jbcheong/hubez-admin
1
0
Fork 0
mirror of http://git.mhez-qa.uplus.co.kr/hubez/hubez-admin.git synced 2025-12-08 20:16:17 +09:00
Code Issues Projects Releases Wiki Activity

웹취약점, 모의해킹 조치

Browse Source
This commit is contained in:
USER
2022-08-24 14:04:30 +09:00
parent d0e0ef7020
commit a2273154d1
92 changed files with 1193 additions and 1246 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/main/java/kr/co/uplus/ez/config/SecurityConfig.java
View File

@@ -20,7 +20,7 @@ import org.springframework.web.cors.CorsUtils;
import kr.co.uplus.ez.api.login.LoginFailureHandler;
import kr.co.uplus.ez.api.login.LoginSuccessHandler;
import kr.co.uplus.ez.common.jwt.JwtAuthCookieFilter;
//import kr.co.uplus.ez.common.jwt.JwtAuthCookieFilter;
import kr.co.uplus.ez.common.jwt.JwtAuthHeaderFilter;
import kr.co.uplus.ez.common.jwt.JwtExceptionFilter;
import kr.co.uplus.ez.common.jwt.JwtProperties;
@@ -31,7 +31,7 @@ import kr.co.uplus.ez.config.filter.VueStaticFilter;
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private static final String LOGIN_FORM_URL = "/login";
public static final String LOGIN_API_URL = "/api/v1/bo/login";
public static final String LOGIN_API_URL = "/api/v1/bo/login/**";
public static final String LOGIN_FAIL_URL = "/login?error=true";
public static final String LOGIN_SUCC_URL = "/";
public static final String LOGIN_UPDATE_PWD_URL = "/view/login/updatePassword";
@@ -40,6 +40,15 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
public static final String PUBLIC_API_URL = "/api/v1/bo/**"; // 내부에서 인증없이 호출하는 API
public static final String[] REST_API_URLS = {API_URL, TEST_PERMIT_URL};
public static final String[] VUE_URL_ARRY = {
"/view/login/auth"
,"/custMgt/subsList"
,"/custMgt/memberList"
,"/custMgt/subsDetail"
,"/custMgt/memberDetail"
,"/custMgt/memberAdminDetail"
};
private static final String[] PERMIT_URL_ARRAY = {
"/login",
"/api/v1/bo/login/**",
@@ -47,7 +56,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
"/swagger-resources/**",
"/v3/api-docs",
"/v3/api-docs/**",
"/"
"/",
"/socket/**"
};
private static final String[] AUTH_URL_ARRAY = {
@@ -59,7 +69,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
"/api/v1/bo/sendNumMgt/**",
"/api/v1/bo/mntrng/**",
"/api/v1/bo/riskMgt/sendNum/**",
"/api/v1/bo/stats/**"
"/api/v1/bo/stats/**",
"/view/error/**"
};
@@ -78,17 +89,17 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
.antMatchers("/static/**", "/assets/**");
}
@Bean
public Filter jwtAuthFilter() {
return new JwtAuthCookieFilter(jwtProps);
}
// @Bean
// public Filter jwtAuthFilter() {
// return new JwtAuthCookieFilter(jwtProps);
// }
@Override
public void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(new VueStaticFilter(), UsernamePasswordAuthenticationFilter.class) // Vue에서 호출시 화면관련 URL은 / forward
.addFilterBefore(new JwtExceptionFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(jwtAuthFilter(), UsernamePasswordAuthenticationFilter.class)
// .addFilterBefore(jwtAuthFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(new JwtAuthHeaderFilter(jwtProps), UsernamePasswordAuthenticationFilter.class);
http