JSP/SERVLET
HOME > JAVA > J2EE > JSP/SERVLET
2017.05.30 / 17:27

À߸øµÈ Á¢±Ù Á¦ÇÑ(»ç¿ëÀÚÀÇ Çൿ ±â·Ï)

³ÉÀÌ
Ãßõ ¼ö 191

»ç¿ëÀÚÀÇ Çൿ ±â·Ï

1. »ç¿ëÀÚ°¡ ¸Þ´º¸¦ »ç¿ëÇÒ ¶§ ¸ðµç ÇàÀ§´Â ±â·ÏµÇ¾î¾ß ÇÑ´Ù.

  • ¾ÆÀ̵ð
  • ½Ã°£
  • Á¢±ÙÇÑ IP
  • Á¢±ÙÇÑ Menu
  • ½ÇÇàÇÑ Action(CRUD)

2. ±ÇÇÑÀÌ ¾ø´Â »ç¿ëÀÚ´Â ±× ¸Þ´ºÀÚü¸¦ º¸¿©ÁÖÁö ¾Ê¾Æ¾ß ÇÑ´Ù.
»èÁ¦¿¡ ´ëÇÑ ±ÇÇÑÀÌ ¾ø´Â »ç¿ëÀÚ¿¡°Ô »èÁ¦ ¹öÆ°À» º¸¿©Á־´Â ¾ÈµÈ´Ù.
URLÀ» ÅëÇÑ Á¢±ÙÀ» ½ÃµµÇÒ ¶§, ÇöÀç ¿äûÀÚ°¡ ±× ±â´É¿¡ ´ëÇÑ ±ÇÇÑÀÌ ÀÖ´ÂÁö üũÇÏ°í ¾ø´Ù¸é ¼­ºñ½º¸¦ °ÅºÎÇؾßÇÑ´Ù. 

 

1. »ç¿ëÀÚÀÇ ÇൿÀ» Consoleâ¿¡ log·Î º¸¿©ÁÖ±â(½Ç¹«¿¡¼­´Â DB¿¡ ÀúÀå ÇÔ).

ActionHistoryInterceptor class »ý¼º

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package kr.co.hucloud.security.code.example.common.interceptor;
 
import java.util.Date;
 
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
 
import kr.co.hucloud.security.code.example.common.Session;
import kr.co.hucloud.security.code.example.member.vo.MemberVO;
 
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 
public class ActionHistoryInterceptor extends HandlerInterceptorAdapter {
 
    // ÄÁÆ®·Ñ·¯ ½ÇÇà Àü
    @Override
    public boolean preHandle(HttpServletRequest request,
            HttpServletResponse response, Object handler) throws Exception {
    /*
        ¾ÆÀ̵ð - ·Î±×ÀΠÇÏÁö ¾Ê¾Ò´Ù¸é °ø¹é
        ½Ã°£ - Date °´Ã¼ »ç¿ë
        Á¢±ÙÇÑ IP 
        Á¢±ÙÇÑ Menu - URL·Î ´ëü
        ½ÇÇàÇÑ Action(CRUD) - Method·Î ´ëü
    */
        String userId = gerUserId(request);
        String dateTime = new Date().toString();
        String userIp = request.getRemoteAddr();
        // uri - ¾Õ¿¡ host°¡ ºüÁ®ÀÖÀ½ (http://localhost:8080)
        String accessUrl = request.getRequestURI();
        String action = getAction(handler);
        
        String logMessage = String.format("%s, %s, %s, %s, %s",userId, dateTime, userIp, accessUrl, action);
        
        System.out.println(logMessage);
        
        return super.preHandle(request, response, handler);
    }
 
    private String gerUserId(HttpServletRequest request) {
        
        HttpSession session = request.getSession();
        
        MemberVO memberVO = (MemberVO)session.getAttribute(Session.MEMBER);
        
        if(memberVO == null){
            return "";
        }
        
        return memberVO.getId();
        
