[2023-07-13]

- Token 생성시 필요 Data( 고유ID, 조직명등..) 추가.
- @AuthenticationPrincipal LoginVo NullpointException 처리 - CustomAuthenticationPrincipalResolver
- 컨트롤러 불필요 권한체크 코드 제거

src/main/java/egovframework/com/cmm/service/impl/EgovUserDetailsSessionServiceImpl.java

@@ -3,8 +3,8 @@ package egovframework.com.cmm.service.impl;
 import java.util.List;
 
 import egovframework.com.cmm.service.EgovUserDetailsService;
-import egovframework.com.cmm.util.EgovUserDetailsHelper;
 
+import egovframework.com.cmm.util.EgovUserDetailsHelper;
 import org.egovframe.rte.fdl.cmmn.EgovAbstractServiceImpl;
 
 /**

src/main/java/egovframework/com/cmm/util/EgovUserDetailsHelper.java

@@ -3,6 +3,8 @@ package egovframework.com.cmm.util;
 import java.util.ArrayList;
 import java.util.List;
 
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.context.request.RequestAttributes;
 import org.springframework.web.context.request.RequestContextHolder;
 
@@ -36,8 +38,8 @@ public class EgovUserDetailsHelper {
 		 * @return Object - 사용자 ValueObject
 		 */
 		public static Object getAuthenticatedUser() {
-			return (LoginVO)RequestContextHolder.currentRequestAttributes().getAttribute("LoginVO", RequestAttributes.SCOPE_SESSION)==null ?
-					new LoginVO() : (LoginVO) RequestContextHolder.currentRequestAttributes().getAttribute("LoginVO", RequestAttributes.SCOPE_SESSION);
+			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+			return (LoginVO) authentication.getPrincipal();
 
 		}
 
@@ -62,10 +64,7 @@ public class EgovUserDetailsHelper {
 		 * @return Boolean - 인증된 사용자 여부(TRUE / FALSE)
 		 */
 		public static Boolean isAuthenticated() {
-			if (EgovObjectUtil.isNull(RequestContextHolder.currentRequestAttributes().getAttribute("LoginVO", RequestAttributes.SCOPE_SESSION))) {
-				// log.debug("## authentication object is null!!");
-				return Boolean.FALSE;
-			}
-			return Boolean.TRUE;
+			return EgovUserDetailsHelper.getAuthenticatedUser()!=null? Boolean.TRUE : Boolean.FALSE ;
+
 		}
 }

src/main/java/egovframework/com/jwt/EgovJwtTokenUtil.java

@@ -37,8 +37,10 @@ public class EgovJwtTokenUtil implements Serializable{
         Claims claims = getClaimFromToken(token);
         return claims.get("userSe").toString();
     }
-
-    
+    public String getInfoFromToken(String type, String token) {
+        Claims claims = getClaimFromToken(token);
+        return claims.get(type).toString();
+    }
     public Claims getClaimFromToken(String token) {
         final Claims claims = getAllClaimsFromToken(token);
         return claims;
@@ -64,7 +66,10 @@ public class EgovJwtTokenUtil implements Serializable{
 
         Map<String, Object> claims = new HashMap<>();
         claims.put("id", loginVO.getId() );
+        claims.put("name", loginVO.getName() );
         claims.put("userSe", loginVO.getUserSe() );
+        claims.put("orgnztId", loginVO.getOrgnztId() );
+        claims.put("uniqId", loginVO.getUniqId() );
         claims.put("type", subject);
 
     	log.debug("===>>> secret = "+SECRET_KEY);

src/main/java/egovframework/com/jwt/JwtAuthenticationFilter.java

@@ -63,18 +63,24 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
             logger.debug("Unable to verify JWT Token: " + e.getMessage());
             verificationFlag = false;
         }
+
+        LoginVO loginVO = new LoginVO();
         if( verificationFlag ){
             logger.debug("jwtToken validated");
-            LoginVO loginVO = new LoginVO();
             loginVO.setId(id);
             loginVO.setUserSe( jwtTokenUtil.getUserSeFromToken(jwtToken) );
+            loginVO.setUniqId( jwtTokenUtil.getInfoFromToken("uniqId",jwtToken) );
+            loginVO.setOrgnztId( jwtTokenUtil.getInfoFromToken("orgnztId",jwtToken) );
+            loginVO.setName( jwtTokenUtil.getInfoFromToken("name",jwtToken) );
+
             UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(loginVO, null,
                     Arrays.asList(new SimpleGrantedAuthority("ROLE_USER"))
             );
             authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(req));
-            logger.info("authenticated user " + id + ", setting security context");
             SecurityContextHolder.getContext().setAuthentication(authentication);
         }
+
+
         chain.doFilter(req, res);
 
