|
|
@@ -18,12 +18,13 @@ import org.springframework.web.multipart.support.MultipartFilter;
|
|
|
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
|
|
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
|
|
|
|
|
+import com.fasterxml.jackson.databind.DeserializationFeature;
|
|
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
|
|
import com.style24.admin.support.interceptor.TsaDefaultInterceptor;
|
|
|
import com.style24.admin.support.interceptor.TsaPosInterceptor;
|
|
|
import com.style24.admin.support.readable.TsaRequestFilter;
|
|
|
import com.style24.core.support.filter.TscXssServletFilter;
|
|
|
-
|
|
|
+import com.style24.core.support.text.TscHtmlCharacterEscapes;
|
|
|
|
|
|
import com.gagaframework.web.rest.client.GagaRequestStringTrim;
|
|
|
|
|
|
@@ -125,32 +126,36 @@ public class TsaWebMvcConfig implements WebMvcConfigurer {
|
|
|
* MappingJackson2HttpMessageConverter가 여러 개일 경우 내가 추가한 것이 선택되지 않을 수 있음
|
|
|
* 그러므로 application/json으로 선택되는 converter를 덮어 써야 함
|
|
|
*/
|
|
|
-// @SuppressWarnings("rawtypes")
|
|
|
-// @Override
|
|
|
-// public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
|
|
|
-// // Replace MessageConverter from default WebMvcConfigurer
|
|
|
-// Iterator<HttpMessageConverter<?>> converterIterator = converters.iterator();
|
|
|
-// while (converterIterator.hasNext()) {
|
|
|
-// // Do not add new one, must replace
|
|
|
-// HttpMessageConverter converter = converterIterator.next();
|
|
|
-// if (converter.getSupportedMediaTypes().contains(MediaType.APPLICATION_JSON)) {
|
|
|
-// converterIterator.remove();
|
|
|
-// }
|
|
|
-// }
|
|
|
-// converters.add(jsonEscapeConverter());
|
|
|
-// }
|
|
|
+ @SuppressWarnings("rawtypes")
|
|
|
+ @Override
|
|
|
+ public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
|
|
|
+ // Replace MessageConverter from default WebMvcConfigurer
|
|
|
+ Iterator<HttpMessageConverter<?>> converterIterator = converters.iterator();
|
|
|
+ while (converterIterator.hasNext()) {
|
|
|
+ // Do not add new one, must replace
|
|
|
+ HttpMessageConverter converter = converterIterator.next();
|
|
|
+ if (converter.getSupportedMediaTypes().contains(MediaType.APPLICATION_JSON)) {
|
|
|
+ converterIterator.remove();
|
|
|
+ }
|
|
|
+ }
|
|
|
+ converters.add(jsonEscapeConverter());
|
|
|
+ }
|
|
|
|
|
|
/**
|
|
|
* XSS(Cross Site Script) Prevention
|
|
|
* @ResponseBody로 전달되는 JSON에 대한 처리
|
|
|
* @return
|
|
|
*/
|
|
|
-// @Bean
|
|
|
-// public MappingJackson2HttpMessageConverter jsonEscapeConverter() {
|
|
|
-// ObjectMapper objectMapper = new ObjectMapper();
|
|
|
-// objectMapper.getFactory().setCharacterEscapes(new TscHtmlCharacterEscapes());
|
|
|
-// return new MappingJackson2HttpMessageConverter(objectMapper);
|
|
|
-// }
|
|
|
+ @Bean
|
|
|
+ public MappingJackson2HttpMessageConverter jsonEscapeConverter() {
|
|
|
+ ObjectMapper objectMapper = new ObjectMapper();
|
|
|
+ objectMapper.getFactory().setCharacterEscapes(new TscHtmlCharacterEscapes());
|
|
|
+
|
|
|
+ // 도메인이 정의되지 않은 경우 JsonMappingException 발생 처리 안 하도록
|
|
|
+ objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
|
|
|
+
|
|
|
+ return new MappingJackson2HttpMessageConverter(objectMapper);
|
|
|
+ }
|
|
|
|
|
|
/**
|
|
|
* API 호출을 위한 RestTemplate 설정
|
gagamel