접근방지 테스트

src/main/java/sgc/portal/websquare/web/WebsquareController.java

@@ -129,80 +129,83 @@ public class WebsquareController {
 		// 지정된 url에서 접근 가능하도록 추가
 		// ---------------------------------------------------------------------------------------------------------------
 		String referer = StringUtils.trimToNull(request.getHeader("Referer"));
+		
 		if (StringUtils.isEmpty(referer)) {
 			response.setContentType("text/html; charset=UTF-8");
 			PrintWriter out;
 			try {
 				out = response.getWriter();
-				out.println("<script>alert("+referer+"); location.href='referer.html';</script>");
+				out.println("<script>location.href='referer.html';</script>");
 				out.flush();
 			} catch (IOException e) {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
 			}
-		} else {
-			switch (referer) {
-			case "https://gw.sgcetec.co.kr":
-			case "https://gw.sgcenergy.co.kr":
-			case "https://gw.sgcsolutions.co.kr":
-			case "https://211.38.140.252":
-			case "http://gw.usegw.co.kr":
-			case "https://gw.usegw.co.kr":
-				break;
-			default:
-				response.setContentType("text/html; charset=UTF-8");
-				PrintWriter out;
-				try {
-					out = response.getWriter();
-					out.println("<script>alert("+referer+"); location.href='referer.html';</script>");
-					out.flush();
-				} catch (IOException e) {
-					// TODO Auto-generated catch block
-					e.printStackTrace();
-				}
-			}
 		}
-		// ---------------------------------------------------------------------------------------------------------------
+		
+		if( referer.substring(0,24).equals("https://gw.sgcetec.co.kr") || 
+			referer.substring(0,26).equals("https://gw.sgcenergy.co.kr") || 
+			referer.substring(0,29).equals("https://gw.sgcsolutions.co.kr") || 
+			referer.substring(0,22).equals("https://211.38.140.252") || 
+			referer.substring(0,21).equals("http://gw.usegw.co.kr") || 
+			referer.substring(0,22).equals("https://gw.usegw.co.kr")){
+			
+			UserDetails userDetails = (UserDetails) SessionUtil.getAttribute(SgcPortalAttributes.AUTHENTICATION);
+			String movePage = request.getParameter("w2xPath");
+			if (movePage == null || movePage.equals("")) {
+				movePage = "/ux/main/main.xml";
+			}
 
-		UserDetails userDetails = (UserDetails) SessionUtil.getAttribute(SgcPortalAttributes.AUTHENTICATION);
-		String movePage = request.getParameter("w2xPath");
-		if (movePage == null || movePage.equals("")) {
-			movePage = "/ux/main/main.xml";
-		}
+			// session이 없을 경우 login
+			if (userDetails == null || "".equals(userDetails.getUserId())) {
 
-		// session이 없을 경우 login
-		if (userDetails == null || "".equals(userDetails.getUserId())) {
+				Login login = new Login();
+
+				if ("TEC".equals(cmpnCd)) {
+					cmpnCd = "S0001";
+				} else if ("GJE".equals(cmpnCd)) {
+					cmpnCd = "S0002";
+				} else if ("SMG".equals(cmpnCd)) {
+					cmpnCd = "S0003";
+				} else if ("SKG".equals(cmpnCd)) {
+					cmpnCd = "S0004";
+				}
 
-			Login login = new Login();
+				login.setCmpnCd(cmpnCd);
+				login.setLginId(lginId);
+				loginService.loginInsa(login, request);
 
-			if ("TEC".equals(cmpnCd)) {
-				cmpnCd = "S0001";
-			} else if ("GJE".equals(cmpnCd)) {
-				cmpnCd = "S0002";
-			} else if ("SMG".equals(cmpnCd)) {
-				cmpnCd = "S0003";
-			} else if ("SKG".equals(cmpnCd)) {
-				cmpnCd = "S0004";
 			}
 
-			login.setCmpnCd(cmpnCd);
-			login.setLginId(lginId);
-			loginService.loginInsa(login, request);
-
-		}
+			ObjectMapper mapper = new ObjectMapper();
+			String jsonInString = "";
+			try {
+				jsonInString = mapper.writeValueAsString(userDetails);
+			} catch (JsonProcessingException e) {
+				e.printStackTrace();
+			}
 
