tolag3/mjon_api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2023-05-17 12:48 API KEY 접속 방법 테스트

Browse Source
This commit is contained in:
myname 2023-05-17 12:49:11 +09:00
parent 2b4fbc7773
commit 55c0d88505
2 changed files with 60 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
src/main/java/com/itn/mjonApi/cmn/interceptor/CertifInterceptor.java
View File

@ -1,5 +1,20 @@
package com.itn.mjonApi.cmn.interceptor;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
//import java.sql.Date;
import com.itn.mjonApi.cmn.idgen.mapper.domain.AccessKeyVO;
@ -7,16 +22,7 @@ import com.itn.mjonApi.cmn.idgen.mapper.domain.LettnLoginLogVO;
import com.itn.mjonApi.cmn.idgen.service.IdgenService;
import com.itn.mjonApi.mjon.api.access.service.AccessKeyService;
import com.itn.mjonApi.mjon.log.service.LettnLoginLogService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* packageName : com.itn.mjonApi.mjon.send.web
@ -46,14 +52,56 @@ public class CertifInterceptor implements HandlerInterceptor{
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
{
String clientIp = null;
boolean isIpInHeader = false;
List<String> headerList = new ArrayList<>();
headerList.add("X-Forwarded-For");
headerList.add("HTTP_CLIENT_IP");
headerList.add("HTTP_X_FORWARDED_FOR");
headerList.add("HTTP_X_FORWARDED");
headerList.add("HTTP_FORWARDED_FOR");
headerList.add("HTTP_FORWARDED");
headerList.add("Proxy-Client-IP");
headerList.add("WL-Proxy-Client-IP");
headerList.add("HTTP_VIA");
headerList.add("IPV6_ADR");
for (String header : headerList) {
clientIp = request.getHeader(header);
if (StringUtils.hasText(clientIp) && !clientIp.equals("unknown")) {
isIpInHeader = true;
break;
}
}
if (!isIpInHeader) {
clientIp = request.getRemoteAddr();
}
System.out.println(clientIp);
System.out.println(clientIp);
System.out.println(clientIp);
}
// URL 접속정보
String referer = request.getHeader("Referer");
//String referer = request.getHeader("Referer");
//System.out.println("=====preHandle=5=apikey=refer="+referer);
String serverIp = request.getRemoteAddr();
System.out.println("request.getRemoteAddr()");
System.out.println(request.getRemoteAddr());
System.out.println(request.getRemoteHost());
System.out.println(request.getRemotePort());
System.out.println(request.getRemoteUser());
System.out.println("request.getRemoteAddr()");
//step0-1.log 남기기
//step0-2.IP 체크
{
try{
String referer = request.getHeader("Referer");
//step0-1.log 남기기
LettnLoginLogVO lettnLoginLogVO = new LettnLoginLogVO();
@ -118,6 +166,7 @@ public class CertifInterceptor implements HandlerInterceptor{
//step1. 검증 - accessKey & mberId 검증을 위한 필수값
{
try{
String referer = request.getHeader("Referer");
AccessKeyVO accessKeyVO = new AccessKeyVO();
accessKeyVO.setAccessKey(request.getParameter("accessKey"));
accessKeyVO.setMberId(request.getParameter("mberId"));

1
src/main/resources/mapper/api/AccessKeyMapper.xml
View File

@ -92,6 +92,7 @@
, lettngnrlmber_access_call_info b
WHERE
1=1
AND a.USE_YN = 'Y'
AND a.ACCESS_KEY = #{accessKey}
AND a.MBER_ID = #{mberId}
AND a.ACCESS_no = b.ACCESS_NO