     }

src/main/java/egovframework/com/security/CustomAuthenticationPrincipalResolver.java

@@ -0,0 +1,45 @@
+package egovframework.com.security;
+
+import egovframework.com.cmm.LoginVO;
+import org.springframework.core.MethodParameter;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.bind.support.WebDataBinderFactory;
+import org.springframework.web.context.request.NativeWebRequest;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.method.support.ModelAndViewContainer;
+
+/**
+ * fileName       : CustomAuthenticationPrincipalResolver
+ * author         : crlee
+ * date           : 2023/07/13
+ * description    :
+ * ===========================================================
+ * DATE              AUTHOR             NOTE
+ * -----------------------------------------------------------
+ * 2023/07/13        crlee       최초 생성
+ */
+public class CustomAuthenticationPrincipalResolver implements HandlerMethodArgumentResolver {
+
+    @Override
+    public boolean supportsParameter(MethodParameter parameter) {
+        return parameter.hasParameterAnnotation(AuthenticationPrincipal.class) &&
+                parameter.getParameterType().equals(LoginVO.class);
+    }
+
+    @Override
+    public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
+                                  NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception {
+
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        if (authentication == null ||
+                authentication.getPrincipal() == null ||
+                "anonymousUser".equals(authentication.getPrincipal())
+        ) {
+            return new LoginVO();
+        }
+
+        return authentication.getPrincipal();
+    }
+}

src/main/java/egovframework/com/security/SecurityConfig.java

@@ -36,10 +36,14 @@ public class SecurityConfig {
             "/login/**",
             "/uat/uia/**.do", // 로그인
             "/cmm/main/**.do", // 메인페이지
-            "/cop/smt/sim/egovIndvdlSchdulManageDailyListAPI.do", // 일별 일정 조회
-            "/cop/smt/sim/egovIndvdlSchdulManageWeekListAPI.do", //주별 일정 조회
-            "/cop/bbs/selectBoardArticleAPI.do", //게시판 상세조회
-            "/cop/bbs/selectBoardListAPI.do", //게시판 조회
+            "/cmm/fms/FileDown.do", //파일 다운로드
+            "/cop/smt/sim/egovIndvdlSchdulManageDailyListAPI.do", //일별 일정 조회
+            "/cop/smt/sim/egovIndvdlSchdulManageWeekListAPI.do", //주간 일정 조회
+            "/cop/smt/sim/egovIndvdlSchdulManageDetailAPI.do", //일정 상세조회
+
+            "/cop/bbs/selectUserBBSMasterInfAPI.do", //게시판 마스터 상세 조회
+            "/cop/bbs/selectBoardListAPI.do", //게시판 목록조회
+            "/cop/bbs/selectBoardArticleAPI.do", //게시물 상세조회
 
             /* swagger v2 */
             "/v2/api-docs",

src/main/java/egovframework/com/security/WebMvcConfig.java

@@ -0,0 +1,25 @@
+package egovframework.com.security;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.method.support.HandlerMethodArgumentResolver;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import java.util.List;
+
+/**
+ * fileName       : WebMvcConfig
+ * author         : crlee
+ * date           : 2023/07/13
+ * description    :
+ * ===========================================================
+ * DATE              AUTHOR             NOTE
+ * -----------------------------------------------------------
+ * 2023/07/13        crlee       최초 생성
+ */
+@Configuration
+public class WebMvcConfig implements WebMvcConfigurer {
+    @Override
+    public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
+        argumentResolvers.add(new CustomAuthenticationPrincipalResolver());
+    }
+}

src/main/java/egovframework/let/cop/bbs/web/EgovBBSAttributeManageApiController.java