-		ObjectMapper mapper = new ObjectMapper();
-		String jsonInString = "";
-		try {
-			jsonInString = mapper.writeValueAsString(userDetails);
-		} catch (JsonProcessingException e) {
-			e.printStackTrace();
+			mv.setViewName(jspUrl);
+			mv.addObject("w2xPath", movePage);
+			mv.addObject("userDetails", jsonInString);
+			
+		} else {
+			response.setContentType("text/html; charset=UTF-8");
+			PrintWriter out;
+			try {
+				out = response.getWriter();
+				out.println("<script>location.href='referer.html';</script>");
+				out.flush();
+			} catch (IOException e) {
+				// TODO Auto-generated catch block
+				e.printStackTrace();
+			}
+			
 		}
-
-		mv.setViewName(jspUrl);
-		mv.addObject("w2xPath", movePage);
-		mv.addObject("userDetails", jsonInString);
+		
 		return mv;
+		// ---------------------------------------------------------------------------------------------------------------
+
 	}
 
 	/**
@@ -225,6 +228,7 @@ public class WebsquareController {
 		// 지정된 url에서 접근 가능하도록 추가
 		// ---------------------------------------------------------------------------------------------------------------
 		String referer = StringUtils.trimToNull(request.getHeader("Referer"));
+		
 		if (StringUtils.isEmpty(referer)) {
 			response.setContentType("text/html; charset=UTF-8");
 			PrintWriter out;
@@ -236,67 +240,68 @@ public class WebsquareController {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
 			}
-		} else {
-			switch (referer) {
-			case "https://gw.sgcetec.co.kr":
-			case "https://gw.sgcenergy.co.kr":
-			case "https://gw.sgcsolutions.co.kr":
-			case "https://211.38.140.252":
-			case "http://gw.usegw.co.kr":
-			case "https://gw.usegw.co.kr":
-				break;
-			default:
-				response.setContentType("text/html; charset=UTF-8");
-				PrintWriter out;
-				try {
-					out = response.getWriter();
-					out.println("<script>location.href='referer.html';</script>");
-					out.flush();
-				} catch (IOException e) {
-					// TODO Auto-generated catch block
-					e.printStackTrace();
-				}
-			}
 		}
-		// ---------------------------------------------------------------------------------------------------------------
+		
+		if( referer.substring(0,24).equals("https://gw.sgcetec.co.kr") || 
+			referer.substring(0,26).equals("https://gw.sgcenergy.co.kr") || 
+			referer.substring(0,29).equals("https://gw.sgcsolutions.co.kr") || 
+			referer.substring(0,22).equals("https://211.38.140.252") || 
+			referer.substring(0,21).equals("http://gw.usegw.co.kr") || 
+			referer.substring(0,22).equals("https://gw.usegw.co.kr")){
+			
+			UserDetails userDetails = (UserDetails) SessionUtil.getAttribute(SgcPortalAttributes.AUTHENTICATION);
+			String movePage = request.getParameter("w2xPath");
+			movePage = "/ux/cw/cw0804/CW08040001U.xml";
 
-		UserDetails userDetails = (UserDetails) SessionUtil.getAttribute(SgcPortalAttributes.AUTHENTICATION);
-		String movePage = request.getParameter("w2xPath");
-		movePage = "/ux/cw/cw0804/CW08040001U.xml";
+			// session이 없을 경우 login
+			if (userDetails == null || "".equals(userDetails.getUserId())) {
 
-		// session이 없을 경우 login
-		if (userDetails == null || "".equals(userDetails.getUserId())) {
+				Login login = new Login();
+
+				if ("TEC".equals(cmpnCd)) {
+					cmpnCd = "S0001";
+				} else if ("GJE".equals(cmpnCd)) {
+					cmpnCd = "S0002";
+				} else if ("SMG".equals(cmpnCd)) {
+					cmpnCd = "S0003";
+				} else if ("SKG".equals(cmpnCd)) {
+					cmpnCd = "S0004";
+				}
 
