From 847d61851f7e50174a6e526c818eaac06d4a2a13 Mon Sep 17 00:00:00 2001
From: tolag3 <tolag3@gmail.com>
Date: Thu, 4 Jul 2024 12:00:46 +0900
Subject: [PATCH] =?UTF-8?q?=EC=9D=B4=EC=A4=80=ED=98=B8=20=EC=A0=84?=
 =?UTF-8?q?=EC=9E=90=EC=A1=B0=EC=A0=95=EC=8B=9C=EC=8A=A4=ED=85=9C=20?=
 =?UTF-8?q?=EC=95=88=EC=A0=95=ED=99=94=20=EC=BB=A4=EB=B0=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

 - 웹취약점 수정
 	- 개별 주소 노출 취약점 수정
---
 .../let/uat/uia/web/EgovLoginController.java  | 32 ++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/src/main/java/kcc/let/uat/uia/web/EgovLoginController.java b/src/main/java/kcc/let/uat/uia/web/EgovLoginController.java
index aa6b0ec8..eec30e27 100644
--- a/src/main/java/kcc/let/uat/uia/web/EgovLoginController.java
+++ b/src/main/java/kcc/let/uat/uia/web/EgovLoginController.java
@@ -142,6 +142,9 @@ public class EgovLoginController {
     private String idFindUrl_Global;
     @Value("#{globalSettings['Globals.sso.pwFindUrl']}")
     private String pwFindUrl_Global;
+    
+    @Value("#{globalSettings['Globals.prod.islocal']}")
+    private String islocal;
 
     /** EgovLoginService */
     @Resource(name = "loginService")
@@ -1548,7 +1551,34 @@ public class EgovLoginController {
                 if ("web".equals((String) session.getAttribute("pageType"))) {
                     // pageType(Web은 사용자 이외는 관리자)
                     if (savedRequest != null) {
-                        session.setAttribute("beforeUrl", savedRequest.getRedirectUrl());
+//                        session.setAttribute("beforeUrl", savedRequest.getRedirectUrl());
+                        
+                        //서버정보 받아오기
+                		String scheme = request.getScheme();
+                		String serverName = request.getServerName();
+                		String serverPort = String.valueOf(request.getServerPort());
+                		if(!"".equals(serverPort)) serverPort = ":" + serverPort;
+                		
+                		String requestUrl = scheme + "://" + serverName + serverPort;
+                		
+               		 	String beforeUrl = savedRequest
+               		 							.getRedirectUrl()
+               		 							.toString()
+               		 							.substring(savedRequest
+	               		 										.getRedirectUrl()
+	               		 										.toString()
+	               		 										.indexOf("/",8),
+               		 										savedRequest
+               		 											.getRedirectUrl()
+               		 											.toString()
+               		 											.length()
+               		 										);
+               		 	if("real".equals(islocal)) {
+               		 		session.setAttribute("beforeUrl", "https://adr.copyright.or.kr"+beforeUrl);
+               		 	}else {
+               		 		session.setAttribute("beforeUrl", requestUrl+beforeUrl);
+               		 	}
+                        
                         /* return "redirect:/web/user/login/login.do"; */
                         redirectAttributes.addFlashAttribute("message", "로그인 후 이용해 주세요.");
                         return "redirect:/web/user/login/ssoLogin.do";