보안취약점 보완

2023-08-03 10:33:08 +09:00 · 2023-08-03 10:33:08 +09:00 · 78dccaf6f8
commit 78dccaf6f8
parent d0b11bd020
2 changed files with 15 additions and 3 deletions
--- a/src/main/java/kcc/kccadr/adjstExp/web/AdjstExpController.java
+++ b/src/main/java/kcc/kccadr/adjstExp/web/AdjstExpController.java
@ -6,6 +6,7 @@ import java.util.List;

 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;

 import org.apache.commons.collections.CollectionUtils;
@ -107,13 +108,18 @@ public class AdjstExpController {
 	 * 체험하기 로그인 페이지
 	 */
 	@RequestMapping("/web/kccadr/adjstExp/SsoLoginUsr.do")
-	public String SsoLoginUsr(@ModelAttribute("adjstReqVO") AdjstReqVO adjstReqVO, HttpServletRequest request, ModelMap model) throws Exception {
+	public String SsoLoginUsr(@ModelAttribute("adjstReqVO") AdjstReqVO adjstReqVO, HttpServletRequest request, ModelMap model, HttpServletResponse response) throws Exception {

 		System.out.println("adjstReqVO.getStep() :: " + adjstReqVO.getStep());
 		model.addAttribute("loginNextUrl", adjstReqVO.getLoginNextUrl());
 		model.addAttribute("step", adjstReqVO.getStep());
 		model.addAttribute("searchStatus", adjstReqVO.getSearchStatus());
 												 
+		response.setHeader("Cache-Control", "no-cache");
+        response.setDateHeader("Expires", 0);
+        response.setHeader("Pragma", "no-cache");
+        response.setDateHeader("Max-Age", 0);
+		
 		return "/web/kccadr/adjstExp/SsoLoginUsr";
 		
 	}
--- a/src/main/java/kcc/web/ContentController.java
+++ b/src/main/java/kcc/web/ContentController.java
@ -4,6 +4,7 @@ import java.util.Map;

 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;

 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
@ -29,7 +30,7 @@ public class ContentController{

 	/* content*/
 	@RequestMapping(value="/web/content.do")
-    public String contentIntro(@RequestParam Map<String, Object> commandMap, CntManageVO cntManageVO , HttpServletRequest request, Model model) throws Exception {  
+    public String contentIntro(@RequestParam Map<String, Object> commandMap, CntManageVO cntManageVO , HttpServletRequest request, Model model, HttpServletResponse response) throws Exception {  
 		if(commandMap.get("proFn")==null){
 			return "blank";
 		}
@ -45,7 +46,7 @@ public class ContentController{
 			return "cnt/"+cntManageVO.getCntId() ;
 		}
 		
-		if(cntManageVO.getMenuCours()!=null){ //매뉴구조
+		if(cntManageVO.getMenuCours()!=null){ //매뉴구조 
 			cntManageVO.setMenuCours(cntManageVO.getMenuCours().replace("|" , " > "));
 		}
 		
@ -55,6 +56,11 @@ public class ContentController{
 		
 		model.addAttribute("cntManageVO", cntManageVO);
 		
+		response.setHeader("Cache-Control", "no-cache");
+        response.setDateHeader("Expires", 0);
+        response.setHeader("Pragma", "no-cache");
+        response.setDateHeader("Max-Age", 0);
+		
 		String sLocationUrl = "cnt/ckeditorPriview";
 //		String sLocationUrl = "cnt/"+cntManageVO.getCntId();
 		return sLocationUrl ;