Merge pull request #42 from devholic22/contribution

[refactor] SimpleCORSFilter & AuthenticInterceptor & CustomAuthenticInterceptor 리팩터링 진행
2 years ago · 30da4c588f
parent 714ca0617f abcdc3d41e
commit 30da4c588f
3 changed files with 21 additions and 14 deletions
--- a/src/main/java/egovframework/com/cmm/filter/SimpleCORSFilter.java
+++ b/src/main/java/egovframework/com/cmm/filter/SimpleCORSFilter.java
@ -56,10 +56,23 @@ public class SimpleCORSFilter implements Filter {

 		log.debug("===>>> origin = " + originHeader);

-		if (originHeader != null && !originHeader.equals("")) {
-			originHeader = originHeader.replace("\r", "").replace("\n", "");// Security - Potential HTTP Response Splitting 분할응답 조치
+		if (isValidOriginHeader(originHeader)) {
+			// Security - Potential HTTP Response Splitting 분할응답 조치
+			originHeader = originHeader
+					.replace("\r", "")
+					.replace("\n", "");
 		}

+		setCorsHeaders(response, originHeader);
+
+		chain.doFilter(req, res);
+	}
+
+	private static boolean isValidOriginHeader(String originHeader) {
+		return originHeader != null && !originHeader.isEmpty();
+	}
+
+	private static void setCorsHeaders(HttpServletResponse response, String originHeader) {
 		response.setHeader("Access-Control-Allow-Origin", originHeader);

 		// Access-Control-Max-Age
@ -74,8 +87,6 @@ public class SimpleCORSFilter implements Filter {
 		// Access-Control-Allow-Headers
 		response.setHeader("Access-Control-Allow-Headers",
 			"Origin, X-Requested-With, Content-Type, Accept, Authorization, " + "X-CSRF-TOKEN");
-
-		chain.doFilter(req, res);
 	}

 	@Override
--- a/src/main/java/egovframework/com/cmm/interceptor/AuthenticInterceptor.java
+++ b/src/main/java/egovframework/com/cmm/interceptor/AuthenticInterceptor.java
@ -49,14 +49,11 @@ public class AuthenticInterceptor extends WebContentInterceptor {
 			log.debug("AuthenticInterceptor ================== ");
 			
 			return true;
-		} else {
-			
-			log.debug("AuthenticInterceptor Fail!!!!!!!!!!!!================== ");
-			
-//			ModelAndView modelAndView = new ModelAndView("redirect:/uat/uia/egovLoginUsr.do");
-			ModelAndView modelAndView = new ModelAndView("redirect:http://localhost:3000/login");
-			throw new ModelAndViewDefiningException(modelAndView);
 		}
-	}
+		log.debug("AuthenticInterceptor Fail!!!!!!!!!!!!================== ");

+//		ModelAndView modelAndView = new ModelAndView("redirect:/uat/uia/egovLoginUsr.do");
+		ModelAndView modelAndView = new ModelAndView("redirect:http://localhost:3000/login");
+		throw new ModelAndViewDefiningException(modelAndView);
+	}
 }
--- a/src/main/java/egovframework/com/cmm/interceptor/CustomAuthenticInterceptor.java
+++ b/src/main/java/egovframework/com/cmm/interceptor/CustomAuthenticInterceptor.java
@ -39,8 +39,7 @@ public class CustomAuthenticInterceptor extends HandlerInterceptorAdapter {
 		log.debug("CustomAuthenticInterceptor sessionID "+session.getId());
 		log.debug("CustomAuthenticInterceptor ================== ");
 		
-		boolean isPermittedURL = true;
-		return isPermittedURL;
+		return true;
 	}

 }