-			Login login = new Login();
+				login.setCmpnCd(cmpnCd);
+				login.setLginId(lginId);
+				loginService.loginInsa(login, request);
 
-			if ("TEC".equals(cmpnCd)) {
-				cmpnCd = "S0001";
-			} else if ("GJE".equals(cmpnCd)) {
-				cmpnCd = "S0002";
-			} else if ("SMG".equals(cmpnCd)) {
-				cmpnCd = "S0003";
-			} else if ("SKG".equals(cmpnCd)) {
-				cmpnCd = "S0004";
 			}
 
-			login.setCmpnCd(cmpnCd);
-			login.setLginId(lginId);
-			loginService.loginInsa(login, request);
-
-		}
+			ObjectMapper mapper = new ObjectMapper();
+			String jsonInString = "";
+			try {
+				jsonInString = mapper.writeValueAsString(userDetails);
+			} catch (JsonProcessingException e) {
+				e.printStackTrace();
+			}
 
-		ObjectMapper mapper = new ObjectMapper();
-		String jsonInString = "";
-		try {
-			jsonInString = mapper.writeValueAsString(userDetails);
-		} catch (JsonProcessingException e) {
-			e.printStackTrace();
+			mv.setViewName(jspUrl);
+			mv.addObject("w2xPath", movePage);
+			mv.addObject("userDetails", jsonInString);
+			
+		} else {
+			response.setContentType("text/html; charset=UTF-8");
+			PrintWriter out;
+			try {
+				out = response.getWriter();
+				out.println("<script>location.href='referer.html';</script>");
+				out.flush();
+			} catch (IOException e) {
+				// TODO Auto-generated catch block
+				e.printStackTrace();
+			}
+			
 		}
-
-		mv.setViewName(jspUrl);
-		mv.addObject("w2xPath", movePage);
-		mv.addObject("userDetails", jsonInString);
+		
 		return mv;
+
 	}
 
 	/**
@@ -314,11 +319,12 @@ public class WebsquareController {
 		String cmpnCd = request.getParameter("cmpnCd");
 		String lginId = request.getParameter("lginId");
 		String jspUrl = "websquare/popupDoc";
-
+		
 		// ---------------------------------------------------------------------------------------------------------------
 		// 지정된 url에서 접근 가능하도록 추가
 		// ---------------------------------------------------------------------------------------------------------------
 		String referer = StringUtils.trimToNull(request.getHeader("Referer"));
+		
 		if (StringUtils.isEmpty(referer)) {
 			response.setContentType("text/html; charset=UTF-8");
 			PrintWriter out;
@@ -330,66 +336,66 @@ public class WebsquareController {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
 			}
-		} else {
-			switch (referer) {
-			case "https://gw.sgcetec.co.kr":
-			case "https://gw.sgcenergy.co.kr":
-			case "https://gw.sgcsolutions.co.kr":
-			case "https://211.38.140.252":
-			case "http://gw.usegw.co.kr":
-			case "https://gw.usegw.co.kr":
-				break;
-			default:
-				response.setContentType("text/html; charset=UTF-8");
-				PrintWriter out;
-				try {
-					out = response.getWriter();
-					out.println("<script>location.href='referer.html';</script>");
-					out.flush();
-				} catch (IOException e) {
-					// TODO Auto-generated catch block
-					e.printStackTrace();
-				}
-			}
 		}
-		// ---------------------------------------------------------------------------------------------------------------
+		
+		if( referer.substring(0,24).equals("https://gw.sgcetec.co.kr") || 
+			referer.substring(0,26).equals("https://gw.sgcenergy.co.kr") || 
+			referer.substring(0,29).equals("https://gw.sgcsolutions.co.kr") || 
+			referer.substring(0,22).equals("https://211.38.140.252") || 
+			referer.substring(0,21).equals("http://gw.usegw.co.kr") || 
+			referer.substring(0,22).equals("https://gw.usegw.co.kr")){
+			
+			UserDetails userDetails = (UserDetails) SessionUtil.getAttribute(SgcPortalAttributes.AUTHENTICATION);
+			String movePage = request.getParameter("w2xPath");
+			movePage = "/ux/qc/qc0102/QC01020001U.xml";
 
