diff --git a/src/main/java/com/itn/mjonApi/cmn/config/WebConfig.java b/src/main/java/com/itn/mjonApi/cmn/config/WebConfig.java index 90a4a13..f95837b 100644 --- a/src/main/java/com/itn/mjonApi/cmn/config/WebConfig.java +++ b/src/main/java/com/itn/mjonApi/cmn/config/WebConfig.java @@ -22,17 +22,17 @@ import com.itn.mjonApi.cmn.interceptor.CertifInterceptor; @Configuration public class WebConfig implements WebMvcConfigurer { - @Bean - public CertifInterceptor certificationInterceptor(){ + public CertifInterceptor certifInterceptor(){ return new CertifInterceptor(); } @Override public void addInterceptors(InterceptorRegistry registry) { - - registry.addInterceptor(certificationInterceptor()) - .addPathPatterns("/api/**"); + registry.addInterceptor(certifInterceptor()) + .addPathPatterns("/api/accessKey/**") + //.addPathPatterns("/api/accessTest/**") + ; //.excludePathPatterns("/css/**", "/images/**", "/js/**"); } diff --git a/src/main/java/com/itn/mjonApi/cmn/idgen/mapper/domain/AccessKeyVO.java b/src/main/java/com/itn/mjonApi/cmn/idgen/mapper/domain/AccessKeyVO.java index e40e406..dddbcf0 100644 --- a/src/main/java/com/itn/mjonApi/cmn/idgen/mapper/domain/AccessKeyVO.java +++ b/src/main/java/com/itn/mjonApi/cmn/idgen/mapper/domain/AccessKeyVO.java @@ -28,5 +28,8 @@ public class AccessKeyVO implements Serializable { private String accessToken; //access_token 고유번호 private String tokenObj; //access_token 고유번호 private String expirePnttm; //access_token 파기일시 + + //for call_info + private String callInfo; //access_token 고유번호 } \ No newline at end of file diff --git a/src/main/java/com/itn/mjonApi/cmn/interceptor/CertifInterceptor.java b/src/main/java/com/itn/mjonApi/cmn/interceptor/CertifInterceptor.java index eeb7d7a..c4a402f 100644 --- a/src/main/java/com/itn/mjonApi/cmn/interceptor/CertifInterceptor.java +++ b/src/main/java/com/itn/mjonApi/cmn/interceptor/CertifInterceptor.java @@ -8,6 +8,7 @@ import com.itn.mjonApi.cmn.idgen.service.IdgenService; import com.itn.mjonApi.mjon.api.access.service.AccessKeyService; import com.itn.mjonApi.mjon.log.service.LettnLoginLogService; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import org.springframework.web.servlet.HandlerInterceptor; @@ -44,19 +45,10 @@ public class CertifInterceptor implements HandlerInterceptor{ @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - //HttpSession session = request.getSession(); - System.out.println("=====preHandle=4=apikey=="); - System.out.println("=====preHandle=4=apikey=="+request.getRequestURI()); - - System.out.println("=====preHandle=4=apikey=="+request.getRemoteAddr()); - System.out.println("=====preHandle=4=apikey=="+request.getRemoteHost()); - System.out.println("=====preHandle=4=apikey=="+request.getRemotePort()); - System.out.println("=====preHandle=4=apikey=="+request.getRemoteUser()); - System.out.println("=====preHandle=4=apikey=="+request.getRequestedSessionId()); - System.out.println("=====preHandle=4=apikey=="); - - + // URL 접속정보 + String referer = request.getHeader("Referer"); + //System.out.println("=====preHandle=5=apikey=refer="+referer); //step0-1.log 남기기 //step0-2.IP 체크 @@ -79,13 +71,13 @@ public class CertifInterceptor implements HandlerInterceptor{ lettnLoginLogVO.setConectId(request.getParameter("mberId")); //device type - if(isMobile(request)){ + if(_isMobile(request)){ lettnLoginLogVO.setDeviceType("M"); }else{ lettnLoginLogVO.setDeviceType("P"); } - //program_nm + //program_nm - API 값 고정 lettnLoginLogVO.setProgrmFileNm("API"); lettnLoginLogVO.setMenuNm("API"); lettnLoginLogVO.setMenuNo("100"); @@ -106,18 +98,19 @@ public class CertifInterceptor implements HandlerInterceptor{ lettnLoginLogVO = lettnLoginLogService.selectIgnoreIpCnt(lettnLoginLogVO); int i_ignoreCnt = lettnLoginLogVO.getCnt(); + //IP 접근 제어 if (i_ignoreCnt>0) { //제한 아이피인 경우는 화면 안나옴 처리 - response.setContentType("application/json"); - response.setCharacterEncoding("UTF-8"); - response.getWriter().write("{\"resultCode\":\"403\",\"message\":\"Forbidden\"}"); - - return false; - } + this._jsonResult(response, HttpStatus.FORBIDDEN); + return false; + } }catch(Exception ex) { ex.printStackTrace(); + //내부 오류 + this._jsonResult(response, HttpStatus.INTERNAL_SERVER_ERROR); + return false; } } @@ -128,27 +121,26 @@ public class CertifInterceptor implements HandlerInterceptor{ AccessKeyVO accessKeyVO = new AccessKeyVO(); accessKeyVO.setAccessKey(request.getParameter("accessKey")); accessKeyVO.setMberId(request.getParameter("mberId")); + accessKeyVO.setCallInfo(referer); accessKeyVO = accessKeyService.selectRKey(accessKeyVO); + //인증 실패 if (accessKeyVO ==null) { - response.setContentType("application/json"); - response.setCharacterEncoding("UTF-8"); - response.getWriter().write("{\"resultCode\":\"401\",\"message\":\"Unauthorized\"}"); + this._jsonResult(response, HttpStatus.UNAUTHORIZED); return false; } }catch(Exception ex) { ex.printStackTrace(); - response.setContentType("application/json"); - response.setCharacterEncoding("UTF-8"); - response.getWriter().write("{\"resultCode\":\"401\",\"message\":\"Unauthorized\"}"); - + //내부 오류 + this._jsonResult(response, HttpStatus.INTERNAL_SERVER_ERROR); return false; } - } + } + return true; } @@ -170,8 +162,10 @@ public class CertifInterceptor implements HandlerInterceptor{ } + /////////////////////////////////////////////////////////////////////////////////////////////////// /*모바일접속 유무*/ - private boolean isMobile(HttpServletRequest request) { + /////////////////////////////////////////////////////////////////////////////////////////////////// + private boolean _isMobile(HttpServletRequest request) throws Exception{ String userAgent = request.getHeader("user-agent"); boolean mobile1 = userAgent.matches(".*(iPhone|iPod|Android|Windows CE|BlackBerry|Symbian|Windows Phone|webOS|Opera Mini|Opera Mobi|POLARIS|IEMobile|lgtelecom|nokia|SonyEricsson).*"); boolean mobile2 = userAgent.matches(".*(LG|SAMSUNG|Samsung).*"); @@ -180,5 +174,16 @@ public class CertifInterceptor implements HandlerInterceptor{ } return false; } + + private void _jsonResult( + HttpServletResponse p_response + , HttpStatus p_HttpStatus + ) throws Exception{ + p_response.setContentType("application/json"); + p_response.setCharacterEncoding("UTF-8"); + p_response.getWriter().write("{\"resultCode\":\""+p_HttpStatus.value()+"\",\"message\":\""+p_HttpStatus.getReasonPhrase()+"\"}"); + + //return "{\"resultCode\":\""+p_HttpStatus.value()+"\",\"message\":\""+p_HttpStatus.getReasonPhrase()+"\"}"; + } } diff --git a/src/main/java/com/itn/mjonApi/mjon/api/access/web/AccessKeyRestController.java b/src/main/java/com/itn/mjonApi/mjon/api/access/web/AccessKeyRestController.java index 683b3b5..32d7059 100644 --- a/src/main/java/com/itn/mjonApi/mjon/api/access/web/AccessKeyRestController.java +++ b/src/main/java/com/itn/mjonApi/mjon/api/access/web/AccessKeyRestController.java @@ -1,19 +1,23 @@ package com.itn.mjonApi.mjon.api.access.web; +import java.time.LocalDateTime; + +import org.json.simple.JSONObject; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.CrossOrigin; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.ModelAttribute; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RestController; + import com.itn.mjonApi.cmn.idgen.mapper.domain.SendMsgVO; import com.itn.mjonApi.cmn.msg.PlainResponse; import com.itn.mjonApi.cmn.msg.RestResponse; import com.itn.mjonApi.mjon.api.access.service.AccessKeyService; import com.itn.mjonApi.mjon.api.access.service.AccessTokenService; -import org.json.simple.JSONObject; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.http.ResponseEntity; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.ModelAttribute; -import org.springframework.web.bind.annotation.RestController; - -import java.time.LocalDateTime; /** * @author User @@ -30,6 +34,28 @@ public class AccessKeyRestController { @Autowired private AccessTokenService accessTokenService; + // + /** + * api test for get + * @return + * + */ + @CrossOrigin("*") // 모든 요청에 접근 허용 + @RequestMapping(value="/api/accessTest/Test", method= {RequestMethod.GET, RequestMethod.POST}) + public ResponseEntity apiAccessTestTestGet( + SendMsgVO sendMsgVO + ){ + + return ResponseEntity.ok( + new RestResponse( + HttpStatus.OK + , HttpStatus.OK.getReasonPhrase() + , LocalDateTime.now() + ) + ); + } + + // /** * @param p_name_1 @@ -45,7 +71,10 @@ public class AccessKeyRestController { * 2.plain text * */ - @GetMapping("/api/accessKey/SendMsg") + + @CrossOrigin("*") // 모든 요청에 접근 허용 + //@GetMapping("/api/accessKey/SendMsg") + @RequestMapping(value="/api/accessKey/SendMsg", method= {RequestMethod.GET, RequestMethod.POST}) public ResponseEntity apiaccessKeysendMsg( SendMsgVO sendMsgVO ){ diff --git a/src/main/resources/mapper/api/AccessKeyMapper.xml b/src/main/resources/mapper/api/AccessKeyMapper.xml index 8ebd2c7..daf0c34 100644 --- a/src/main/resources/mapper/api/AccessKeyMapper.xml +++ b/src/main/resources/mapper/api/AccessKeyMapper.xml @@ -89,10 +89,14 @@ FROM a + , lettngnrlmber_access_call_info b WHERE 1=1 - AND a.ACCESS_KEY = #{accessKey} - AND a.MBER_ID = #{mberId} + AND a.ACCESS_KEY = #{accessKey} + AND a.MBER_ID = #{mberId} + AND a.ACCESS_no = b.ACCESS_NO + AND b.CALL_INFO LIKE CONCAT(#{callInfo}, '%') +