tolag3/kcc_adr_advc_git
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

이준호 전자조정시스템 안정화 커밋

Browse Source 
- 웹취약점 수정
 	- 개별 주소 노출 취약점 수정
This commit is contained in:
leejunho 2024-07-04 12:00:46 +09:00
parent 63e93292d8
commit 847d61851f
1 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/main/java/kcc/let/uat/uia/web/EgovLoginController.java
View File

@ -143,6 +143,9 @@ public class EgovLoginController {
@Value("#{globalSettings['Globals.sso.pwFindUrl']}") @Value("#{globalSettings['Globals.sso.pwFindUrl']}")
private String pwFindUrl_Global; private String pwFindUrl_Global;
@Value("#{globalSettings['Globals.prod.islocal']}")
private String islocal;
/** EgovLoginService */ /** EgovLoginService */
@Resource(name = "loginService") @Resource(name = "loginService")
private EgovLoginService loginService; private EgovLoginService loginService;
@ -1548,7 +1551,34 @@ public class EgovLoginController {
if ("web".equals((String) session.getAttribute("pageType"))) { if ("web".equals((String) session.getAttribute("pageType"))) {
// pageType(Web은 사용자 이외는 관리자) // pageType(Web은 사용자 이외는 관리자)
if (savedRequest != null) { if (savedRequest != null) {
session.setAttribute("beforeUrl", savedRequest.getRedirectUrl()); // session.setAttribute("beforeUrl", savedRequest.getRedirectUrl());
//서버정보 받아오기
String scheme = request.getScheme();
String serverName = request.getServerName();
String serverPort = String.valueOf(request.getServerPort());
if(!"".equals(serverPort)) serverPort = ":" + serverPort;
String requestUrl = scheme + "://" + serverName + serverPort;
String beforeUrl = savedRequest
.getRedirectUrl()
.toString()
.substring(savedRequest
.getRedirectUrl()
.toString()
.indexOf("/",8),
savedRequest
.getRedirectUrl()
.toString()
.length()
);
if("real".equals(islocal)) {
session.setAttribute("beforeUrl", "https://adr.copyright.or.kr"+beforeUrl);
}else {
session.setAttribute("beforeUrl", requestUrl+beforeUrl);
}
/* return "redirect:/web/user/login/login.do"; */ /* return "redirect:/web/user/login/login.do"; */
redirectAttributes.addFlashAttribute("message", "로그인 후 이용해 주세요."); redirectAttributes.addFlashAttribute("message", "로그인 후 이용해 주세요.");
return "redirect:/web/user/login/ssoLogin.do"; return "redirect:/web/user/login/ssoLogin.do";