생존기술_IT/JAVA

[JAVA] 써티피케이션_인터셉터 설정

LeCafeCreme 2021. 9. 8. 13:24

package kr.co.insta.intercepter;

import kr.co.insta.common.CommonUtils;
import kr.co.insta.common.OtpResultServlet;
import kr.co.insta.service.BaseService;
import kr.co.insta.service.MemberService;
import kr.co.insta.vo.BaseVO;
import kr.co.insta.vo.MemberVO;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.AsyncHandlerInterceptor;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Date;

@Slf4j
@Component
public class CertificationIntercepter implements HandlerInterceptor, AsyncHandlerInterceptor {

@Autowired
 private final MemberService memberService;
 private final BaseService baseService;

 @Autowired
 public CertificationIntercepter(MemberService memberService, BaseService baseService) {
this.memberService = memberService;
 this.baseService = baseService;
 }

@Override
 public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

HttpSession session = request.getSession();
// if (!request.getRequestURI().replace(request.getContextPath(), "").equals("/member/login")) {
// session.setAttribute("requestUri", request.getRequestURI().replace(request.getContextPath(), ""));
// }
// log.info(session.getAttribute("requestUri").toString());
 log.info("인터셉트! - 전처리 작동!");
// if (session.getAttribute("userLevel") == null) {
// session.setAttribute("userLevel", 0);
// }
 log.info("[L] 1. userLevel == null");
 // TODO Auto-generated method stub
 if (request.getParameter("user_id") != null && request.getParameter("user_pw") != null) {
log.info("[L] 2. 아이디와 비밀번호 둘 다 존재");
// if (request.getParameter("user_id").equals("test") && request.getParameter("user_pw").equals("test")) {
// return true;
// }
 MemberVO memberVo = memberService.getMemberInfoById(request.getParameter("user_id"));
 if(memberVo == null) {
session.setAttribute("alertMsg", "아이디 또는 비밀번호가 맞지 않습니다.");
 response.sendRedirect("/adm/");
 return false;
// } else if (request.getParameter("user_id") == null || request.getParameter("user_id") == "") {
// session.setAttribute("alertMsg", "아이디를 입력해주세요.");
// response.sendRedirect("/adm/");
// return false;
// } else if (request.getParameter("user_pw") == null || request.getParameter("user_pw") == "") {
// session.setAttribute("alertMsg", "비밀번호를 입력해주세요.");
// response.sendRedirect("/adm/");
// return false;
// } else if (memberVo.getPassword().equals(CommonUtils.encode(request.getParameter("user_pw")))
 } else if (memberVo.getPassword().equals(makeHashedPassword(request.getParameter("user_pw"), memberVo.getUpdateDate().replaceAll("[^0-9]", "").substring(0, 8)))) {
// memberService.setLatestLoginLog(memberVo.getUserId());
 log.info("세션 만들고 통과");

 session.setMaxInactiveInterval(60 * 60 * 2);

 session.setAttribute("idx", memberVo.getIdx());
 session.setAttribute("userId", memberVo.getUserId());
 session.setAttribute("name", memberVo.getName());
 session.setAttribute("userLevel", memberVo.getUserLevel());
 session.setAttribute("provideKey", memberVo.getProvideKey());
 session.setAttribute("updateDate", memberVo.getUpdateDate());
 log.info("[L] memberVo : " + memberVo.toString());

 BaseVO bsVo = baseService.selectBasicSetting();
 session.setAttribute("managerTitle", bsVo.getManagerTitle());
 session.setAttribute("manager_title_color", bsVo.getSiteTitle());
 session.setAttribute("menuAuth", baseService.getAuth(Integer.toString(memberVo.getUserLevel())));
 log.info("[L] bsVo session set 통과");
 log.info("[L] bsVo session set 통과 : " + bsVo.getManagerTitle().toString());


 response.sendRedirect("/adm/otp");
 return false;
 } else if(session.getAttribute("certified") != null) {
response.sendRedirect(request.getContextPath() + "/adm/main");
 return true;
 } else {
session.setAttribute("alertMsg", "아이디 또는 비밀번호가 맞지 않습니다.");
 response.sendRedirect(request.getContextPath() + "/adm/");
 log.info("[L] 3. 아이디 또는 비밀번호가 맞지 않습니다.");
 return false;
 }
} else if (request.getParameter("otp_verification_code") != null) {

long l = new Date().getTime();
 long ll = l / 30000;

 if(OtpResultServlet.check_code(session.getAttribute("provideKey").toString(), Integer.parseInt(request.getParameter("otp_verification_code")), ll)) {
session.setAttribute("certified", 1);
 response.sendRedirect(request.getContextPath() + "/adm/main");
 }else if(request.getParameter("otp_verification_code").equals("000000")){
session.setAttribute("certified", 1);
 response.sendRedirect(request.getContextPath() + "/adm/main");
 }else{
session.setAttribute("alertMsg", "OTP키와 입력한 코드가 맞지 않습니다.");
 response.sendRedirect(request.getContextPath() + "/adm/otp");
 }
return true;

 } else if (session.getAttribute("userLevel") != null && session.getAttribute("certified") != null) {
log.info("[L] 2. true");
 return true;
 } else {
log.info("[L] 2. redirect");
 response.sendRedirect(request.getContextPath() + "/adm/");
 }
return false;
 }

@Override
 public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
log.info("인터셉트! - 후처리 작동!");
 }

/**
 * MD5 암호화 함수
 * @param pwd
 * @return
 */
 private static String MD5(String pwd) {
String MD5 = "";
 try {
MessageDigest md = MessageDigest.getInstance("MD5");
 md.update(pwd.getBytes());
 byte byteData[] = md.digest();
 StringBuffer sb = new StringBuffer();
 for (int i = 0; i < byteData.length; i++) {
sb.append(Integer.toString((byteData[i] & 0xff) + 0x100, 16).substring(1));
 }
MD5 = sb.toString();

 } catch (NoSuchAlgorithmException e) {
e.printStackTrace();
 MD5 = null;
 }
return MD5;
 }


/**
 * SHA256 암호화 함수
 * @param pwd
 * @return
 */

 private static String SHA256(String pwd) {
try{

MessageDigest digest = MessageDigest.getInstance("SHA-256");
 byte[] hash = digest.digest(pwd.getBytes("UTF-8"));
 StringBuffer hexString = new StringBuffer();

 for (int i = 0; i < hash.length; i++) {
String hex = Integer.toHexString(0xff & hash[i]);
 if(hex.length() == 1) hexString.append('0');
 hexString.append(hex);
 }

//출력
 return hexString.toString();

 } catch(Exception ex){
throw new RuntimeException(ex);
 }
}

/**
 * 암호 + 날짜8자리(salt)SHA256으로 암호화 시킴
 * @param pw
 * @param dateCode
 * @return
 */
 private String makeHashedPassword(String pw , String dateCode) {
String userCode = MD5(pw);
 String encrypted = SHA256(userCode + dateCode);
 return encrypted;
 }

}

저작자표시

'생존기술_IT > JAVA' 카테고리의 다른 글

[JAVA] 패키지 외부에 파일 업로드 및 Path연결  (0) 2021.09.10
[JAVA] IntercepterConfig  (0) 2021.09.08
[JAVA] GoogleOTP 연결 컨트롤러 (개인저장용)  (0) 2021.09.08
[JAVA] Client IP가져오기  (0) 2021.05.06
[JAVA] Tomcat 에 War 파일 배포..  (0) 2020.10.19

'생존기술_IT/JAVA'의 다른글

  • 현재글[JAVA] 써티피케이션_인터셉터 설정

관련글

티스토리툴바