ads367 / yj_portal star
ads367 04-02
2024-04-02 [최민식] 시큐리티 진행중 
[최민식] 시큐리티 진행중
@eb9e08449189855a07a526ce1d045a26ac5a183f
ed652e3
eb9e084
.idea/jarRepositories.xml
--- .idea/jarRepositories.xml
+++ .idea/jarRepositories.xml
@@ -7,9 +7,9 @@
 
       <option name="url" value="https://repo.maven.apache.org/maven2" />
 
     </remote-repository>
 
     <remote-repository>
 
-      <option name="id" value="egovframe" />
 
-      <option name="name" value="egovframe" />
 
-      <option name="url" value="https://maven.egovframe.go.kr/maven/" />
 
+      <option name="id" value="central" />
 
+      <option name="name" value="Maven Central repository" />
 
+      <option name="url" value="https://repo1.maven.org/maven2" />
 
     </remote-repository>
 
     <remote-repository>
 
       <option name="id" value="mvn2s" />
@@ -17,9 +17,9 @@
 
       <option name="url" value="https://repo1.maven.org/maven2/" />
 
     </remote-repository>
 
     <remote-repository>
 
-      <option name="id" value="central" />
 
-      <option name="name" value="Maven Central repository" />
 
-      <option name="url" value="https://repo1.maven.org/maven2" />
 
+      <option name="id" value="egovframe" />
 
+      <option name="name" value="egovframe" />
 
+      <option name="url" value="https://maven.egovframe.go.kr/maven/" />
 
     </remote-repository>
 
     <remote-repository>
 
       <option name="id" value="jboss.community" />
ed652e3
eb9e084
.idea/misc.xml
--- .idea/misc.xml
+++ .idea/misc.xml
@@ -8,7 +8,7 @@
 
       </list>
 
     </option>
 
   </component>
 
-  <component name="ProjectRootManager" version="2" languageLevel="JDK_14" project-jdk-name="11" project-jdk-type="JavaSDK">
 
+  <component name="ProjectRootManager" version="2" languageLevel="JDK_11" default="false" project-jdk-name="11" project-jdk-type="JavaSDK">
 
     <output url="file://$PROJECT_DIR$/classes" />
 
   </component>
 
 </project>
(파일 끝에 줄바꿈 문자 없음)
ed652e3
 
.idea/modules.xml (deleted)
--- .idea/modules.xml
@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/cms.iml" filepath="$PROJECT_DIR$/cms.iml" />
-    </modules>
-  </component>
-</project>(파일 끝에 줄바꿈 문자 없음)
ed652e3
eb9e084
pom.xml
--- pom.xml
+++ pom.xml
@@ -156,12 +156,26 @@
 
 			<artifactId>poi-ooxml</artifactId>
 
 			<version>4.1.2</version>
 
 		</dependency>
 
-		<!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt -->
 
-<!--		<dependency>-->
 
-<!--			<groupId>io.jsonwebtoken</groupId>-->
 
-<!--			<artifactId>jjwt</artifactId>-->
 
-<!--			<version>0.12.5</version>-->
 
-<!--		</dependency>-->
 
+		<!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt-api -->
 
+		<dependency>
 
+			<groupId>io.jsonwebtoken</groupId>
 
+			<artifactId>jjwt-api</artifactId>
 
+			<version>0.12.5</version>
 
+		</dependency>
 
+		<!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt-impl -->
 
+		<dependency>
 
+			<groupId>io.jsonwebtoken</groupId>
 
+			<artifactId>jjwt-impl</artifactId>
 
+			<version>0.12.5</version>
 
+			<scope>runtime</scope>
 
+		</dependency>
 
+		<!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt-jackson -->
 
+		<dependency>
 
+			<groupId>io.jsonwebtoken</groupId>
 
+			<artifactId>jjwt-jackson</artifactId>
 
+			<version>0.12.5</version>
 
+			<scope>runtime</scope>
 
+		</dependency>
 
 		<!--                                           추가                                           -->
 
 	</dependencies>
 
eb9e084
src/main/java/com/takensoft/common/config/CorsMvcConfig.java (added)
+++ src/main/java/com/takensoft/common/config/CorsMvcConfig.java
@@ -0,0 +1,20 @@
+package com.takensoft.common.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+public class CorsMvcConfig implements WebMvcConfigurer {
+
+    private static String FRONT_URL; //1시간
+    @Value("${front.url}")
+    public void setFrontUrl(String value) {
+        FRONT_URL = value;
+    }
+
+    @Override
+    public void addCorsMappings(CorsRegistry corsRegistry) {
+        corsRegistry.addMapping("/**")
+                .allowedOrigins(FRONT_URL);
+    }
+}
ed652e3
eb9e084
src/main/java/com/takensoft/common/config/SecurityConfig.java
--- src/main/java/com/takensoft/common/config/SecurityConfig.java
+++ src/main/java/com/takensoft/common/config/SecurityConfig.java
@@ -1,21 +1,70 @@
 
 package com.takensoft.common.config;
 