@@ -11,6 +11,9 @@ import org.egovframe.rte.fdl.cmmn.exception.EgovBizException;
 import org.egovframe.rte.fdl.property.EgovPropertyService;
 import org.egovframe.rte.ptl.mvc.tags.ui.pagination.PaginationInfo;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -25,7 +28,6 @@ import egovframework.com.cmm.LoginVO;
 import egovframework.com.cmm.ResponseCode;
 import egovframework.com.cmm.service.EgovCmmUseService;
 import egovframework.com.cmm.service.ResultVO;
-import egovframework.com.cmm.util.EgovUserDetailsHelper;
 import egovframework.let.cop.bbs.service.BoardMasterVO;
 import egovframework.let.cop.bbs.service.EgovBBSAttributeManageService;
 import io.swagger.v3.oas.annotations.Operation;
@@ -183,14 +185,16 @@ public class EgovBBSAttributeManageApiController {
 	})
 	@PostMapping(value ="/cop/bbs/insertBBSMasterInfAPI.do")
 	public ResultVO insertBBSMasterInf(HttpServletRequest request,
-		BoardMasterVO boardMasterVO,
-		BindingResult bindingResult)
+									   BoardMasterVO boardMasterVO,
+									   BindingResult bindingResult,
+									   @AuthenticationPrincipal LoginVO loginVO
+	)
 		throws Exception {
 		ResultVO resultVO = new ResultVO();
 		Map<String, Object> resultMap = new HashMap<String, Object>();
 
-		LoginVO user = (LoginVO)EgovUserDetailsHelper.getAuthenticatedUser();
-		Boolean isAuthenticated = EgovUserDetailsHelper.isAuthenticated();
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+		LoginVO loginVO222 = (LoginVO) authentication.getPrincipal();
 
 		beanValidator.validate(boardMasterVO, bindingResult);
 		if (bindingResult.hasErrors()) {
@@ -216,18 +220,16 @@ public class EgovBBSAttributeManageApiController {
 			return resultVO;
 		}
 
-		if (isAuthenticated) {
-			boardMasterVO.setFrstRegisterId(user.getUniqId());
-			boardMasterVO.setUseAt("Y");
-			boardMasterVO.setTrgetId("SYSTEMDEFAULT_REGIST");
-			boardMasterVO.setPosblAtchFileSize(propertyService.getString("posblAtchFileSize"));
+		boardMasterVO.setFrstRegisterId(loginVO.getUniqId());
+		boardMasterVO.setUseAt("Y");
+		boardMasterVO.setTrgetId("SYSTEMDEFAULT_REGIST");
+		boardMasterVO.setPosblAtchFileSize(propertyService.getString("posblAtchFileSize"));
 
-			bbsAttrbService.insertBBSMastetInf(boardMasterVO);
+		bbsAttrbService.insertBBSMastetInf(boardMasterVO);
 
-			resultVO.setResult(resultMap);
-			resultVO.setResultCode(ResponseCode.SUCCESS.getCode());
-			resultVO.setResultMessage(ResponseCode.SUCCESS.getMessage());
-		}
+		resultVO.setResult(resultMap);
+		resultVO.setResultCode(ResponseCode.SUCCESS.getCode());
+		resultVO.setResultMessage(ResponseCode.SUCCESS.getMessage());
 
 		return resultVO;
 	}
@@ -254,15 +256,14 @@ public class EgovBBSAttributeManageApiController {
 	})
 	@PutMapping(value ="/cop/bbs/updateBBSMasterInfAPI/{bbsId}.do")
 	public ResultVO updateBBSMasterInf(HttpServletRequest request,
-		@PathVariable("bbsId") String bbsId,
-		@RequestBody BoardMasterVO boardMasterVO,
-		BindingResult bindingResult) throws Exception {
+									   @PathVariable("bbsId") String bbsId,
+									   @RequestBody BoardMasterVO boardMasterVO,
+									   BindingResult bindingResult,
+									   @AuthenticationPrincipal LoginVO loginVO
+									   ) throws Exception {
 		ResultVO resultVO = new ResultVO();
 		Map<String, Object> resultMap = new HashMap<String, Object>();
 
-		LoginVO user = (LoginVO)EgovUserDetailsHelper.getAuthenticatedUser();
-		Boolean isAuthenticated = EgovUserDetailsHelper.isAuthenticated();
-
 		beanValidator.validate(boardMasterVO, bindingResult);
 
 		if (bindingResult.hasErrors()) {
@@ -276,15 +277,13 @@ public class EgovBBSAttributeManageApiController {
 			return resultVO;
 		}
 
