnectionFactory()); return redisTemplate; }불필요한 import도 제거합니다:
-import com.fasterxml.jackson.databind.ObjectMapper; -import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer; +import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;🔧 권장 수정안 2: ObjectMapper에 필수 모듈 등록
import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; +import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;`@Bean` public RedisTemplate<String, Object> objectRedisTemplate() { RedisTemplate<String, Object> redisTemplate = new RedisTemplate<>(); redisTemplate.setKeySerializer(new StringRedisSerializer()); + ObjectMapper objectMapper = new ObjectMapper(); + objectMapper.registerModule(new JavaTimeModule()); + objectMapper.disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS); - redisTemplate.setValueSerializer(new Jackson2JsonRedisSerializer<>(new ObjectMapper(), Object.class)); + redisTemplate.setValueSerializer(new Jackson2JsonRedisSerializer<>(objectMapper, Object.class)); redisTemplate.setConnectionFactory(redisConnectionFactory()); return redisTemplate; }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/main/java/com/example/solidconnection/common/config/redis/RedisConfig.java` around lines 49 - 56, The objectRedisTemplate() bean currently constructs a plain new ObjectMapper which lacks JavaTime and type metadata support, causing deserialization errors for LocalDate/LocalDateTime/ZonedDateTime and polymorphic types and is inconsistent with other serializers; update objectRedisTemplate() to use GenericJackson2JsonRedisSerializer (to include type info) or configure a shared ObjectMapper that registers JavaTimeModule, JavaTimeModule/JavaTimeModule-support, and enables default typing as used by CustomCacheManager and ThunderingHerdCachingAspect so the RedisTemplate uses the same serializer strategy as the rest of the codebase.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Outside diff comments:
In
`@src/main/java/com/example/solidconnection/common/config/redis/RedisConfig.java`:
- Around line 49-56: The objectRedisTemplate() bean currently constructs a plain
new ObjectMapper which lacks JavaTime and type metadata support, causing
deserialization errors for LocalDate/LocalDateTime/ZonedDateTime and polymorphic
types and is inconsistent with other serializers; update objectRedisTemplate()
to use GenericJackson2JsonRedisSerializer (to include type info) or configure a
shared ObjectMapper that registers JavaTimeModule,
JavaTimeModule/JavaTimeModule-support, and enables default typing as used by
CustomCacheManager and ThunderingHerdCachingAspect so the RedisTemplate uses the
same serializer strategy as the rest of the codebase.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro
Run ID: a7ae23e7-6bc9-4048-a6b8-d52947e74679
📒 Files selected for processing (1)
src/main/java/com/example/solidconnection/common/config/redis/RedisConfig.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
관련 이슈
작업 내용
형준 님 작업 체리 픽해서 진행했습니다. #702
추가로 버전 업이랑 관련없으나, 잘못된 설정 등도 같이 작업했습니다. 버전 업 관련 디스커션의 별 한 개 참고하시면 됩니다.
빌드 및 실행까지 검증했습니다 !
특이 사항
리뷰 요구사항 (선택)