tolag3/kcc_adr_advc_git
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

보안취약점 보완

Browse Source
This commit is contained in:
leejunho 2023-08-03 10:33:08 +09:00
parent d0b11bd020
commit 78dccaf6f8
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/java/kcc/kccadr/adjstExp/web/AdjstExpController.java
View File

@ -6,6 +6,7 @@ import java.util.List;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.collections.CollectionUtils;
@ -107,13 +108,18 @@ public class AdjstExpController {
* 체험하기 로그인 페이지
*/
@RequestMapping("/web/kccadr/adjstExp/SsoLoginUsr.do")
public String SsoLoginUsr(@ModelAttribute("adjstReqVO") AdjstReqVO adjstReqVO, HttpServletRequest request, ModelMap model) throws Exception {
public String SsoLoginUsr(@ModelAttribute("adjstReqVO") AdjstReqVO adjstReqVO, HttpServletRequest request, ModelMap model, HttpServletResponse response) throws Exception {
System.out.println("adjstReqVO.getStep() :: " + adjstReqVO.getStep());
model.addAttribute("loginNextUrl", adjstReqVO.getLoginNextUrl());
model.addAttribute("step", adjstReqVO.getStep());
model.addAttribute("searchStatus", adjstReqVO.getSearchStatus());
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Max-Age", 0);
return "/web/kccadr/adjstExp/SsoLoginUsr";
}

8
src/main/java/kcc/web/ContentController.java
View File

@ -4,6 +4,7 @@ import java.util.Map;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
@ -29,7 +30,7 @@ public class ContentController{
/* content*/
@RequestMapping(value="/web/content.do")
public String contentIntro(@RequestParam Map<String, Object> commandMap, CntManageVO cntManageVO , HttpServletRequest request, Model model) throws Exception {
public String contentIntro(@RequestParam Map<String, Object> commandMap, CntManageVO cntManageVO , HttpServletRequest request, Model model, HttpServletResponse response) throws Exception {
if(commandMap.get("proFn")==null){
return "blank";
}
@ -55,6 +56,11 @@ public class ContentController{
model.addAttribute("cntManageVO", cntManageVO);
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Max-Age", 0);
String sLocationUrl = "cnt/ckeditorPriview";
// String sLocationUrl = "cnt/"+cntManageVO.getCntId();
return sLocationUrl ;