-		if (isAuthenticated) {
-			boardMasterVO.setLastUpdusrId(user.getUniqId());
-			boardMasterVO.setPosblAtchFileSize(propertyService.getString("posblAtchFileSize"));
-			bbsAttrbService.updateBBSMasterInf(boardMasterVO);
+		boardMasterVO.setLastUpdusrId(loginVO.getUniqId());
+		boardMasterVO.setPosblAtchFileSize(propertyService.getString("posblAtchFileSize"));
+		bbsAttrbService.updateBBSMasterInf(boardMasterVO);
 
-			resultVO.setResult(resultMap);
-			resultVO.setResultCode(ResponseCode.SUCCESS.getCode());
-			resultVO.setResultMessage(ResponseCode.SUCCESS.getMessage());
-		}
+		resultVO.setResult(resultMap);
+		resultVO.setResultCode(ResponseCode.SUCCESS.getCode());
+		resultVO.setResultMessage(ResponseCode.SUCCESS.getMessage());
 
 		return resultVO;
 	}
@@ -309,38 +308,20 @@ public class EgovBBSAttributeManageApiController {
 	})
 	@PutMapping(value ="/cop/bbs/deleteBBSMasterInfAPI/{bbsId}.do")
 	public ResultVO deleteBBSMasterInf(HttpServletRequest request,
+	    @AuthenticationPrincipal LoginVO loginVO,
 		@PathVariable("bbsId") String bbsId,
 		@RequestBody BoardMasterVO boardMasterVO) throws Exception {
 		ResultVO resultVO = new ResultVO();
 
-		LoginVO user = (LoginVO)EgovUserDetailsHelper.getAuthenticatedUser();
-		Boolean isAuthenticated = EgovUserDetailsHelper.isAuthenticated();
-
-		if (isAuthenticated) {
-			boardMasterVO.setLastUpdusrId(user.getUniqId());
+			boardMasterVO.setLastUpdusrId(loginVO.getUniqId());
 			bbsAttrbService.deleteBBSMasterInf(boardMasterVO);
 
 			resultVO.setResultCode(ResponseCode.SUCCESS.getCode());
 			resultVO.setResultMessage(ResponseCode.SUCCESS.getMessage());
-		}
 
 		return resultVO;
 	}
 
-	
 
-	/**
-	 * 운영자 권한을 확인한다.(로그인 여부를 확인한다.)
-	 *
-	 * @throws EgovBizException
-	 */
-	protected boolean checkAuthority() throws Exception {
-		// 사용자권한 처리
-		if (!EgovUserDetailsHelper.isAuthenticated()) {
-			return false;
-		} else {
-			return true;
-		}
-	}
 
 }

src/main/java/egovframework/let/cop/bbs/web/EgovBBSManageApiController.java

@@ -13,6 +13,7 @@ import org.egovframe.rte.fdl.property.EgovPropertyService;
 import org.egovframe.rte.ptl.mvc.tags.ui.pagination.PaginationInfo;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -30,7 +31,6 @@ import egovframework.com.cmm.service.EgovFileMngService;
 import egovframework.com.cmm.service.EgovFileMngUtil;
 import egovframework.com.cmm.service.FileVO;
 import egovframework.com.cmm.service.ResultVO;
-import egovframework.com.cmm.util.EgovUserDetailsHelper;
 import egovframework.com.cmm.web.EgovFileDownloadController;
 import egovframework.let.cop.bbs.service.BoardMasterVO;
 import egovframework.let.cop.bbs.service.BoardVO;
@@ -156,12 +156,10 @@ public class EgovBBSManageApiController {
 			@ApiResponse(responseCode = "403", description = "인가된 사용자가 아님")
 	})
 	@PostMapping(value = "/cop/bbs/selectBoardListAPI.do", consumes = MediaType.APPLICATION_JSON_VALUE)
-	public ResultVO selectBoardArticles(@RequestBody BoardVO boardVO)
+	public ResultVO selectBoardArticles(@RequestBody BoardVO boardVO, @AuthenticationPrincipal LoginVO user)
 		throws Exception {
 		ResultVO resultVO = new ResultVO();
 