-		UserDetails userDetails = (UserDetails) SessionUtil.getAttribute(SgcPortalAttributes.AUTHENTICATION);
-		String movePage = request.getParameter("w2xPath");
-		movePage = "/ux/qc/qc0102/QC01020001U.xml";
+			// session이 없을 경우 login
+			if (userDetails == null || "".equals(userDetails.getUserId())) {
 
-		// session이 없을 경우 login
-		if (userDetails == null || "".equals(userDetails.getUserId())) {
+				Login login = new Login();
 
-			Login login = new Login();
+				if ("TEC".equals(cmpnCd)) {
+					cmpnCd = "S0001";
+				} else if ("GJE".equals(cmpnCd)) {
+					cmpnCd = "S0002";
+				} else if ("SMG".equals(cmpnCd)) {
+					cmpnCd = "S0003";
+				} else if ("SKG".equals(cmpnCd)) {
+					cmpnCd = "S0004";
+				}
 
-			if ("TEC".equals(cmpnCd)) {
-				cmpnCd = "S0001";
-			} else if ("GJE".equals(cmpnCd)) {
-				cmpnCd = "S0002";
-			} else if ("SMG".equals(cmpnCd)) {
-				cmpnCd = "S0003";
-			} else if ("SKG".equals(cmpnCd)) {
-				cmpnCd = "S0004";
-			}
+				login.setCmpnCd(cmpnCd);
+				login.setLginId(lginId);
+				loginService.loginInsa(login, request);
 
-			login.setCmpnCd(cmpnCd);
-			login.setLginId(lginId);
-			loginService.loginInsa(login, request);
+			}
 
-		}
+			ObjectMapper mapper = new ObjectMapper();
+			String jsonInString = "";
+			try {
+				jsonInString = mapper.writeValueAsString(userDetails);
+			} catch (JsonProcessingException e) {
+				e.printStackTrace();
+			}
 
-		ObjectMapper mapper = new ObjectMapper();
-		String jsonInString = "";
-		try {
-			jsonInString = mapper.writeValueAsString(userDetails);
-		} catch (JsonProcessingException e) {
-			e.printStackTrace();
+			mv.setViewName(jspUrl);
+			mv.addObject("w2xPath", movePage);
+			mv.addObject("userDetails", jsonInString);
+			
+		} else {
+			response.setContentType("text/html; charset=UTF-8");
+			PrintWriter out;
+			try {
+				out = response.getWriter();
+				out.println("<script>location.href='referer.html';</script>");
+				out.flush();
+			} catch (IOException e) {
+				// TODO Auto-generated catch block
+				e.printStackTrace();
+			}
+			
 		}
-
-		mv.setViewName(jspUrl);
-		mv.addObject("w2xPath", movePage);
-		mv.addObject("userDetails", jsonInString);
+		
 		return mv;
 	}
 
