Merge branch 'develop' into bin2107

src/main/java/com/style24/front/support/config/TsfWebMvcConfig.java

@@ -22,8 +22,9 @@ import org.springframework.web.multipart.support.MultipartFilter;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
+import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.style24.core.support.filter.TscXssServletFilter;
+import com.style24.core.support.text.TscHtmlCharacterEscapes;
 import com.style24.front.support.interceptor.TsfAflinkInterceptor;
 import com.style24.front.support.interceptor.TsfDefaultInterceptor;
 import com.style24.front.support.interceptor.TsfGoodsViewInterceptor;
@@ -31,6 +32,7 @@ import com.style24.front.support.interceptor.TsfLoginCheckInterceptor;
 import com.style24.front.support.interceptor.TsfRememberMeInterceptor;
 import com.style24.front.support.interceptor.TsfReturnUrlInterceptor;
 
+import com.gagaframework.web.core.filter.GagaXssServletFilter;
 import com.gagaframework.web.rest.client.GagaRequestStringTrim;
 
 /**
@@ -169,8 +171,7 @@ public class TsfWebMvcConfig implements WebMvcConfigurer {
 	@Bean
 	public FilterRegistrationBean xssFilterRegistrationBean() {
 		FilterRegistrationBean bean = new FilterRegistrationBean();
-//		bean.setFilter(new GagaXssServletFilter());
-		bean.setFilter(new TscXssServletFilter());
+		bean.setFilter(new GagaXssServletFilter());
 		bean.setOrder(2);
 		bean.addUrlPatterns("/*");
 		return bean;
@@ -202,32 +203,36 @@ public class TsfWebMvcConfig implements WebMvcConfigurer {
 	 * MappingJackson2HttpMessageConverter가 여러 개일 경우 내가 추가한 것이 선택되지 않을 수 있음
 	 * 그러므로 application/json으로 선택되는 converter를 덮어 써야 함
 	 */
-//	@SuppressWarnings("rawtypes")
-//	@Override
-//	public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
-//		// Replace MessageConverter from default WebMvcConfigurer
-//		Iterator<HttpMessageConverter<?>> converterIterator = converters.iterator();
-//		while (converterIterator.hasNext()) {
-//			// Do not add new one, must replace
-//			HttpMessageConverter converter = converterIterator.next();
-//			if (converter.getSupportedMediaTypes().contains(MediaType.APPLICATION_JSON)) {
-//				converterIterator.remove();
-//			}
-//		}
-//		converters.add(jsonEscapeConverter());
-//	}
+	@SuppressWarnings("rawtypes")
+	@Override
+	public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
+		// Replace MessageConverter from default WebMvcConfigurer
+		Iterator<HttpMessageConverter<?>> converterIterator = converters.iterator();
+		while (converterIterator.hasNext()) {
+			// Do not add new one, must replace
+			HttpMessageConverter converter = converterIterator.next();
+			if (converter.getSupportedMediaTypes().contains(MediaType.APPLICATION_JSON)) {
+				converterIterator.remove();
+			}
+		}
+		converters.add(jsonEscapeConverter());
+	}
 
 	/**
 	 * XSS(Cross Site Script) Prevention
 	 * 		@ResponseBody로 전달되는 JSON에 대한 처리
 	 * @return
 	 */
-//	@Bean
-//	public MappingJackson2HttpMessageConverter jsonEscapeConverter() {
-//		ObjectMapper objectMapper = new ObjectMapper();
-//		objectMapper.getFactory().setCharacterEscapes(new TscHtmlCharacterEscapes());
-//		return new MappingJackson2HttpMessageConverter(objectMapper);
-//	}
+	@Bean
+	public MappingJackson2HttpMessageConverter jsonEscapeConverter() {
+		ObjectMapper objectMapper = new ObjectMapper();
+		objectMapper.getFactory().setCharacterEscapes(new TscHtmlCharacterEscapes());
+
+		// 도메인이 정의되지 않은 경우 JsonMappingException 발생 처리 안 하도록
+		objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+
+		return new MappingJackson2HttpMessageConverter(objectMapper);
+	}
 
 	/**
 	 * API 호출을 위한 RestTemplate 설정