-		LoginVO user = (LoginVO)EgovUserDetailsHelper.getAuthenticatedUser();
-
 		BoardMasterVO vo = new BoardMasterVO();
 		vo.setBbsId(boardVO.getBbsId());
 		vo.setUniqId(user.getUniqId());
@@ -211,16 +209,11 @@ public class EgovBBSManageApiController {
 			@ApiResponse(responseCode = "403", description = "인가된 사용자가 아님")
 	})
 	@PostMapping(value = "/cop/bbs/selectBoardArticleAPI.do")
-	public ResultVO selectBoardArticle(@RequestBody BoardVO boardVO)
+	public ResultVO selectBoardArticle(@RequestBody BoardVO boardVO,@AuthenticationPrincipal LoginVO user)
 		throws Exception {
 
 		ResultVO resultVO = new ResultVO();
 
-		LoginVO user = new LoginVO();
-		if (EgovUserDetailsHelper.isAuthenticated()) {
-			user = (LoginVO)EgovUserDetailsHelper.getAuthenticatedUser();
-		}
-
 		// 조회수 증가 여부 지정
 		boardVO.setPlusCount(true);
 
@@ -499,14 +492,12 @@ public class EgovBBSManageApiController {
 	@PutMapping(value = "/cop/bbs/deleteBoardArticleAPI/{nttId}.do")
 	public ResultVO deleteBoardArticle(@RequestBody BoardVO boardVO, 
 		@PathVariable("nttId") String nttId,
+		@AuthenticationPrincipal LoginVO user,
 		HttpServletRequest request)
 
 		throws Exception {
 		ResultVO resultVO = new ResultVO();
-		
 
-		LoginVO user = (LoginVO)EgovUserDetailsHelper.getAuthenticatedUser();
-		
 		boardVO.setNttId(Long.parseLong(nttId));
 		boardVO.setLastUpdusrId(user.getUniqId());
 

src/main/java/egovframework/let/cop/com/web/EgovBBSUseInfoManageApiController.java

@@ -10,6 +10,7 @@ import org.egovframe.rte.fdl.cmmn.exception.EgovBizException;
 import org.egovframe.rte.fdl.property.EgovPropertyService;
 import org.egovframe.rte.ptl.mvc.tags.ui.pagination.PaginationInfo;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -22,7 +23,6 @@ import egovframework.com.cmm.EgovMessageSource;
 import egovframework.com.cmm.LoginVO;
 import egovframework.com.cmm.ResponseCode;
 import egovframework.com.cmm.service.ResultVO;
-import egovframework.com.cmm.util.EgovUserDetailsHelper;
 import egovframework.let.cop.bbs.service.BoardMasterVO;
 import egovframework.let.cop.bbs.service.EgovBBSAttributeManageService;
 import egovframework.let.cop.com.service.BoardUseInfVO;
@@ -226,16 +226,12 @@ public class EgovBBSUseInfoManageApiController {
 	@PostMapping(value ="/cop/com/insertBBSUseInfAPI.do")
 	public ResultVO insertBBSUseInf(HttpServletRequest request,
 		BoardUseInfVO bdUseVO,
-		BindingResult bindingResult
-
+		BindingResult bindingResult,
+		@AuthenticationPrincipal LoginVO loginVO
 	) throws Exception {
 
 		ResultVO resultVO = new ResultVO();
 
-
-		LoginVO user = (LoginVO)EgovUserDetailsHelper.getAuthenticatedUser();
-		Boolean isAuthenticated = EgovUserDetailsHelper.isAuthenticated();
-
 		beanValidator.validate(bdUseVO, bindingResult);
 
 		if (bindingResult.hasErrors()) {
@@ -253,14 +249,12 @@ public class EgovBBSUseInfoManageApiController {
 		}
 
 		bdUseVO.setUseAt("Y");
-		bdUseVO.setFrstRegisterId(user.getUniqId());
+		bdUseVO.setFrstRegisterId(loginVO.getUniqId());
 
-		if (isAuthenticated) {
-			bbsUseService.insertBBSUseInf(bdUseVO);
+		bbsUseService.insertBBSUseInf(bdUseVO);
 
