Merge pull request #35 from yongfire38/contribution

JWT secret key 설정 방법 변경(application.properties)
3 years ago · f233ca4286
parent 57b2973c55 f1e91881d1
commit f233ca4286
3 changed files with 15 additions and 10 deletions
--- a/src/main/java/egovframework/com/jwt/config/EgovJwtTokenUtil.java
+++ b/src/main/java/egovframework/com/jwt/config/EgovJwtTokenUtil.java
@ -6,10 +6,10 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.function.Function;

-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;

 import egovframework.com.cmm.LoginVO;
+import egovframework.com.cmm.service.EgovProperties;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
@ -24,8 +24,7 @@ public class EgovJwtTokenUtil implements Serializable{
 	//public static final long JWT_TOKEN_VALIDITY = 24 * 60 * 60; //하루
 	public static final long JWT_TOKEN_VALIDITY = (long) ((1 * 60 * 60) / 60) * 60; //토큰의 유효시간 설정, 기본 60분
 	
-	@Value("egovframe")
-    private String secret;
+	public static final String SECRET_KEY = EgovProperties.getProperty("Globals.jwt.secret");
 	
 	//retrieve username from jwt token
    public String getUsernameFromToken(String token) {
@ -44,8 +43,8 @@ public class EgovJwtTokenUtil implements Serializable{
 	
    //for retrieveing any information from token we will need the secret key
    public Claims getAllClaimsFromToken(String token) {
-    	log.debug("===>>> secret = "+secret);
-        return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
+    	log.debug("===>>> secret = "+SECRET_KEY);
+        return Jwts.parser().setSigningKey(SECRET_KEY).parseClaimsJws(token).getBody();
    }
    
    //check if the token has expired
@ -70,10 +69,10 @@ public class EgovJwtTokenUtil implements Serializable{
 	//3. According to JWS Compact Serialization(https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#section-3.1)
 	//   compaction of the JWT to a URL-safe string
    private String doGenerateToken(Map<String, Object> claims, String subject) {
-    	log.debug("===>>> secret = "+secret);
+    	log.debug("===>>> secret = "+SECRET_KEY);
        return Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(new Date(System.currentTimeMillis()))
            .setExpiration(new Date(System.currentTimeMillis() + JWT_TOKEN_VALIDITY * 1000))
-            .signWith(SignatureAlgorithm.HS512, secret).compact();
+            .signWith(SignatureAlgorithm.HS512, SECRET_KEY).compact();
    }
    
    //validate token
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@ -83,6 +83,10 @@ Globals.Allow.Origin = http://localhost:3000
 #\uc8fc\uc758 : \ubc18\ub4dc\uc2dc \uae30\ubcf8\uac12 "egovframe"\uc744 \ub2e4\ub978\uac83\uc73c\ub85c \ubcc0\uacbd\ud558\uc5ec \uc0ac\uc6a9\ud558\uc2dc\uae30 \ubc14\ub78d\ub2c8\ub2e4.
 Globals.crypto.algoritm = egovframe

+#JWT secret key
+#\uc8fc\uc758 : \ubc18\ub4dc\uc2dc \uae30\ubcf8\uac12 "egovframe"\uc744 \ub2e4\ub978\uac83\uc73c\ub85c \ubcc0\uacbd\ud558\uc5ec \uc0ac\uc6a9\ud558\uc2dc\uae30 \ubc14\ub78d\ub2c8\ub2e4
+Globals.jwt.secret = egovframe
+
 #server.servlet.context-path=/sht_boot_web
 server.servlet.context-path=/
 server.port = 8080
@ -90,8 +94,7 @@ server.servlet.session.timeout=3600
 spring.mvc.pathmatch.matching-strategy=ant_path_matcher


-#Logging
-#log \ud30c\uc77c\uba85\uc740 EgovBootApplication.java\ub97c \ucc38\uace0\ud558\uc2dc\uae30 \ubc14\ub78d\ub2c8\ub2e4. 
+#Logging 
 #file path\uc758 default \uac12\uc740 \ud504\ub85c\uc81d\ud2b8 root \uacbd\ub85c\uc774\ubbc0\ub85c \uc6d0\ud558\uc2dc\ub294 \uacbd\ub85c\ub85c \ubcc0\uacbd\ud558\uc5ec \uc0ac\uc6a9\ud558\uc2dc\uae30 \ubc14\ub78d\ub2c8\ub2e4.
 logging.root.level=DEBUG
 logging.file.name=backend
--- a/src/main/resources/static/index.html
+++ b/src/main/resources/static/index.html
@ -10,7 +10,10 @@
 		<a href="https://github.com/eGovFramework/egovframe-template-simple-react">egovframe-template-simple-react</a>을 구동하세요
 	</p>
 	<p>
-	자세한 사항은 README.md 참고
+	application.properties에 정의되어 있는 암호화서비스 알고리즘 키 및 JWT secret 키 값을 반드시 기본값에서 변경하여 사용하시기 바랍니다
+	</p>
+	<p>
+	기타 자세한 사항은 README.md 참고
 	</p>
 </body>
 </html>