diff --git a/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/security/CustomUrlAuthenticationSuccessHandler.java b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/security/CustomUrlAuthenticationSuccessHandler.java
index d55c441..1d06b0d 100644
--- a/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/security/CustomUrlAuthenticationSuccessHandler.java
+++ b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/security/CustomUrlAuthenticationSuccessHandler.java
@@ -63,7 +63,7 @@ public class CustomUrlAuthenticationSuccessHandler extends SimpleUrlAuthenticati
     MediaType jsonMimeType = MediaType.APPLICATION_JSON;
     HashMap<String, Object> resultMap = new HashMap<>();
 
-    /*if(securityUser.getUserId().equals("admin") && !adminIpList.contains(accessIp)){
+    if(securityUser.getUserId().equals("admin") && !adminIpList.contains(accessIp)){
       resultMap.put("resultCode", ResponseCode.FAILED.getCode());
       resultMap.put("resultMessage", "관리자 계정은 지정된 아이피에서만 접속할 수 있습니다.\n필요한 경우 관리자에게 요청하십시오.\n접속자 아이피: "+ClientUtils.getRemoteIP(request));
     }else{
@@ -72,10 +72,7 @@ public class CustomUrlAuthenticationSuccessHandler extends SimpleUrlAuthenticati
       resultMap.put("resultCode", ResponseCode.SUCCESS.getCode());
       resultMap.put("accessToken", accessToken);
       resultMap.put("refreshToken", refreshToken);
-//    response.addHeader("Authorization", "BEARER "+accessToken);
-//    Cookie refreshTokenCookie = new Cookie("refreshToken", refreshToken);
-//    response.addCookie(refreshTokenCookie);
-    }*/
+    }
 
     String accessToken = jwtTokenUtil.generateAccessToken(securityUser, request.getRemoteAddr());
     String refreshToken = jwtTokenUtil.generateRefreshTokenToken(securityUser, request.getRemoteAddr());
diff --git a/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/util/ClientUtils.java b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/util/ClientUtils.java
index ee2a028..db51978 100644
--- a/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/util/ClientUtils.java
+++ b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/util/ClientUtils.java
@@ -1,6 +1,9 @@
 package com.dbnt.kcscbackend.config.util;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.net.URLEncoder;
 
