diff --git a/egovframe-template-simple-react-contribution/src/pages/login/EgovLoginContent.jsx b/egovframe-template-simple-react-contribution/src/pages/login/EgovLoginContent.jsx index e2c893d..b28bbcd 100644 --- a/egovframe-template-simple-react-contribution/src/pages/login/EgovLoginContent.jsx +++ b/egovframe-template-simple-react-contribution/src/pages/login/EgovLoginContent.jsx @@ -82,14 +82,14 @@ function EgovLoginContent(props) { EgovNet.requestFetch(loginUrl, requestOptions, (resp) => { - let accessToken = resp?.accessToken || null; - let resultVO = parseJwt(accessToken); - let refreshToken = resp?.refreshToken || null; - - // setSessionItem('accessToken', accessToken); - setLocalItem('accessToken', accessToken); - setLocalItem('refreshToken', refreshToken); if (Number(resp.resultCode) === Number(CODE.RCV_SUCCESS)) { + let accessToken = resp?.accessToken || null; + let resultVO = parseJwt(accessToken); + let refreshToken = resp?.refreshToken || null; + + // setSessionItem('accessToken', accessToken); + setLocalItem('accessToken', accessToken); + setLocalItem('refreshToken', refreshToken); // setSessionItem('loginUser', resultVO); props.onChangeLogin(resultVO); if (saveIDFlag) { diff --git a/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/security/CustomUrlAuthenticationSuccessHandler.java b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/security/CustomUrlAuthenticationSuccessHandler.java index 9e45e94..f2a3f7d 100644 --- a/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/security/CustomUrlAuthenticationSuccessHandler.java +++ b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/security/CustomUrlAuthenticationSuccessHandler.java @@ -1,8 +1,10 @@ package com.dbnt.kcscbackend.config.security; import com.dbnt.kcscbackend.auth.entity.UserInfo; +import com.dbnt.kcscbackend.config.common.ResponseCode; +import com.dbnt.kcscbackend.config.egov.EgovProperties; import com.dbnt.kcscbackend.config.jwt.EgovJwtTokenUtil; -import lombok.NoArgsConstructor; +import com.dbnt.kcscbackend.config.util.ClientUtils; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Configuration; import org.springframework.http.MediaType; @@ -17,11 +19,12 @@ import org.springframework.security.web.savedrequest.RequestCache; import org.springframework.security.web.savedrequest.SavedRequest; import javax.servlet.ServletException; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; +import java.util.Arrays; import java.util.HashMap; +import java.util.List; @RequiredArgsConstructor @Configuration @@ -30,6 +33,8 @@ public class CustomUrlAuthenticationSuccessHandler extends SimpleUrlAuthenticati private final EgovJwtTokenUtil jwtTokenUtil; private RequestCache requestCache = new HttpSessionRequestCache(); + private static final List adminIpList = Arrays.asList(EgovProperties.getProperty("Globals.admin.allow-ip").split(",")); + @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException { @@ -48,20 +53,24 @@ public class CustomUrlAuthenticationSuccessHandler extends SimpleUrlAuthenticati securityUser = (UserInfo) principal; } } - // application/json(ajax) 요청일 경우 아래의 처리! MappingJackson2HttpMessageConverter jsonConverter = new MappingJackson2HttpMessageConverter(); MediaType jsonMimeType = MediaType.APPLICATION_JSON; - - String accessToken = jwtTokenUtil.generateAccessToken(securityUser, request.getRemoteAddr()); - String refreshToken = jwtTokenUtil.generateRefreshTokenToken(securityUser, request.getRemoteAddr()); HashMap resultMap = new HashMap<>(); - resultMap.put("resultCode", "200"); - resultMap.put("accessToken", accessToken); - resultMap.put("refreshToken", refreshToken); + if(securityUser.getUserId().equals("admin") && !adminIpList.contains(ClientUtils.getRemoteIP(request))){ + resultMap.put("resultCode", ResponseCode.FAILED.getCode()); + resultMap.put("resultMessage", "관리자 계정은 지정된 아이피에서만 접속할 수 있습니다.