JSP/SERVLET
2017.05.30 / 17:27
À߸øµÈ Á¢±Ù Á¦ÇÑ(»ç¿ëÀÚÀÇ Çൿ ±â·Ï)
³ÉÀÌ
Ãßõ ¼ö 191
»ç¿ëÀÚÀÇ Çൿ ±â·Ï
1. »ç¿ëÀÚ°¡ ¸Þ´º¸¦ »ç¿ëÇÒ ¶§ ¸ðµç ÇàÀ§´Â ±â·ÏµÇ¾î¾ß ÇÑ´Ù.
- ¾ÆÀ̵ð
- ½Ã°£
- Á¢±ÙÇÑ IP
- Á¢±ÙÇÑ Menu
- ½ÇÇàÇÑ Action(CRUD)
2. ±ÇÇÑÀÌ ¾ø´Â »ç¿ëÀÚ´Â ±× ¸Þ´ºÀÚü¸¦ º¸¿©ÁÖÁö ¾Ê¾Æ¾ß ÇÑ´Ù.
»èÁ¦¿¡ ´ëÇÑ ±ÇÇÑÀÌ ¾ø´Â »ç¿ëÀÚ¿¡°Ô »èÁ¦ ¹öÆ°À» º¸¿©Á־ ¾ÈµÈ´Ù.
URLÀ» ÅëÇÑ Á¢±ÙÀ» ½ÃµµÇÒ ¶§, ÇöÀç ¿äûÀÚ°¡ ±× ±â´É¿¡ ´ëÇÑ ±ÇÇÑÀÌ ÀÖ´ÂÁö üũÇÏ°í ¾ø´Ù¸é ¼ºñ½º¸¦ °ÅºÎÇؾßÇÑ´Ù.
1. »ç¿ëÀÚÀÇ ÇൿÀ» Consoleâ¿¡ log·Î º¸¿©ÁÖ±â(½Ç¹«¿¡¼´Â DB¿¡ ÀúÀå ÇÔ).
ActionHistoryInterceptor class »ý¼º
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 | package kr.co.hucloud.security.code.example.common.interceptor; import java.util.Date; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import kr.co.hucloud.security.code.example.common.Session; import kr.co.hucloud.security.code.example.member.vo.MemberVO; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; public class ActionHistoryInterceptor extends HandlerInterceptorAdapter { // ÄÁÆ®·Ñ·¯ ½ÇÇà Àü @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { /* ¾ÆÀ̵ð - ·Î±×ÀÎ ÇÏÁö ¾Ê¾Ò´Ù¸é °ø¹é ½Ã°£ - Date °´Ã¼ »ç¿ë Á¢±ÙÇÑ IP Á¢±ÙÇÑ Menu - URL·Î ´ëü ½ÇÇàÇÑ Action(CRUD) - Method·Î ´ëü */ String userId = gerUserId(request); String dateTime = new Date().toString(); String userIp = request.getRemoteAddr(); // uri - ¾Õ¿¡ host°¡ ºüÁ®ÀÖÀ½ (http://localhost:8080) String accessUrl = request.getRequestURI(); String action = getAction(handler); String logMessage = String.format("%s, %s, %s, %s, %s",userId, dateTime, userIp, accessUrl, action); System.out.println(logMessage); return super.preHandle(request, response, handler); } private String gerUserId(HttpServletRequest request) { HttpSession session = request.getSession(); MemberVO memberVO = (MemberVO)session.getAttribute(Session.MEMBER); if(memberVO == null){ return ""; } return memberVO.getId(); } private String getAction(Object handler) { String classMethod = handler.toString(); String[] splitMethod = classMethod.split("\\."); int size = splitMethod.length; return splitMethod[size-1]; } } | cs |
dispatcherServlet.xml ¿¡ historyInterceptor bean Ãß°¡
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 | <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd"> <mvc:annotation-driven /> <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix" value="/WEB-INF/view/" /> <property name="suffix" value=".jsp" /> </bean> <mvc:resources mapping="/resources/**" location="/WEB-INF/resources/" /> <mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**" /> <mvc:exclude-mapping path="/"/> <mvc:exclude-mapping path="/common/top"/> <mvc:exclude-mapping path="/common/bottom"/> <mvc:exclude-mapping path="/common/menu"/> <mvc:exclude-mapping path="/resources/**"/> <mvc:exclude-mapping path="/member/login"/> <mvc:exclude-mapping path="/member/registry"/> <bean id="loginInterceptor" class="kr.co.hucloud.security.code.example.common.interceptor.LoginInterceptor" /> </mvc:interceptor> <!-- À߸øµÈ Á¢±Ù Á¦ÇÑ --> <bean id="historyInterceptor" class="kr.co.hucloud.security.code.example.common.interceptor.ActionHistoryInterceptor"/> </mvc:interceptors> <!--<mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**" /> <mvc:exclude-mapping path="/member/login"/> <mvc:exclude-mapping path="/member/registry"/> <mvc:exclude-mapping path="/member/logout"/> <bean id="csrfInterceptor" class="kr.co.hucloud.security.code.example.common.interceptor.CSRFInterceptor" /> </mvc:interceptor> </mvc:interceptors> --> <bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver" > <property name="maxUploadSize" value="104857600" /> <!-- 100MB --> <property name="defaultEncoding" value="UTF-8" /> </bean> <!-- Controllers --> <bean id="commonController" class="kr.co.hucloud.security.code.example.common.web.CommonController" /> <bean id="indexController" class="kr.co.hucloud.security.code.example.index.web.IndexController"> <property name="tableValidService" ref="tableValidService" /> </bean> <bean id="tableController" class="kr.co.hucloud.security.code.example.valid.table.web.TableController"> <property name="tableValidService" ref="tableValidService" /> </bean> <bean id="memberController" class="kr.co.hucloud.security.code.example.member.web.MemberController"> <property name="memberService" ref="memberService" /> </bean> <bean id="boardController" class="kr.co.hucloud.security.code.example.board.web.BoardController"> <property name="boardService" ref="boardService" /> <property name="replyService" ref="replyService" /> </bean> <bean id="replyController" class="kr.co.hucloud.security.code.example.reply.web.ReplyController"> <property name="replyService" ref="replyService" /> </bean> <bean id="sqlInjectionController" class="kr.co.hucloud.security.code.example.attack.sql.injection.web.SQLInjectionController"> <property name="memberService" ref="memberService" /> </bean> <bean id="passwordController" class="kr.co.hucloud.security.code.example.attack.check.password.web.PasswordController" /> <bean id="xssController" class="kr.co.hucloud.security.code.example.attack.xss.web.XSSController"> <property name="boardService" ref="boardService" /> </bean> <bean id="encryptoPasswordController" class="kr.co.hucloud.security.code.example.encrypto.password.web.EncryptoPasswordController"> <property name="encryptoPasswordService" ref="encryptoPasswordService" /> </bean> <bean id="openRedirectController" class="kr.co.hucloud.security.code.example.attack.openredirect.OpenRedirectController" /> </beans> | cs |