728x90
반응형
@
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
package egovframework.com.cmm.util;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
/**
*
* <pre>
* << 개정이력(Modification Information) >>
*
* 수정일 수정자 수정내용
* ------- -------- ---------------------------
* 2014.08.07 표준프레임워크센터 최초 생성
*
* </pre>
*/
public class EgovDoubleSubmitHelper {
private static final Logger LOGGER = LoggerFactory.getLogger(EgovDoubleSubmitHelper.class);
public final static String SESSION_TOKEN_KEY = "egovframework.double.submit.preventer.session.key";
public final static String PARAMETER_NAME = "egovframework.double.submit.preventer.parameter.name";
public final static String DEFAULT_TOKEN_KEY = "DEFAULT";
public static String getNewUUID() {
return UUID.randomUUID().toString().toUpperCase();
}
public static boolean checkAndSaveToken() {
return checkAndSaveToken(DEFAULT_TOKEN_KEY);
}
public static boolean checkAndSaveToken(String tokenKey) {
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
HttpSession session = request.getSession();
// check session...
if (session.getAttribute(EgovDoubleSubmitHelper.SESSION_TOKEN_KEY) == null) {
throw new RuntimeException("Double Submit Preventer TagLig isn't set. Check JSP.");
}
String parameter = request.getParameter(EgovDoubleSubmitHelper.PARAMETER_NAME);
// check parameter
if (parameter == null) {
throw new RuntimeException("Double Submit Preventer parameter isn't set. Check JSP.");
}
@SuppressWarnings("unchecked")
Map<String, String> map = (Map<String, String>) session.getAttribute(EgovDoubleSubmitHelper.SESSION_TOKEN_KEY);
if (parameter.equals(map.get(tokenKey))) {
LOGGER.debug("[Double Submit] session token ({}) equals to parameter token.", tokenKey);
map.put(tokenKey, getNewUUID());
return true;
}
LOGGER.debug("[Double Submit] session token ({}) isn't equal to parameter token.", tokenKey);
return false;
}
}
|
cs |
@
|
1
2
3
4
5
6
7
8
9
10
|
import org.springframework.web.context.request.ServletWebRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletWebRequest;
ServletWebRequest servletContainer = (ServletWebRequest)RequestContextHolder.getRequestAttributes();
HttpServletRequest request = servletContainer.getRequest();
HttpServletResponse response = servletContainer.getResponse();
|
cs |
@
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
package egovframework.com.utl.fcc.service;
import java.io.File;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import egovframework.com.cmm.EgovWebUtil;
import javax.servlet.http.HttpServletRequest;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;
public class EgovFileUploadUtil extends EgovFormBasedFileUtil {
/**
* 파일을 Upload 처리한다.
*
* @param request
* @param where
* @param maxFileSize
* @return
* @throws Exception
*/
public static List<EgovFormBasedFileVo> uploadFiles(HttpServletRequest request, String where, long maxFileSize) throws Exception {
List<EgovFormBasedFileVo> list = new ArrayList<EgovFormBasedFileVo>();
MultipartHttpServletRequest mptRequest = (MultipartHttpServletRequest) request;
Iterator<?> fileIter = mptRequest.getFileNames();
while (fileIter.hasNext()) {
MultipartFile mFile = mptRequest.getFile((String) fileIter.next());
EgovFormBasedFileVo vo = new EgovFormBasedFileVo();
String tmp = mFile.getOriginalFilename();
if (tmp.lastIndexOf("\\") >= 0) {
tmp = tmp.substring(tmp.lastIndexOf("\\") + 1);
}
vo.setFileName(tmp);
vo.setContentType(mFile.getContentType());
vo.setServerSubPath(getTodayString());
vo.setPhysicalName(getPhysicalFileName());
vo.setSize(mFile.getSize());
if (tmp.lastIndexOf(".") >= 0) {
vo.setPhysicalName(vo.getPhysicalName()); // 2012.11 KISA 보안조치
}
if (mFile.getSize() > 0) {
InputStream is = null;
try {
is = mFile.getInputStream();
saveFile(is, new File(EgovWebUtil.filePathBlackList(where + SEPERATOR + vo.getServerSubPath() + SEPERATOR + vo.getPhysicalName())));
} finally {
if (is != null) {
is.close();
}
}
list.add(vo);
}
}
return list;
}
/**
* 파일을 Upload(확장명 저장 및 확장자 제한) 처리한다.
*
* @param request
* @param where
* @param maxFileSize
* @return
* @throws Exception
*/
public static List<EgovFormBasedFileVo> uploadFilesExt(HttpServletRequest request, String where, long maxFileSize, String extensionWhiteList) throws Exception {
List<EgovFormBasedFileVo> list = new ArrayList<EgovFormBasedFileVo>();
MultipartHttpServletRequest mptRequest = (MultipartHttpServletRequest) request;
Iterator<?> fileIter = mptRequest.getFileNames();
while (fileIter.hasNext()) {
MultipartFile mFile = mptRequest.getFile((String) fileIter.next());
EgovFormBasedFileVo vo = new EgovFormBasedFileVo();
String tmp = mFile.getOriginalFilename();
if (tmp.lastIndexOf("\\") >= 0) {
tmp = tmp.substring(tmp.lastIndexOf("\\") + 1);
}
String ext = "";
if ( tmp.lastIndexOf(".") > 0 )
ext = getFileExtension(tmp).toLowerCase();
else
throw new SecurityException("Unacceptable file extension."); // 허용되지 않는 확장자 처리
if ( extensionWhiteList.indexOf(ext) < 0 )
throw new SecurityException("Unacceptable file extension."); // 허용되지 않는 확장자 처리
vo.setFileName(tmp);
vo.setContentType(mFile.getContentType());
vo.setServerSubPath(getTodayString());
vo.setPhysicalName(getPhysicalFileName()+"."+ext);
vo.setSize(mFile.getSize());
if (tmp.lastIndexOf(".") >= 0) {
vo.setPhysicalName(vo.getPhysicalName()); // 2012.11 KISA 보안조치
}
if (mFile.getSize() > 0) {
InputStream is = null;
try {
is = mFile.getInputStream();
saveFile(is, new File(EgovWebUtil.filePathBlackList(where + SEPERATOR + vo.getServerSubPath() + SEPERATOR + vo.getPhysicalName())));
} finally {
if (is != null) {
is.close();
}
}
list.add(vo);
}
}
return list;
}
/**
* 파일 확장자를 추출한다.
*
* @param fileNamePath
* @return
*/
public static String getFileExtension(String fileNamePath) {
String ext = fileNamePath.substring(fileNamePath.lastIndexOf(".") + 1,fileNamePath.length());
return (ext == null) ? "" : ext;
}
}
|
cs |
@
반응형