중간저장

egovframe-template-simple-react-contribution/src/api/egovFetch.js

@@ -16,12 +16,11 @@ export function requestFetch(url, requestOptions, handler, errorHandler) {
     console.log("requestFetch [requestOption] : ", requestOptions);
 
     // Login 했을경우 JWT 설정
-    const sessionUser = getLocalItem('loginUser');
-    const sessionUserId = sessionUser?.userId || null;
     const jToken = getLocalItem('jToken');
-    const userInfo = parseJwt(jToken);
+    const sessionUser = parseJwt(jToken);
+    const sessionUserId = sessionUser?.id || null;
     const refreshToken = getLocalItem('refreshToken');
-    if(sessionUserId != null && sessionUserId !== undefined){
+    if(sessionUserId != null){
         if( !requestOptions['headers'] ) requestOptions['headers']={}
         if( !requestOptions['headers']['Authorization'] ) requestOptions['headers']['Authorization']=null;
         requestOptions['headers']['Authorization'] = jToken;

egovframe-template-simple-react-contribution/src/components/EgovHeader.jsx

@@ -38,6 +38,7 @@ function EgovHeader({ loginUser, onChangeLogin }) {
         }
         EgovNet.requestFetch(logOutUrl, requestOptions,
             function (resp) {
+                debugger
                 console.log("===>>> logout resp= ", resp);
                 if (parseInt(resp.resultCode) === parseInt(CODE.RCV_SUCCESS)) {
                     onChangeLogin({ loginVO: {} });
@@ -75,7 +76,7 @@ function EgovHeader({ loginUser, onChangeLogin }) {
                         <li><NavLink to={URL.INTRO} className={({ isActive }) => (isActive ? "cur" : "")}>정보마당</NavLink></li>
                         <li><NavLink to={URL.SUPPORT} className={({ isActive }) => (isActive ? "cur" : "")}>고객지원</NavLink></li>
                         <li><NavLink to={URL.INFORM} className={({ isActive }) => (isActive ? "cur" : "")}>알림마당</NavLink></li>
-                        {sessionUserSe ==='USR' &&
+                        {sessionUserSe ==='ADM' &&
                             <li><NavLink to={URL.ADMIN} className={({ isActive }) => (isActive ? "cur" : "")}>사이트관리</NavLink></li>
                         }
                     </ul>
@@ -141,7 +142,7 @@ function EgovHeader({ loginUser, onChangeLogin }) {
                             <li><NavLink to={URL.INFORM_GALLERY} className={({ isActive }) => (isActive ? "cur" : "")}>사이트 갤러리</NavLink></li>
                         </ul>
                     </div>
-                    {sessionUserSe ==='USR' &&
+                    {sessionUserSe ==='ADM' &&
                         <div className="col">
                             <h3>사이트관리</h3>
                             <ul>
@@ -207,7 +208,7 @@ function EgovHeader({ loginUser, onChangeLogin }) {
                             <li><NavLink to={URL.INFORM_GALLERY} className={({ isActive }) => (isActive ? "cur" : "")}>사이트 갤러리</NavLink></li>
                         </ul>
                     </div>
-                    {sessionUserSe ==='USR' &&
+                    {sessionUserSe ==='ADM' &&
                         <>
                             <h3><Link to={URL.ADMIN}>사이트관리</Link></h3>
                             <div className="submenu closed">

kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/jwt/EgovJwtTokenUtil.java

@@ -50,9 +50,6 @@ import java.util.UUID;
 public class EgovJwtTokenUtil implements Serializable{
 
   private static final long serialVersionUID = -5180902194184255251L;
-  //public static final long JWT_TOKEN_VALIDITY = 24 * 60 * 60; //하루
-  public static final long JWT_ACCESS_TOKEN_SEC = (30*60*1000); //엑세스 토큰의 유효시간 설정, 30분
-  public static final long JWT_REFRESH_TOKEN_SEC = (60*60*24*14*1000); //리프레시 토큰의 유효시간 설정, 2주
   public static final String SECRET_KEY = EgovProperties.getProperty("Globals.jwt.secret");
 
   private final RefreshTokenRepository refreshTokenRepository;
@@ -89,9 +86,10 @@ public class EgovJwtTokenUtil implements Serializable{
   //2. Sign the JWT using the HS512 algorithm and secret key.
   //3. According to JWS Compact Serialization(https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#section-3.1)
   //   compaction of the JWT to a URL-safe string
-  public String generateToken(UserInfo loginVO, Long sec) {
+  public String generateToken(UserInfo loginVO, String remoteAddr, Long sec) {
     Map<String, Object> claims = new HashMap<>();
     claims.put("id", loginVO.getUserId() );
+    claims.put("remoteAddr", remoteAddr);
     claims.put("userSe", loginVO.getUserSe() );
     claims.put("type", "Authorization");
 
@@ -106,13 +104,13 @@ public class EgovJwtTokenUtil implements Serializable{
     return builder.compact();
   }
 
