Merge branch 'master' of http://118.219.150.34:50501/DBNT/kcscDev

관리자 계정 접속 아이피 제한 기능 추가.
2024-01-23 17:22:04 +09:00 · 2024-01-23 17:22:01 +09:00
6 changed files with 62 additions and 18 deletions
--- a/egovframe-template-simple-react-contribution/src/pages/login/EgovLoginContent.jsx
+++ b/egovframe-template-simple-react-contribution/src/pages/login/EgovLoginContent.jsx
@ -82,14 +82,14 @@ function EgovLoginContent(props) {
        EgovNet.requestFetch(loginUrl,
            requestOptions,
            (resp) => {
-                let accessToken = resp?.accessToken || null;
-                let resultVO = parseJwt(accessToken);
-                let refreshToken = resp?.refreshToken || null;
-
-                // setSessionItem('accessToken', accessToken);
-                setLocalItem('accessToken', accessToken);
-                setLocalItem('refreshToken', refreshToken);
                if (Number(resp.resultCode) === Number(CODE.RCV_SUCCESS)) {
+                    let accessToken = resp?.accessToken || null;
+                    let resultVO = parseJwt(accessToken);
+                    let refreshToken = resp?.refreshToken || null;
+
+                    // setSessionItem('accessToken', accessToken);
+                    setLocalItem('accessToken', accessToken);
+                    setLocalItem('refreshToken', refreshToken);
                    // setSessionItem('loginUser', resultVO);
                    props.onChangeLogin(resultVO);
                    if (saveIDFlag) {
--- a/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/security/CustomUrlAuthenticationSuccessHandler.java
+++ b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/security/CustomUrlAuthenticationSuccessHandler.java
@ -1,8 +1,10 @@
 package com.dbnt.kcscbackend.config.security;

 import com.dbnt.kcscbackend.auth.entity.UserInfo;
+import com.dbnt.kcscbackend.config.common.ResponseCode;
+import com.dbnt.kcscbackend.config.egov.EgovProperties;
 import com.dbnt.kcscbackend.config.jwt.EgovJwtTokenUtil;
-import lombok.NoArgsConstructor;
+import com.dbnt.kcscbackend.config.util.ClientUtils;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.MediaType;
@ -17,11 +19,12 @@ import org.springframework.security.web.savedrequest.RequestCache;
 import org.springframework.security.web.savedrequest.SavedRequest;

 import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Arrays;
 import java.util.HashMap;
+import java.util.List;

@RequiredArgsConstructor
@Configuration
@ -30,6 +33,8 @@ public class CustomUrlAuthenticationSuccessHandler extends SimpleUrlAuthenticati
  private final EgovJwtTokenUtil jwtTokenUtil;
  private RequestCache requestCache = new HttpSessionRequestCache();

