728x90
반응형
https://www.egovframe.go.kr/home/qainfo/qainfoRead.do?menuNo=69&qaId=QA_00000000000019736
@
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
package egovframework.com.cmm.config;
import javax.servlet.FilterRegistration;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRegistration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.WebApplicationInitializer;
import org.springframework.web.context.ContextLoaderListener;
import org.springframework.web.context.support.XmlWebApplicationContext;
import org.springframework.web.multipart.support.MultipartFilter;
import org.springframework.web.servlet.DispatcherServlet;
import egovframework.com.cmm.filter.HTMLTagFilter;
/**
* EgovWebApplicationInitializer 클래스
* <Notice>
* 사용자 인증 권한처리를 분리(session, spring security) 하기 위해서 web.xml의 기능을
* Servlet3.x WebApplicationInitializer 기능으로 처리
* <Disclaimer>
* N/A
*
* @author
* @since 2016.06.23
* @version 1.0
* @see
*
* <pre>
* << 개정이력(Modification Information) >>
*
* 수정일 수정자 수정내용
* ------- ------------- ----------------------
* 2016.06.23 최초 생성
* 2018.10.02 Facebook 관련 HiddenHttpMethodFilter 추가
* 2018.10.26 EgovLoginPolicyFilter 추가 (IP접근처리)
* 2018.12.03 springMultipartFilter,HTMLTagFilter 추가 (XSS방지처리)
* </pre>
*/
public class EgovWebApplicationInitializer implements WebApplicationInitializer {
@SuppressWarnings("unused")
private static final Logger LOGGER = LoggerFactory.getLogger(EgovWebApplicationInitializer.class);
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
//LOGGER.info("EgovWebApplicationInitializer START-============================================");
//-------------------------------------------------------------
// Egov Web ServletContextListener 설정
//-------------------------------------------------------------
servletContext.addListener(new egovframework.com.cmm.context.EgovWebServletContextListener());
//-------------------------------------------------------------
// Spring CharacterEncodingFilter 설정
//-------------------------------------------------------------
FilterRegistration.Dynamic characterEncoding = servletContext.addFilter("encodingFilter", new org.springframework.web.filter.CharacterEncodingFilter());
characterEncoding.setInitParameter("encoding", "UTF-8");
characterEncoding.setInitParameter("forceEncoding", "true");
characterEncoding.addMappingForUrlPatterns(null, false, "*.do");
//characterEncoding.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), true, "*.do");
//-------------------------------------------------------------
// Spring ServletContextListener 설정
//-------------------------------------------------------------
XmlWebApplicationContext rootContext = new XmlWebApplicationContext();
rootContext.setConfigLocations(new String[] { "classpath*:egovframework/spring/com/**/context-*.xml" });
//rootContext.setConfigLocations(new String[] { "classpath*:egovframework/spring/com/context-*.xml","classpath*:egovframework/spring/com/*/context-*.xml" });
rootContext.refresh();
rootContext.start();
servletContext.addListener(new ContextLoaderListener(rootContext));
//-------------------------------------------------------------
// Spring ServletContextListener 설정
//-------------------------------------------------------------
XmlWebApplicationContext xmlWebApplicationContext = new XmlWebApplicationContext();
xmlWebApplicationContext.setConfigLocation("/WEB-INF/config/egovframework/springmvc/egov-com-*.xml");
ServletRegistration.Dynamic dispatcher = servletContext.addServlet("dispatcher", new DispatcherServlet(xmlWebApplicationContext));
dispatcher.addMapping("*.do");
//dispatcher.addMapping("/"); // Facebook OAuth 사용시 변경
dispatcher.setLoadOnStartup(1);
//-------------------------------------------------------------
// EgovLoginPolicyFilter 설정
//-------------------------------------------------------------
//FilterRegistration.Dynamic egovLoginPolicyFilter = servletContext.addFilter("LoginPolicyFilter", new EgovLoginPolicyFilter());
//egovLoginPolicyFilter.addMappingForUrlPatterns(null, false, "/uat/uia/actionLogin.do");
//-------------------------------------------------------------
// HiddenHttpMethodFilter 설정 (Facebook OAuth 사용시 설정)
//-------------------------------------------------------------
/* FilterRegistration.Dynamic hiddenHttpMethodFilter = servletContext.addFilter("hiddenHttpMethodFilter", new HiddenHttpMethodFilter());
hiddenHttpMethodFilter.addMappingForUrlPatterns(null, false, "/*");*/
//-------------------------------------------------------------
// Tomcat의 경우 allowCasualMultipartParsing="true" 추가
// <Context docBase="" path="/" reloadable="true" allowCasualMultipartParsing="true">
//-------------------------------------------------------------
MultipartFilter springMultipartFilter = new MultipartFilter();
springMultipartFilter.setMultipartResolverBeanName("multipartResolver");
FilterRegistration.Dynamic multipartFilter = servletContext.addFilter("springMultipartFilter", springMultipartFilter);
multipartFilter.addMappingForUrlPatterns(null, false, "*.do");
//-------------------------------------------------------------
// HTMLTagFilter의 경우는 파라미터에 대하여 XSS 오류 방지를 위한 변환을 처리합니다.
//-------------------------------------------------------------
// HTMLTagFIlter의 경우는 JSP의 <c:out /> 등을 사용하지 못하는 특수한 상황에서 사용하시면 됩니다.
// (<c:out />의 경우 뷰단에서 데이터 출력시 XSS 방지 처리가 됨)
FilterRegistration.Dynamic htmlTagFilter = servletContext.addFilter("htmlTagFilter", new HTMLTagFilter());
htmlTagFilter.addMappingForUrlPatterns(null, false, "*.do");
//-------------------------------------------------------------
// Spring RequestContextListener 설정
//-------------------------------------------------------------
servletContext.addListener(new org.springframework.web.context.request.RequestContextListener());
//LOGGER.info("EgovWebApplicationInitializer END-============================================");
}
}
|
cs |
@
728x90
반응형