-  public String generateAccessToken(UserInfo loginVO) {
-    return generateToken(loginVO, JWT_ACCESS_TOKEN_SEC);
+  public String generateAccessToken(UserInfo loginVO, String remoteAddr, Long sec) {
+    return generateToken(loginVO, remoteAddr, sec);
   }
 
   @Transactional
-  public String generateRefreshTokenToken(UserInfo loginVO){
-    RefreshToken refreshToken = new RefreshToken(loginVO.getUserSeq(), generateToken(loginVO, JWT_REFRESH_TOKEN_SEC));
+  public String generateRefreshTokenToken(UserInfo loginVO, String remoteAddr, Long sec){
+    RefreshToken refreshToken = new RefreshToken(loginVO.getUserSeq(), generateToken(loginVO, remoteAddr, sec),  remoteAddr);
     refreshTokenRepository.save(refreshToken);
     return refreshToken.getRefreshToken();
   }

kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/jwt/redis/RefreshToken.java

@@ -17,4 +17,6 @@ public class RefreshToken {
   private Integer userSeq;
   @Indexed
   private String refreshToken;
+  private String remoteAddr;
+
 }

kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/security/CustomLogoutSuccessHandler.java

@@ -16,6 +16,7 @@ import org.springframework.security.web.savedrequest.RequestCache;
 import org.springframework.security.web.savedrequest.SavedRequest;
 
 import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
@@ -26,7 +27,10 @@ public class CustomLogoutSuccessHandler implements LogoutSuccessHandler {
 
   @Override
   public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
-
+    Cookie refreshToken = new Cookie("refreshToken", null);
+    refreshToken.setMaxAge(0);
+    refreshToken.setPath("/");
+    response.addCookie(refreshToken);
 
     MappingJackson2HttpMessageConverter jsonConverter = new MappingJackson2HttpMessageConverter();
     MediaType jsonMimeType = MediaType.APPLICATION_JSON;

kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/security/CustomUrlAuthenticationSuccessHandler.java

@@ -17,6 +17,7 @@ import org.springframework.security.web.savedrequest.RequestCache;
 import org.springframework.security.web.savedrequest.SavedRequest;
 
 import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
@@ -28,6 +29,8 @@ public class CustomUrlAuthenticationSuccessHandler extends SimpleUrlAuthenticati
 
   private final EgovJwtTokenUtil jwtTokenUtil;
   private RequestCache requestCache = new HttpSessionRequestCache();
+  public static final long JWT_ACCESS_VALID_TIME = (30*60*1000); //엑세스 토큰의 유효시간 설정, 30분
+  public static final long JWT_REFRESH_VALID_TIME = (60*60*24*14*1000); //리프레시 토큰의 유효시간 설정, 2주
 
   @Override
   public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
@@ -52,13 +55,16 @@ public class CustomUrlAuthenticationSuccessHandler extends SimpleUrlAuthenticati
     MappingJackson2HttpMessageConverter jsonConverter = new MappingJackson2HttpMessageConverter();
     MediaType jsonMimeType = MediaType.APPLICATION_JSON;
 
-    String refreshToken = jwtTokenUtil.generateRefreshTokenToken(securityUser);
-    String jwtToken = jwtTokenUtil.generateAccessToken(securityUser);
-    HashMap<String, Object> resultMap = new HashMap<String, Object>();
+    String jwtToken = jwtTokenUtil.generateAccessToken(securityUser, request.getRemoteAddr(), JWT_ACCESS_VALID_TIME);
+    String refreshToken = jwtTokenUtil.generateRefreshTokenToken(securityUser, request.getRemoteAddr(), JWT_REFRESH_VALID_TIME);
+    HashMap<String, Object> resultMap = new HashMap<>();
     resultMap.put("resultCode", "200");
-    resultMap.put("refreshToken", refreshToken);
     resultMap.put("jToken", jwtToken);
+    resultMap.put("refreshToken", refreshToken);
     response.addHeader("Authorization", "BEARER "+jwtToken);
+    Cookie refreshTokenCookie = new Cookie("refreshToken", refreshToken);
+    refreshTokenCookie.setMaxAge((int)JWT_REFRESH_VALID_TIME/1000);
+    response.addCookie(refreshTokenCookie);
     if (jsonConverter.canWrite(resultMap.getClass(), jsonMimeType)) {
       jsonConverter.write(resultMap, jsonMimeType, new ServletServerHttpResponse(response));
     }

kcsc-back-end/src/main/java/com/dbnt/kcscbackend/standardCode/service/StandardCodeContentInterface.java

@@ -1,6 +1,7 @@
 package com.dbnt.kcscbackend.standardCode.service;
 
 public interface StandardCodeContentInterface {
+  String getDoc_cont_seq();
   String getOnto_link_cd();
   String getGroup_title();
   String getCont_type_cd();

kcsc-back-end/src/main/resources/application.properties

@@ -4,7 +4,7 @@ spring.mvc.pathmatch.matching-strategy=ant_path_matcher
 
 # Page Config
 Globals.pageUnit=10
-Globals.pageSize=10
+Globals.pageSize=10o
 
 #JWT
 # redisConfig