+  private static final List<String> adminIpList = Arrays.asList(EgovProperties.getProperty("Globals.admin.allow-ip").split(","));
+
  @Override
  public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                                      Authentication authentication) throws ServletException, IOException {
@ -48,20 +53,24 @@ public class CustomUrlAuthenticationSuccessHandler extends SimpleUrlAuthenticati
        securityUser = (UserInfo) principal;
      }
    }
-
    // application/json(ajax) 요청일 경우 아래의 처리!
    MappingJackson2HttpMessageConverter jsonConverter = new MappingJackson2HttpMessageConverter();
    MediaType jsonMimeType = MediaType.APPLICATION_JSON;
-
-    String accessToken = jwtTokenUtil.generateAccessToken(securityUser, request.getRemoteAddr());
-    String refreshToken = jwtTokenUtil.generateRefreshTokenToken(securityUser, request.getRemoteAddr());
    HashMap<String, Object> resultMap = new HashMap<>();
-    resultMap.put("resultCode", "200");
-    resultMap.put("accessToken", accessToken);
-    resultMap.put("refreshToken", refreshToken);
+    if(securityUser.getUserId().equals("admin") && !adminIpList.contains(ClientUtils.getRemoteIP(request))){
+      resultMap.put("resultCode", ResponseCode.FAILED.getCode());
+      resultMap.put("resultMessage", "관리자 계정은 지정된 아이피에서만 접속할 수 있습니다.\n필요한 경우 관리자에게 요청하십시오.\n접속자 아이피: "+ClientUtils.getRemoteIP(request));
+    }else{
+      String accessToken = jwtTokenUtil.generateAccessToken(securityUser, request.getRemoteAddr());
+      String refreshToken = jwtTokenUtil.generateRefreshTokenToken(securityUser, request.getRemoteAddr());
+      resultMap.put("resultCode", ResponseCode.SUCCESS.getCode());
+      resultMap.put("accessToken", accessToken);
+      resultMap.put("refreshToken", refreshToken);
 //    response.addHeader("Authorization", "BEARER "+accessToken);
 //    Cookie refreshTokenCookie = new Cookie("refreshToken", refreshToken);
 //    response.addCookie(refreshTokenCookie);
+    }
+
    if (jsonConverter.canWrite(resultMap.getClass(), jsonMimeType)) {
      jsonConverter.write(resultMap, jsonMimeType, new ServletServerHttpResponse(response));
    }
--- a/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/util/ClientUtils.java
+++ b/kcsc-back-end/src/main/java/com/dbnt/kcscbackend/config/util/ClientUtils.java
@ -0,0 +1,32 @@
+package com.dbnt.kcscbackend.config.util;
+
+import javax.servlet.http.HttpServletRequest;
+
+public class ClientUtils {
+  public static String getRemoteIP(HttpServletRequest request){
+    String ip = request.getHeader("X-FORWARDED-FOR");
+
+    //proxy 환경일 경우
+    if (ip == null || ip.isEmpty()) {
+      ip = request.getHeader("Proxy-Client-IP");
+    }
+    //웹로직 서버일 경우
+    if (ip == null || ip.isEmpty()) {
+      ip = request.getHeader("WL-Proxy-Client-IP");
+    }
+    if (ip == null || ip.isEmpty()) {
+      ip = request.getRemoteAddr() ;
+    }
+    if (ip == null || ip.isEmpty()) {
+      ip = request.getHeader("HTTP_CLIENT_IP");
+    }
+    if (ip == null || ip.isEmpty()) {
+      ip = request.getHeader("HTTP_X_FORWARDED_FOR");
+    }
+    if (ip == null || ip.isEmpty()) {
+      ip = request.getRemoteAddr();
+    }
+
+    return ip;
+  }
+}
--- a/kcsc-back-end/src/main/resources/application.properties
+++ b/kcsc-back-end/src/main/resources/application.properties
@ -13,5 +13,8 @@ spring.redis.port=6379
 # secret key
 Globals.jwt.secret = qWwMroux3QtiIJcPSIZARNTZEBBnWVH0jZ2Lx7tfFChCYi0ViZllo1bekZdiU0B3FRjJI7g90n0ha120dwlz8JZU8rOkmNCe9Uq0

+# admin allow ip
+Globals.admin.allow-ip = 218.49.16.81,218.49.21.183,218.49.16.168,218.49.17.102,218.49.21.222,218.49.17.229,218.49.16.219,218.49.17.66,218.49.16.40,218.49.17.205,218.49.21.164,218.49.17.122,218.49.17.199,218.49.17.121,218.49.17.28,218.49.20.33,218.49.20.207,218.49.16.79,218.49.16.250,58.234.249.138,218.49.22.51,218.49.21.238,127.0.0.1,0:0:0:0:0:0:0:1
+
 #?????? ???? ?
 #?? : ??? ??? "egovframe"? ????? ???? ????? ????.
Author	SHA1	Message	Date
강석 최	f67c3ee502	Merge branch 'master' of http://118.219.150.34:50501/DBNT/kcscDev	2024-01-23 17:22:04 +09:00
강석 최	279333780a	관리자 계정 접속 아이피 제한 기능 추가.	2024-01-23 17:22:01 +09:00