\n필요한 경우 관리자에게 요청하십시오.\n접속자 아이피: "+ClientUtils.getRemoteIP(request)); + }else{ + String accessToken = jwtTokenUtil.generateAccessToken(securityUser, request.getRemoteAddr()); + String refreshToken = jwtTokenUtil.generateRefreshTokenToken(securityUser, request.getRemoteAddr()); + resultMap.put("resultCode", ResponseCode.SUCCESS.getCode()); + resultMap.put("accessToken", accessToken); + resultMap.put("refreshToken", refreshToken); // response.addHeader("Authorization", "BEARER "+accessToken); // Cookie refreshTokenCookie = new Cookie("refreshToken", refreshToken); // response.addCookie(refreshTokenCookie); + } + if (jsonConverter.canWrite(resultMap.getClass(), jsonMimeType)) { jsonConverter.write(resultMap, jsonMimeType, new ServletServerHttpResponse(response)); } diff --git a/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/util/ClientUtils.java b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/util/ClientUtils.java new file mode 100644 index 0000000..0581e9f --- /dev/null +++ b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/util/ClientUtils.java @@ -0,0 +1,32 @@ +package com.dbnt.kcscbackend.config.util; + +import javax.servlet.http.HttpServletRequest; + +public class ClientUtils { + public static String getRemoteIP(HttpServletRequest request){ + String ip = request.getHeader("X-FORWARDED-FOR"); + + //proxy 환경일 경우 + if (ip == null || ip.isEmpty()) { + ip = request.getHeader("Proxy-Client-IP"); + } + //웹로직 서버일 경우 + if (ip == null || ip.isEmpty()) { + ip = request.getHeader("WL-Proxy-Client-IP"); + } + if (ip == null || ip.isEmpty()) { + ip = request.getRemoteAddr() ; + } + if (ip == null || ip.isEmpty()) { + ip = request.getHeader("HTTP_CLIENT_IP"); + } + if (ip == null || ip.isEmpty()) { + ip = request.getHeader("HTTP_X_FORWARDED_FOR"); + } + if (ip == null || ip.isEmpty()) { + ip = request.getRemoteAddr(); + } + + return ip; + } +} diff --git a/kcsc-back-end/src/main/resources/application-dev.properties b/kcsc-back-end/src/main/resources/application-dev.properties index 42710e9..e3b636c 100644 --- a/kcsc-back-end/src/main/resources/application-dev.properties +++ b/kcsc-back-end/src/main/resources/application-dev.properties @@ -32,4 +32,4 @@ logging.level.com.atoz_develop.mybatissample.repository=TRACE # File Config Globals.posblAtchFileSize=5242880 Globals.fileStorePath=D:\\kcsc -Globals.addedOptions=false \ No newline at end of file +Globals.addedOptions=false diff --git a/kcsc-back-end/src/main/resources/application-prod.properties b/kcsc-back-end/src/main/resources/application-prod.properties index b39036c..f2215a0 100644 --- a/kcsc-back-end/src/main/resources/application-prod.properties +++ b/kcsc-back-end/src/main/resources/application-prod.properties @@ -35,4 +35,4 @@ logging.level.com.atoz_develop.mybatissample.repository=info # File Config Globals.posblAtchFileSize=5242880 Globals.fileStorePath=C:\\kcsc_web\\uploadedFile -Globals.addedOptions=false \ No newline at end of file +Globals.addedOptions=false diff --git a/kcsc-back-end/src/main/resources/application.properties b/kcsc-back-end/src/main/resources/application.properties index 83507ed..b0aedf0 100644 --- a/kcsc-back-end/src/main/resources/application.properties +++ b/kcsc-back-end/src/main/resources/application.properties @@ -13,5 +13,8 @@ spring.redis.port=6379 # secret key Globals.jwt.secret = qWwMroux3QtiIJcPSIZARNTZEBBnWVH0jZ2Lx7tfFChCYi0ViZllo1bekZdiU0B3FRjJI7g90n0ha120dwlz8JZU8rOkmNCe9Uq0 +# admin allow ip +Globals.admin.allow-ip = 218.49.16.81,218.49.21.183,218.49.16.168,218.49.17.102,218.49.21.222,218.49.17.229,218.49.16.219,218.49.17.66,218.49.16.40,218.49.17.205,218.49.21.164,218.49.17.122,218.49.17.199,218.49.17.121,218.49.17.28,218.49.20.33,218.49.20.207,218.49.16.79,218.49.16.250,58.234.249.138,218.49.22.51,218.49.21.238,127.0.0.1,0:0:0:0:0:0:0:1 + #?????? ???? ? #?? : ??? ??? "egovframe"? ????? ???? ????? ????.