diff --git a/src/main/java/com/itn/mjonApi/cmn/interceptor/CertifInterceptor.java b/src/main/java/com/itn/mjonApi/cmn/interceptor/CertifInterceptor.java index c4a402f..a2a375e 100644 --- a/src/main/java/com/itn/mjonApi/cmn/interceptor/CertifInterceptor.java +++ b/src/main/java/com/itn/mjonApi/cmn/interceptor/CertifInterceptor.java @@ -1,5 +1,20 @@ package com.itn.mjonApi.cmn.interceptor; +import java.util.ArrayList; +import java.util.List; + +import javax.annotation.Resource; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; +import org.springframework.util.StringUtils; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import org.springframework.web.servlet.HandlerInterceptor; +import org.springframework.web.servlet.ModelAndView; + //import java.sql.Date; import com.itn.mjonApi.cmn.idgen.mapper.domain.AccessKeyVO; @@ -7,16 +22,7 @@ import com.itn.mjonApi.cmn.idgen.mapper.domain.LettnLoginLogVO; import com.itn.mjonApi.cmn.idgen.service.IdgenService; import com.itn.mjonApi.mjon.api.access.service.AccessKeyService; import com.itn.mjonApi.mjon.log.service.LettnLoginLogService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; -import org.springframework.web.servlet.HandlerInterceptor; -import org.springframework.web.servlet.ModelAndView; -import javax.annotation.Resource; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; /** * packageName : com.itn.mjonApi.mjon.send.web @@ -46,14 +52,56 @@ public class CertifInterceptor implements HandlerInterceptor{ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { + { + String clientIp = null; + boolean isIpInHeader = false; + + List headerList = new ArrayList<>(); + headerList.add("X-Forwarded-For"); + headerList.add("HTTP_CLIENT_IP"); + headerList.add("HTTP_X_FORWARDED_FOR"); + headerList.add("HTTP_X_FORWARDED"); + headerList.add("HTTP_FORWARDED_FOR"); + headerList.add("HTTP_FORWARDED"); + headerList.add("Proxy-Client-IP"); + headerList.add("WL-Proxy-Client-IP"); + headerList.add("HTTP_VIA"); + headerList.add("IPV6_ADR"); + + for (String header : headerList) { + clientIp = request.getHeader(header); + if (StringUtils.hasText(clientIp) && !clientIp.equals("unknown")) { + isIpInHeader = true; + break; + } + } + + if (!isIpInHeader) { + clientIp = request.getRemoteAddr(); + } + + System.out.println(clientIp); + System.out.println(clientIp); + System.out.println(clientIp); + } // URL 접속정보 - String referer = request.getHeader("Referer"); + //String referer = request.getHeader("Referer"); //System.out.println("=====preHandle=5=apikey=refer="+referer); + String serverIp = request.getRemoteAddr(); + System.out.println("request.getRemoteAddr()"); + System.out.println(request.getRemoteAddr()); + System.out.println(request.getRemoteHost()); + System.out.println(request.getRemotePort()); + System.out.println(request.getRemoteUser()); + System.out.println("request.getRemoteAddr()"); + //step0-1.log 남기기 //step0-2.IP 체크 { try{ + String referer = request.getHeader("Referer"); + //step0-1.log 남기기 LettnLoginLogVO lettnLoginLogVO = new LettnLoginLogVO(); @@ -118,6 +166,7 @@ public class CertifInterceptor implements HandlerInterceptor{ //step1.키 검증 - accessKey & mberId 는 검증을 위한 필수값 { try{ + String referer = request.getHeader("Referer"); AccessKeyVO accessKeyVO = new AccessKeyVO(); accessKeyVO.setAccessKey(request.getParameter("accessKey")); accessKeyVO.setMberId(request.getParameter("mberId")); diff --git a/src/main/resources/mapper/api/AccessKeyMapper.xml b/src/main/resources/mapper/api/AccessKeyMapper.xml index daf0c34..1bc87f9 100644 --- a/src/main/resources/mapper/api/AccessKeyMapper.xml +++ b/src/main/resources/mapper/api/AccessKeyMapper.xml @@ -92,6 +92,7 @@ , lettngnrlmber_access_call_info b WHERE 1=1 + AND a.USE_YN = 'Y' AND a.ACCESS_KEY = #{accessKey} AND a.MBER_ID = #{mberId} AND a.ACCESS_no = b.ACCESS_NO