 
+import org.springframework.beans.factory.annotation.Value;
 
 import org.springframework.context.annotation.Bean;
 
 import org.springframework.context.annotation.Configuration;
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 
+import org.springframework.security.config.http.SessionCreationPolicy;
 
 import org.springframework.security.web.SecurityFilterChain;
 
+import org.springframework.web.cors.CorsConfiguration;
 
+import org.springframework.web.cors.CorsConfigurationSource;
 
+
 
+import javax.servlet.http.HttpServletRequest;
 
+import java.util.Collections;
 
 
 @Configuration
 
 @EnableWebSecurity
 
 public class SecurityConfig {
 
+
 
+    private static String FRONT_URL; //1시간
 
+    @Value("${front.url}")
 
+    public void setFrontUrl(String value) {
 
+        FRONT_URL = value;
 
+    }
 
+
 
     @Bean
 
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 
         http
 
-                .csrf().disable()
 
-                .authorizeHttpRequests((authorizeRequests) ->
 
-                        authorizeRequests.anyRequest().permitAll()
 
+                .cors((cors) -> cors
 
+                    .configurationSource(new CorsConfigurationSource() {
 
+                        @Override
 
+                        public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
 
+                            CorsConfiguration configuration = new CorsConfiguration();
 
+                            // 허용할 프론트 포트 포함 경로 입력
 
+                            configuration.setAllowedOrigins(Collections.singletonList(FRONT_URL));
 
+                            // 허용할 메소드(GET, POST, PUT 등)
 
+                            configuration.setAllowedMethods(Collections.singletonList("*"));
 
+                            // 프론트에서 credentials 설정하면 true
 
+                            configuration.setAllowCredentials(true);
 
+                            // 허용할 헤드
 
+                            configuration.setAllowedHeaders(Collections.singletonList("*"));
 
+                            // 허용을 물고 있을 시간
 
+                            configuration.setMaxAge(3600L);
 
+
 
+                            // 서버에서 JWT를 Authorization에 담아 보내기 위해 허용을 함
 
+                            configuration.setExposedHeaders(Collections.singletonList("Authorization"));
 
+                            return configuration;
 
+                        }
 
+                    })
 
                 );
 
+        // csrf disable
 
+        http.csrf((auth) -> auth.disable());
 
+        // formLogin disable
 
+        http.formLogin((auth) -> auth.disable());
 
+        // http basic 인증 방식 disable
 
+        http.httpBasic((auth) -> auth.disable());
 
+
 
+        // 경로별 인가 설정
 
+        http
 
+                .authorizeHttpRequests((auth) -> auth
 
+                        .anyRequest().permitAll()
 
+                );
 
+        
+        // 세션 설정
 
+        http
 
+                .sessionManagement((session) -> session
 
+                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 
         return http.build();
 
     }
 
 }
(파일 끝에 줄바꿈 문자 없음)
ed652e3
eb9e084
src/main/resources/application.yml
--- src/main/resources/application.yml
+++ src/main/resources/application.yml
@@ -22,4 +22,12 @@
 
   type-aliases-package: com.takensoft.**.**.vo, com.takensoft.**.**.dto
 
   mapper-locations: classpath:mybatis/mapper/**/*-SQL.xml
 
 
+# jwt
 
+jwt:
 
+  secret: akdnciepwlmdkcngpqktmektakensoftepckdbnskqmdkfsdflksdfoasjkdfbasdfasdfwerhjjhkgdfgdfseasdfef
 
+  accessTime: 600000      # 1시간
 
+  refreshTime: 86400000   # 24시간
 
 
+# frontUrl
 
+front:
 
+  url: http://localhost:3000
(파일 끝에 줄바꿈 문자 없음)
ed652e3
eb9e084
target/classes/application.yml
--- target/classes/application.yml
+++ target/classes/application.yml
@@ -22,4 +22,8 @@
 
   type-aliases-package: com.takensoft.**.**.vo, com.takensoft.**.**.dto
 
   mapper-locations: classpath:mybatis/mapper/**/*-SQL.xml
 
 
-
 
+# jwt
 
+jwt:
 
+  secret: akdnciepwlmdkcngpqktmektakensoftepckdbnskqmdkfsdflksdfoasjkdfbasdfasdfwerhjjhkgdfgdfseasdfef
 