    }
 
    private String getAction(Object handler) {
        
        String classMethod = handler.toString();
        String[] splitMethod = classMethod.split("\\.");
        int size = splitMethod.length;
        
        return splitMethod[size-1];
    }
}
 
cs

dispatcherServlet.xml ¿¡ historyInterceptor bean Ãß°¡

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd">
 
    <mvc:annotation-driven />
 
    <bean id="viewResolver"
        class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix" value="/WEB-INF/view/" />
        <property name="suffix" value=".jsp" />
    </bean>
    
    <mvc:resources mapping="/resources/**" location="/WEB-INF/resources/" />
    
    <mvc:interceptors>
        <mvc:interceptor>
            <mvc:mapping path="/**" />
            <mvc:exclude-mapping path="/"/>
            <mvc:exclude-mapping path="/common/top"/>
            <mvc:exclude-mapping path="/common/bottom"/>
            <mvc:exclude-mapping path="/common/menu"/>
            <mvc:exclude-mapping path="/resources/**"/>
            <mvc:exclude-mapping path="/member/login"/>
            <mvc:exclude-mapping path="/member/registry"/>
            <bean id="loginInterceptor" class="kr.co.hucloud.security.code.example.common.interceptor.LoginInterceptor" />
        </mvc:interceptor>
        
            <!-- À߸øµÈ Á¢±Ù Á¦ÇÑ   -->
            <bean id="historyInterceptor" class="kr.co.hucloud.security.code.example.common.interceptor.ActionHistoryInterceptor"/>
 
    </mvc:interceptors>    
    <!--<mvc:interceptors>
        <mvc:interceptor>
            <mvc:mapping path="/**" />
            <mvc:exclude-mapping path="/member/login"/>
            <mvc:exclude-mapping path="/member/registry"/>
            <mvc:exclude-mapping path="/member/logout"/>
            <bean id="csrfInterceptor" class="kr.co.hucloud.security.code.example.common.interceptor.CSRFInterceptor" />
        </mvc:interceptor>
    </mvc:interceptors> -->
    
    <bean id="multipartResolver"
          class="org.springframework.web.multipart.commons.CommonsMultipartResolver" >
        <property name="maxUploadSize" value="104857600" /> <!-- 100MB -->
        <property name="defaultEncoding" value="UTF-8" />
    </bean>
    
    <!-- Controllers -->
    <bean id="commonController" class="kr.co.hucloud.security.code.example.common.web.CommonController" />
    
    <bean id="indexController"  class="kr.co.hucloud.security.code.example.index.web.IndexController">
           <property name="tableValidService" ref="tableValidService" />
    </bean>
    <bean id="tableController"  class="kr.co.hucloud.security.code.example.valid.table.web.TableController">
           <property name="tableValidService" ref="tableValidService" />
    </bean>
    <bean id="memberController"  class="kr.co.hucloud.security.code.example.member.web.MemberController">
        <property name="memberService" ref="memberService" />
    </bean>
    <bean id="boardController"     class="kr.co.hucloud.security.code.example.board.web.BoardController">
        <property name="boardService" ref="boardService" />
        <property name="replyService" ref="replyService" />
    </bean>
    <bean id="replyController"     class="kr.co.hucloud.security.code.example.reply.web.ReplyController">
        <property name="replyService" ref="replyService" />
    </bean>
    
    <bean id="sqlInjectionController"  class="kr.co.hucloud.security.code.example.attack.sql.injection.web.SQLInjectionController">
        <property name="memberService" ref="memberService" />
    </bean>
    <bean id="passwordController"  class="kr.co.hucloud.security.code.example.attack.check.password.web.PasswordController" />
    <bean id="xssController"  class="kr.co.hucloud.security.code.example.attack.xss.web.XSSController">
        <property name="boardService" ref="boardService" />
    </bean>
    <bean id="encryptoPasswordController" class="kr.co.hucloud.security.code.example.encrypto.password.web.EncryptoPasswordController">
        <property name="encryptoPasswordService" ref="encryptoPasswordService" />
    </bean>
    <bean id="openRedirectController" class="kr.co.hucloud.security.code.example.attack.openredirect.OpenRedirectController" />
    
</beans>
 
cs