-			resultVO.setResultCode(ResponseCode.SUCCESS.getCode());
-			resultVO.setResultMessage(ResponseCode.SUCCESS.getMessage());
-		}
+		resultVO.setResultCode(ResponseCode.SUCCESS.getCode());
+		resultVO.setResultMessage(ResponseCode.SUCCESS.getMessage());
 
 		return resultVO;
 	}
@@ -287,38 +281,18 @@ public class EgovBBSUseInfoManageApiController {
 	@PutMapping(value ="/cop/com/updateBBSUseInfAPI/{bbsId}.do")
 	public ResultVO updateBBSUseInf(HttpServletRequest request,
 		@RequestBody BoardUseInfVO bdUseVO,
-		@PathVariable("bbsId") String bbsId) throws Exception {
+		@PathVariable("bbsId") String bbsId,
+		@AuthenticationPrincipal LoginVO loginVO
+	) throws Exception {
 
 		ResultVO resultVO = new ResultVO();
+		bdUseVO.setBbsId(bbsId);
+		bbsUseService.updateBBSUseInf(bdUseVO);
 
-
-		Boolean isAuthenticated = EgovUserDetailsHelper.isAuthenticated();
-
-		if (isAuthenticated) {
-			bdUseVO.setBbsId(bbsId);
-			bbsUseService.updateBBSUseInf(bdUseVO);
-
-			resultVO.setResultCode(ResponseCode.SUCCESS.getCode());
-			resultVO.setResultMessage(ResponseCode.SUCCESS.getMessage());
-		}
+		resultVO.setResultCode(ResponseCode.SUCCESS.getCode());
+		resultVO.setResultMessage(ResponseCode.SUCCESS.getMessage());
 
 		return resultVO;
 	}
 
-	
-
-	/**
-	 * 운영자 권한을 확인한다.(로그인 여부를 확인한다.)
-	 *
-	 * @throws EgovBizException
-	 */
-	protected boolean checkAuthority() throws Exception {
-		// 사용자권한 처리
-		if (!EgovUserDetailsHelper.isAuthenticated()) {
-			return false;
-		} else {
-			return true;
-		}
-	}
-
 }

src/main/java/egovframework/let/cop/smt/sim/web/EgovIndvdlSchdulManageApiController.java

@@ -36,7 +36,6 @@ import egovframework.com.cmm.service.EgovFileMngService;
 import egovframework.com.cmm.service.EgovFileMngUtil;
 import egovframework.com.cmm.service.FileVO;
 import egovframework.com.cmm.service.ResultVO;
-import egovframework.com.cmm.util.EgovUserDetailsHelper;
 import egovframework.com.cmm.web.EgovFileDownloadController;
 import egovframework.let.cop.smt.sim.service.EgovIndvdlSchdulManageService;
 import egovframework.let.cop.smt.sim.service.IndvdlSchdulManageVO;
@@ -187,14 +186,12 @@ public class EgovIndvdlSchdulManageApiController {
 		HttpServletRequest request,
 		final MultipartHttpServletRequest multiRequest,
 		IndvdlSchdulManageVO indvdlSchdulManageVO,
-		BindingResult bindingResult
+		BindingResult bindingResult,
+		@AuthenticationPrincipal LoginVO loginVO
 	) throws Exception {
 
 		ResultVO resultVO = new ResultVO();
 
-
-		LoginVO user = (LoginVO)EgovUserDetailsHelper.getAuthenticatedUser();
-
 		//서버  validate 체크
 		beanValidator.validate(indvdlSchdulManageVO, bindingResult);
 		if (bindingResult.hasErrors()) {
@@ -219,8 +216,8 @@ public class EgovIndvdlSchdulManageApiController {
 		indvdlSchdulManageVO.setAtchFileId(_atchFileId); // 첨부파일 ID
 
 		//아이디 설정
-		indvdlSchdulManageVO.setFrstRegisterId(user.getUniqId());
-		indvdlSchdulManageVO.setLastUpdusrId(user.getUniqId());
+		indvdlSchdulManageVO.setFrstRegisterId(loginVO.getUniqId());
+		indvdlSchdulManageVO.setLastUpdusrId(loginVO.getUniqId());
 
 		indvdlSchdulManageVO.setSchdulDeptName("관리자부서");
 		indvdlSchdulManageVO.setSchdulDeptId("ORGNZT_0000000000000");
@@ -251,17 +248,13 @@ public class EgovIndvdlSchdulManageApiController {
 	})
 	@PostMapping(value = "/cop/smt/sim/egovIndvdlSchdulManageDetailAPI.do")
 	public ResultVO EgovIndvdlSchdulManageDetail(
-		@RequestBody Map<String, Object> commandMap)
+		@RequestBody Map<String, Object> commandMap,
+		@AuthenticationPrincipal LoginVO user)
 		throws Exception {
 