 public class ClientUtils {
   public static String getRemoteIP(HttpServletRequest request){
@@ -45,4 +48,59 @@ public class ClientUtils {
     }
     return webType;
   }
+
+  private static String getBrowser(HttpServletRequest request) {
+    String header = request.getHeader("User-Agent");
+    if (header.indexOf("MSIE") > -1) {
+      return "MSIE";
+    } else if (header.indexOf("Trident") > -1) { // IE11 문자열 깨짐 방지
+      return "Trident";
+    } else if (header.indexOf("Chrome") > -1) {
+      return "Chrome";
+    } else if (header.indexOf("Opera") > -1) {
+      return "Opera";
+    }
+    return "Firefox";
+  }
+
+  public static void setDisposition(String filename, HttpServletRequest request, HttpServletResponse response) throws IOException {
+    String browser = getBrowser(request);
+
+    String dispositionPrefix = "attachment; filename=";
+    String encodedFilename = null;
+
+    if (browser.equals("MSIE")) {
+      encodedFilename = URLEncoder.encode(filename, "UTF-8").replaceAll("\\+", "%20");
+    } else if (browser.equals("Trident")) { // IE11 문자열 깨짐 방지
+      encodedFilename = URLEncoder.encode(filename, "UTF-8").replaceAll("\\+", "%20");
+    } else if (browser.equals("Firefox")) {
+      encodedFilename = "\"" + new String(filename.getBytes("UTF-8"), "8859_1") + "\"";
+    } else if (browser.equals("Opera")) {
+      encodedFilename = "\"" + new String(filename.getBytes("UTF-8"), "8859_1") + "\"";
+    } else if (browser.equals("Chrome")) {
+      StringBuffer sb = new StringBuffer();
+      for (int i = 0; i < filename.length(); i++) {
+        char c = filename.charAt(i);
+        if(c==','){
+          sb.append(URLEncoder.encode("，", "UTF-8"));
+        } else if (c > '~') {
+          sb.append(URLEncoder.encode("" + c, "UTF-8"));
+        } else {
+          sb.append(c);
+        }
+      }
+      encodedFilename = sb.toString();
+    } else {
+      throw new IOException("Not supported browser");
+    }
+
+    response.setHeader("Content-Disposition", dispositionPrefix + encodedFilename);
+
+    if ("Opera".equals(browser)) {
+      response.setContentType("application/octet-stream;charset=UTF-8");
+    }
+    if(filename.contains("zip")){
+      response.setContentType("application/zip");
+    }
+  }
 }
diff --git a/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/file/FileController.java b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/file/FileController.java
new file mode 100644
index 0000000..4514398
--- /dev/null
+++ b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/file/FileController.java
@@ -0,0 +1,46 @@
+package com.dbnt.kcscbackend.file;
+
+import com.dbnt.kcscbackend.config.util.ClientUtils;
+import com.dbnt.kcscbackend.file.entity.TnAttachFile;
+import com.dbnt.kcscbackend.file.service.FileService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.util.FileCopyUtils;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.*;
+
+@RestController
+@RequiredArgsConstructor
+@RequestMapping("/file")
+public class FileController {
+
+  private final FileService fileService;
+
+  @RequestMapping(method = RequestMethod.GET, value = "/download")
+  public void download(HttpServletRequest request, HttpServletResponse response, TnAttachFile tnAttachFile) throws Exception{
+
+    tnAttachFile = fileService.selectTnAttachFile(tnAttachFile);
+
+    if(tnAttachFile != null){
+      BufferedInputStream in;
+      BufferedOutputStream out;
+      try {
+        File file = new File(tnAttachFile.getFilePath());
+
+        ClientUtils.setDisposition(tnAttachFile.getFileOldName(), request, response);
+        in = new BufferedInputStream(new FileInputStream(file));
+        out = new BufferedOutputStream(response.getOutputStream());
+        FileCopyUtils.copy(in, out);
+        out.flush();
+        if(out!=null) out.close();
+        if(in!=null )in.close();
+      } catch (IOException e) {
+        e.printStackTrace();
+      }
+    }
+  }
+}
diff --git a/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/file/entity/TnAttachFile.java b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/file/entity/TnAttachFile.java
new file mode 100644
index 0000000..2909234
--- /dev/null
+++ b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/file/entity/TnAttachFile.java
@@ -0,0 +1,57 @@
+package com.dbnt.kcscbackend.file.entity;
+
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import org.hibernate.annotations.DynamicInsert;
+import org.hibernate.annotations.DynamicUpdate;
+import org.springframework.format.annotation.DateTimeFormat;
+
+import javax.persistence.*;
+import java.time.LocalDateTime;
+
+
+@Getter
+@Setter
+@Entity
+@NoArgsConstructor
+@DynamicInsert
+@DynamicUpdate
+@Table(name = "tn_attach_file")
+public class TnAttachFile {
+  @Id
+  @GeneratedValue(strategy = GenerationType.IDENTITY)
+  @Column(name = "file_seq")
+  private Integer fileSeq;
+  @Column(name = "file_grp_id")
+  private String fileGrpId;
+  @Column(name = "file_order")
+  private Integer fileOrder;
+  @Column(name = "file_old_name")
+  private String fileOldName;
+  @Column(name = "file_new_name")
+  private String fileNewName;
+  @Column(name = "file_path")
+  private String filePath;
+  @Column(name = "file_size")
+  private Integer fileSize;
+  @Column(name = "file_ext")
+  private String fileExt;
+  @Column(name = "down_cnt")
+  private Integer downCnt;
+  @Column(name = "frst_crt_id")
+  private String frstCrtId;
+  @Column(name = "frst_crt_dt")
+  @DateTimeFormat(pattern = "yyyy-MM-dd HH:mm:ss")
+  private LocalDateTime frstCrtDt;
+  @Column(name = "last_chg_id")
+  private String lastChgId;
+  @Column(name = "last_chg_dt")
+  @DateTimeFormat(pattern = "yyyy-MM-dd HH:mm:ss")
+  private LocalDateTime lastChgDt;
+  @Column(name = "use_yn")
+  private String useYn;
+  @Column(name = "old_seq")
+  private Integer oldSeq;
+
+}
diff --git a/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/file/repository/TnAttachFileRepository.java b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/file/repository/TnAttachFileRepository.java
new file mode 100644
index 0000000..2dc6ff1
--- /dev/null
+++ b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/file/repository/TnAttachFileRepository.java
@@ -0,0 +1,11 @@
+package com.dbnt.kcscbackend.file.repository;
+
+import com.dbnt.kcscbackend.file.entity.TnAttachFile;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.util.Optional;
+
+public interface TnAttachFileRepository extends JpaRepository<TnAttachFile, Integer> {
+
+  Optional<TnAttachFile> findByFileGrpId(String fileGrpId);
+}
diff --git a/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/file/service/FileService.java b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/file/service/FileService.java
new file mode 100644
index 0000000..6efba37
--- /dev/null
+++ b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/file/service/FileService.java
@@ -0,0 +1,23 @@
+package com.dbnt.kcscbackend.file.service;
+
+import com.dbnt.kcscbackend.file.entity.TnAttachFile;
+import com.dbnt.kcscbackend.file.repository.TnAttachFileRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+
+@Service
+@RequiredArgsConstructor
+public class FileService {
+
+  private final TnAttachFileRepository tnAttachFileRepository;
+
+
+  public TnAttachFile selectTnAttachFile(TnAttachFile tnAttachFile) {
+    if(tnAttachFile.getFileSeq()!=null){
+      return tnAttachFileRepository.findById(tnAttachFile.getFileSeq()).orElse(null);
+    }else{
+      return tnAttachFileRepository.findByFileGrpId(tnAttachFile.getFileGrpId()).orElse(null);
+    }
+
+  }
+}