tolag3/kcc_adr_advc_git
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

보안취약점 보완

Browse Source
This commit is contained in:
leejunho 2023-08-03 10:33:08 +09:00
parent d0b11bd020
commit 78dccaf6f8
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/java/kcc/kccadr/adjstExp/web/AdjstExpController.java
View File

@ -6,6 +6,7 @@ import java.util.List;
import javax.annotation.Resource; import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.CollectionUtils;
@ -107,13 +108,18 @@ public class AdjstExpController {
* 체험하기 로그인 페이지 * 체험하기 로그인 페이지
*/ */
@RequestMapping("/web/kccadr/adjstExp/SsoLoginUsr.do") @RequestMapping("/web/kccadr/adjstExp/SsoLoginUsr.do")
public String SsoLoginUsr(@ModelAttribute("adjstReqVO") AdjstReqVO adjstReqVO, HttpServletRequest request, ModelMap model) throws Exception { public String SsoLoginUsr(@ModelAttribute("adjstReqVO") AdjstReqVO adjstReqVO, HttpServletRequest request, ModelMap model, HttpServletResponse response) throws Exception {
System.out.println("adjstReqVO.getStep() :: " + adjstReqVO.getStep()); System.out.println("adjstReqVO.getStep() :: " + adjstReqVO.getStep());
model.addAttribute("loginNextUrl", adjstReqVO.getLoginNextUrl()); model.addAttribute("loginNextUrl", adjstReqVO.getLoginNextUrl());
model.addAttribute("step", adjstReqVO.getStep()); model.addAttribute("step", adjstReqVO.getStep());
model.addAttribute("searchStatus", adjstReqVO.getSearchStatus()); model.addAttribute("searchStatus", adjstReqVO.getSearchStatus());
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Max-Age", 0);
return "/web/kccadr/adjstExp/SsoLoginUsr"; return "/web/kccadr/adjstExp/SsoLoginUsr";
} }

10
src/main/java/kcc/web/ContentController.java
View File

@ -4,6 +4,7 @@ import java.util.Map;
import javax.annotation.Resource; import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.ui.Model; import org.springframework.ui.Model;
@ -29,7 +30,7 @@ public class ContentController{
/* content*/ /* content*/
@RequestMapping(value="/web/content.do") @RequestMapping(value="/web/content.do")
public String contentIntro(@RequestParam Map<String, Object> commandMap, CntManageVO cntManageVO , HttpServletRequest request, Model model) throws Exception { public String contentIntro(@RequestParam Map<String, Object> commandMap, CntManageVO cntManageVO , HttpServletRequest request, Model model, HttpServletResponse response) throws Exception {
if(commandMap.get("proFn")==null){ if(commandMap.get("proFn")==null){
return "blank"; return "blank";
} }
@ -45,7 +46,7 @@ public class ContentController{
return "cnt/"+cntManageVO.getCntId() ; return "cnt/"+cntManageVO.getCntId() ;
} }
if(cntManageVO.getMenuCours()!=null){ //매뉴구조 if(cntManageVO.getMenuCours()!=null){ //매뉴구조
cntManageVO.setMenuCours(cntManageVO.getMenuCours().replace("|" , " > ")); cntManageVO.setMenuCours(cntManageVO.getMenuCours().replace("|" , " > "));
} }
@ -55,6 +56,11 @@ public class ContentController{
model.addAttribute("cntManageVO", cntManageVO); model.addAttribute("cntManageVO", cntManageVO);
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Max-Age", 0);
String sLocationUrl = "cnt/ckeditorPriview"; String sLocationUrl = "cnt/ckeditorPriview";
// String sLocationUrl = "cnt/"+cntManageVO.getCntId(); // String sLocationUrl = "cnt/"+cntManageVO.getCntId();
return sLocationUrl ; return sLocationUrl ;