mjon_admin/src/main/java/itn/com/cmm/util/TokenUtil.java

/*
 * Copyright 2008-2009 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package itn.com.cmm.util;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.multipart.MultipartHttpServletRequest;

import egovframework.rte.fdl.idgnr.impl.Base64;

public class TokenUtil {

	private static final String TOKEN_KEY = "TOKEN_KEY";
	private static final Logger logger = Logger.getLogger(TokenUtil.class.getName());
 
	 /**
	  * 로직처리를 위해 세션과 request에 Token 생성
	  * 
	  * @param request
	  */
	 public static void saveToken(HttpServletRequest request) {
		  HttpSession session = request.getSession(true);
		  long systemTime = System.currentTimeMillis();
		  byte[] time = new Long(systemTime).toString().getBytes();
		  byte[] id = session.getId().getBytes();
		   
		  try {
			   MessageDigest SHA = MessageDigest.getInstance("SHA-256");
			   SHA.update(id);
			   SHA.update(time);
			 
			   String token = Base64.encode(SHA.digest());
			   request.setAttribute(TOKEN_KEY, token);
			   session.setAttribute(TOKEN_KEY, token);
			    
			   logger.error("#########################################################################");
			   logger.error("# Generate Token Key Value = " + token + " #");
			   logger.error("#########################################################################");
			    
		  } catch (NoSuchAlgorithmException e) {
			  System.out.println("토큰에러");
		  }
	 }
 
	 /**
	  * 로직처리 이후 중복방지를 위해 세션의 Token 초기화
	  * 
	  * @param request
	  */
	 public static void resetToken(HttpServletRequest request) {
		  HttpSession session = request.getSession(true);
		 
		  try {
			  session.removeAttribute(TOKEN_KEY);
		  } catch (Exception e) {
			  System.out.println("토큰에러");
		  }
	 }
 
	 /**
	  * 세션과 request의 Token이 동일한지 비교
	  * 
	  * @param request
	  * @return
	  */
	 public static boolean isTokenValid(HttpServletRequest request) {
		  HttpSession session = request.getSession(true);
		  String requestToken = request.getParameter(TOKEN_KEY);
		  String sessionToken = (String) session.getAttribute(TOKEN_KEY);
		 
		  if (requestToken == null || sessionToken == null) {
			  logger.error("# null #");
		   	  return false;
		  } else {
			  logger.error("# notnull #");
			  return requestToken.equals(sessionToken);
		  }
	 }
	 
}