 		ResultVO resultVO = new ResultVO();
 		Map<String, Object> resultMap = new HashMap<String, Object>();
 
-		LoginVO user = new LoginVO();
-		if (EgovUserDetailsHelper.isAuthenticated()) {
-			user = (LoginVO)EgovUserDetailsHelper.getAuthenticatedUser();
-		}
-
 		IndvdlSchdulManageVO indvdlSchdulManageVO = new IndvdlSchdulManageVO();
 		indvdlSchdulManageVO.setSchdulId((String)commandMap.get("schdulId"));
 
@@ -372,16 +365,14 @@ public class EgovIndvdlSchdulManageApiController {
 	public ResultVO IndvdlSchdulManageModifyActor(
 		final MultipartHttpServletRequest multiRequest,
 		IndvdlSchdulManageVO indvdlSchdulManageVO,
-		BindingResult bindingResult)
+		BindingResult bindingResult,
+		@AuthenticationPrincipal LoginVO user)
 		throws Exception {
 
 		ResultVO resultVO = new ResultVO();
 		Map<String, Object> resultMap = new HashMap<String, Object>();
 
 
-		//로그인 객체 선언
-		LoginVO user = (LoginVO)EgovUserDetailsHelper.getAuthenticatedUser();
-
 		//서버  validate 체크
 		beanValidator.validate(indvdlSchdulManageVO, bindingResult);
 		if (bindingResult.hasErrors()) {
@@ -666,22 +657,4 @@ public class EgovIndvdlSchdulManageApiController {
 		return sOutput;
 	}
 
-	/**
-	 * 운영자 권한을 확인한다.(로그인 여부를 확인한다.)
-	 *
-     * @param model
-	 * @throws EgovBizException
-	 */
-	protected boolean checkAuthority(ModelMap model) throws Exception {
-		// 사용자권한 처리
-		if (!EgovUserDetailsHelper.isAuthenticated()) {
-			model.addAttribute("message", egovMessageSource.getMessage("fail.common.login"));
-			return false;
-		} else {
-			return true;
-		}
-	}
-
-	
-
 }

src/main/java/egovframework/let/uat/esm/web/EgovSiteManagerApiController.java

@@ -6,7 +6,7 @@ import java.util.Map;
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 
-import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
@@ -14,7 +14,6 @@ import org.springframework.web.bind.annotation.RestController;
 import egovframework.com.cmm.LoginVO;
 import egovframework.com.cmm.ResponseCode;
 import egovframework.com.cmm.service.ResultVO;
-import egovframework.com.cmm.util.EgovUserDetailsHelper;
 import egovframework.let.uat.esm.service.EgovSiteManagerService;
 import egovframework.let.utl.sim.service.EgovFileScrty;
 import io.swagger.v3.oas.annotations.Operation;
@@ -91,10 +90,9 @@ public class EgovSiteManagerApiController {
 			@ApiResponse(responseCode = "800", description = "저장시 내부 오류")
 	})
 	@PostMapping(value = "/uat/esm/updateAdminPasswordAPI.do")
-	public ResultVO updateAdminPassword(@RequestBody Map<String,String> param, HttpServletRequest request) throws Exception {
+	public ResultVO updateAdminPassword(@RequestBody Map<String,String> param, HttpServletRequest request, @AuthenticationPrincipal LoginVO user) throws Exception {
 		ResultVO resultVO = new ResultVO();
 
-		LoginVO user = (LoginVO)EgovUserDetailsHelper.getAuthenticatedUser();
 		String old_password = param.get("old_password");
 		String new_password = param.get("new_password");
 		String login_id = user.getId();

src/main/java/egovframework/let/uat/uia/web/EgovLoginApiController.java

@@ -133,7 +133,7 @@ public class EgovLoginApiController {
 			log.debug("===>>> loginVO.getId() = "+loginVO.getId());
 			log.debug("===>>> loginVO.getPassword() = "+loginVO.getPassword());
 			
-			String jwtToken = jwtTokenUtil.generateToken(loginVO);
+			String jwtToken = jwtTokenUtil.generateToken(loginResultVO);
 			
 			String username = jwtTokenUtil.getUserSeFromToken(jwtToken);
 	    	log.debug("Dec jwtToken username = "+username);