+  accessTime: 600000      # 1시간
 
+  refreshTime: 86400000   # 24시간
ed652e3
eb9e084
target/classes/com/takensoft/CmsApplication.class (Binary)
--- target/classes/com/takensoft/CmsApplication.class
+++ target/classes/com/takensoft/CmsApplication.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/cms/sample/dao/SampleDAO.class (Binary)
--- target/classes/com/takensoft/cms/sample/dao/SampleDAO.class
+++ target/classes/com/takensoft/cms/sample/dao/SampleDAO.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/cms/sample/service/Impl/SampleServiceImpl.class (Binary)
--- target/classes/com/takensoft/cms/sample/service/Impl/SampleServiceImpl.class
+++ target/classes/com/takensoft/cms/sample/service/Impl/SampleServiceImpl.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/cms/sample/service/SampleService.class (Binary)
--- target/classes/com/takensoft/cms/sample/service/SampleService.class
+++ target/classes/com/takensoft/cms/sample/service/SampleService.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/cms/sample/vo/SampleVO.class (Binary)
--- target/classes/com/takensoft/cms/sample/vo/SampleVO.class
+++ target/classes/com/takensoft/cms/sample/vo/SampleVO.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/cms/sample/web/SampleController.class (Binary)
--- target/classes/com/takensoft/cms/sample/web/SampleController.class
+++ target/classes/com/takensoft/cms/sample/web/SampleController.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/portal/entrprsInfo/dao/EntrprsInfoDAO.class (Binary)
--- target/classes/com/takensoft/portal/entrprsInfo/dao/EntrprsInfoDAO.class
+++ target/classes/com/takensoft/portal/entrprsInfo/dao/EntrprsInfoDAO.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/portal/entrprsInfo/dao/FnlttDAO.class (Binary)
--- target/classes/com/takensoft/portal/entrprsInfo/dao/FnlttDAO.class
+++ target/classes/com/takensoft/portal/entrprsInfo/dao/FnlttDAO.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/portal/entrprsInfo/service/EntrprsInfoService.class (Binary)
--- target/classes/com/takensoft/portal/entrprsInfo/service/EntrprsInfoService.class
+++ target/classes/com/takensoft/portal/entrprsInfo/service/EntrprsInfoService.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/portal/entrprsInfo/service/FnlttService.class (Binary)
--- target/classes/com/takensoft/portal/entrprsInfo/service/FnlttService.class
+++ target/classes/com/takensoft/portal/entrprsInfo/service/FnlttService.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/portal/entrprsInfo/service/Impl/EntrprsInfoServiceImpl.class (Binary)
--- target/classes/com/takensoft/portal/entrprsInfo/service/Impl/EntrprsInfoServiceImpl.class
+++ target/classes/com/takensoft/portal/entrprsInfo/service/Impl/EntrprsInfoServiceImpl.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/portal/entrprsInfo/service/Impl/FnlttServiceImpl.class (Binary)
--- target/classes/com/takensoft/portal/entrprsInfo/service/Impl/FnlttServiceImpl.class
+++ target/classes/com/takensoft/portal/entrprsInfo/service/Impl/FnlttServiceImpl.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/portal/entrprsInfo/vo/EntrprsInfoVO.class (Binary)
--- target/classes/com/takensoft/portal/entrprsInfo/vo/EntrprsInfoVO.class
+++ target/classes/com/takensoft/portal/entrprsInfo/vo/EntrprsInfoVO.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/portal/entrprsInfo/vo/FnlttVO.class (Binary)
--- target/classes/com/takensoft/portal/entrprsInfo/vo/FnlttVO.class
+++ target/classes/com/takensoft/portal/entrprsInfo/vo/FnlttVO.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/portal/entrprsInfo/web/EntrprsInfoController.class (Binary)
--- target/classes/com/takensoft/portal/entrprsInfo/web/EntrprsInfoController.class
+++ target/classes/com/takensoft/portal/entrprsInfo/web/EntrprsInfoController.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/portal/investment/dao/InvestmentDAO.class (Binary)
--- target/classes/com/takensoft/portal/investment/dao/InvestmentDAO.class
+++ target/classes/com/takensoft/portal/investment/dao/InvestmentDAO.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/portal/investment/service/Impl/InvestmentServiceImpl.class (Binary)
--- target/classes/com/takensoft/portal/investment/service/Impl/InvestmentServiceImpl.class
+++ target/classes/com/takensoft/portal/investment/service/Impl/InvestmentServiceImpl.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/portal/investment/service/InvestmentService.class (Binary)
--- target/classes/com/takensoft/portal/investment/service/InvestmentService.class
+++ target/classes/com/takensoft/portal/investment/service/InvestmentService.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/portal/investment/vo/InvestmentVO.class (Binary)
--- target/classes/com/takensoft/portal/investment/vo/InvestmentVO.class
+++ target/classes/com/takensoft/portal/investment/vo/InvestmentVO.class
Binary file is not shown
ed652e3
eb9e084
target/classes/com/takensoft/portal/investment/web/InvestmentController.class (Binary)
--- target/classes/com/takensoft/portal/investment/web/InvestmentController.class
+++ target/classes/com/takensoft/portal/investment/web/InvestmentController.class
Binary file is not shown
Add a comment
List