@@ -408,11 +414,12 @@ public class WebsquareController {
 		String cmpnCd = request.getParameter("cmpnCd");
 		String lginId = request.getParameter("lginId");
 		String jspUrl = "websquare/popupMap";
-
+		
 		// ---------------------------------------------------------------------------------------------------------------
 		// 지정된 url에서 접근 가능하도록 추가
 		// ---------------------------------------------------------------------------------------------------------------
 		String referer = StringUtils.trimToNull(request.getHeader("Referer"));
+		
 		if (StringUtils.isEmpty(referer)) {
 			response.setContentType("text/html; charset=UTF-8");
 			PrintWriter out;
@@ -424,66 +431,66 @@ public class WebsquareController {
 				// TODO Auto-generated catch block
 				e.printStackTrace();
 			}
-		} else {
-			switch (referer) {
-			case "https://gw.sgcetec.co.kr":
-			case "https://gw.sgcenergy.co.kr":
-			case "https://gw.sgcsolutions.co.kr":
-			case "https://211.38.140.252":
-			case "http://gw.usegw.co.kr":
-			case "https://gw.usegw.co.kr":
-				break;
-			default:
-				response.setContentType("text/html; charset=UTF-8");
-				PrintWriter out;
-				try {
-					out = response.getWriter();
-					out.println("<script>location.href='referer.html';</script>");
-					out.flush();
-				} catch (IOException e) {
-					// TODO Auto-generated catch block
-					e.printStackTrace();
-				}
-			}
 		}
-		// ---------------------------------------------------------------------------------------------------------------
+		
+		if( referer.substring(0,24).equals("https://gw.sgcetec.co.kr") || 
+			referer.substring(0,26).equals("https://gw.sgcenergy.co.kr") || 
+			referer.substring(0,29).equals("https://gw.sgcsolutions.co.kr") || 
+			referer.substring(0,22).equals("https://211.38.140.252") || 
+			referer.substring(0,21).equals("http://gw.usegw.co.kr") || 
+			referer.substring(0,22).equals("https://gw.usegw.co.kr")){
+			
+			UserDetails userDetails = (UserDetails) SessionUtil.getAttribute(SgcPortalAttributes.AUTHENTICATION);
+			String movePage = request.getParameter("w2xPath");
+			movePage = "/ux/cw/cw1002/CW10020001U.xml";
 
-		UserDetails userDetails = (UserDetails) SessionUtil.getAttribute(SgcPortalAttributes.AUTHENTICATION);
-		String movePage = request.getParameter("w2xPath");
-		movePage = "/ux/cw/cw1002/CW10020001U.xml";
+			// session이 없을 경우 login
+			if (userDetails == null || "".equals(userDetails.getUserId())) {
 
-		// session이 없을 경우 login
-		if (userDetails == null || "".equals(userDetails.getUserId())) {
+				Login login = new Login();
 
-			Login login = new Login();
+				if ("TEC".equals(cmpnCd)) {
+					cmpnCd = "S0001";
+				} else if ("GJE".equals(cmpnCd)) {
+					cmpnCd = "S0002";
+				} else if ("SMG".equals(cmpnCd)) {
+					cmpnCd = "S0003";
+				} else if ("SKG".equals(cmpnCd)) {
+					cmpnCd = "S0004";
+				}
 
-			if ("TEC".equals(cmpnCd)) {
-				cmpnCd = "S0001";
-			} else if ("GJE".equals(cmpnCd)) {
-				cmpnCd = "S0002";
-			} else if ("SMG".equals(cmpnCd)) {
-				cmpnCd = "S0003";
-			} else if ("SKG".equals(cmpnCd)) {
-				cmpnCd = "S0004";
-			}
+				login.setCmpnCd(cmpnCd);
+				login.setLginId(lginId);
+				loginService.loginInsa(login, request);
 
-			login.setCmpnCd(cmpnCd);
-			login.setLginId(lginId);
-			loginService.loginInsa(login, request);
+			}
 
-		}
+			ObjectMapper mapper = new ObjectMapper();
+			String jsonInString = "";
+			try {
+				jsonInString = mapper.writeValueAsString(userDetails);
+			} catch (JsonProcessingException e) {
+				e.printStackTrace();
+			}
 
-		ObjectMapper mapper = new ObjectMapper();
-		String jsonInString = "";
-		try {
-			jsonInString = mapper.writeValueAsString(userDetails);
-		} catch (JsonProcessingException e) {
-			e.printStackTrace();
+			mv.setViewName(jspUrl);
+			mv.addObject("w2xPath", movePage);
+			mv.addObject("userDetails", jsonInString);
+			
+		} else {
+			response.setContentType("text/html; charset=UTF-8");
+			PrintWriter out;
+			try {
+				out = response.getWriter();
+				out.println("<script>location.href='referer.html';</script>");
+				out.flush();
+			} catch (IOException e) {
+				// TODO Auto-generated catch block
+				e.printStackTrace();
+			}
+			
 		}
-
-		mv.setViewName(jspUrl);
-		mv.addObject("w2xPath", movePage);
-		mv.addObject("userDetails", jsonInString);
+		
 		return mv;
 	}