|
|
@@ -1,18 +1,26 @@
|
|
|
package com.style24.scm.support.config;
|
|
|
|
|
|
import java.nio.charset.Charset;
|
|
|
+import java.util.Iterator;
|
|
|
+import java.util.List;
|
|
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
|
|
import org.springframework.context.annotation.Bean;
|
|
|
import org.springframework.context.annotation.Configuration;
|
|
|
+import org.springframework.http.MediaType;
|
|
|
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
|
|
|
+import org.springframework.http.converter.HttpMessageConverter;
|
|
|
import org.springframework.http.converter.StringHttpMessageConverter;
|
|
|
+import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
|
|
|
import org.springframework.web.client.RestTemplate;
|
|
|
import org.springframework.web.multipart.support.MultipartFilter;
|
|
|
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
|
|
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
|
|
|
|
|
+import com.fasterxml.jackson.databind.DeserializationFeature;
|
|
|
+import com.fasterxml.jackson.databind.ObjectMapper;
|
|
|
+import com.style24.core.support.text.TscHtmlCharacterEscapes;
|
|
|
import com.style24.scm.support.interceptor.TssDefaultInterceptor;
|
|
|
|
|
|
import com.gagaframework.web.core.filter.GagaXssServletFilter;
|
|
|
@@ -93,32 +101,36 @@ public class TssWebMvcConfig implements WebMvcConfigurer {
|
|
|
* MappingJackson2HttpMessageConverter가 여러 개일 경우 내가 추가한 것이 선택되지 않을 수 있음
|
|
|
* 그러므로 application/json으로 선택되는 converter를 덮어 써야 함
|
|
|
*/
|
|
|
-// @SuppressWarnings("rawtypes")
|
|
|
-// @Override
|
|
|
-// public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
|
|
|
-// // Replace MessageConverter from default WebMvcConfigurer
|
|
|
-// Iterator<HttpMessageConverter<?>> converterIterator = converters.iterator();
|
|
|
-// while (converterIterator.hasNext()) {
|
|
|
-// // Do not add new one, must replace
|
|
|
-// HttpMessageConverter converter = converterIterator.next();
|
|
|
-// if (converter.getSupportedMediaTypes().contains(MediaType.APPLICATION_JSON)) {
|
|
|
-// converterIterator.remove();
|
|
|
-// }
|
|
|
-// }
|
|
|
-// converters.add(jsonEscapeConverter());
|
|
|
-// }
|
|
|
+ @SuppressWarnings("rawtypes")
|
|
|
+ @Override
|
|
|
+ public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
|
|
|
+ // Replace MessageConverter from default WebMvcConfigurer
|
|
|
+ Iterator<HttpMessageConverter<?>> converterIterator = converters.iterator();
|
|
|
+ while (converterIterator.hasNext()) {
|
|
|
+ // Do not add new one, must replace
|
|
|
+ HttpMessageConverter converter = converterIterator.next();
|
|
|
+ if (converter.getSupportedMediaTypes().contains(MediaType.APPLICATION_JSON)) {
|
|
|
+ converterIterator.remove();
|
|
|
+ }
|
|
|
+ }
|
|
|
+ converters.add(jsonEscapeConverter());
|
|
|
+ }
|
|
|
|
|
|
/**
|
|
|
* XSS(Cross Site Script) Prevention
|
|
|
* @ResponseBody로 전달되는 JSON에 대한 처리
|
|
|
* @return
|
|
|
*/
|
|
|
-// @Bean
|
|
|
-// public MappingJackson2HttpMessageConverter jsonEscapeConverter() {
|
|
|
-// ObjectMapper objectMapper = new ObjectMapper();
|
|
|
-// objectMapper.getFactory().setCharacterEscapes(new TscHtmlCharacterEscapes());
|
|
|
-// return new MappingJackson2HttpMessageConverter(objectMapper);
|
|
|
-// }
|
|
|
+ @Bean
|
|
|
+ public MappingJackson2HttpMessageConverter jsonEscapeConverter() {
|
|
|
+ ObjectMapper objectMapper = new ObjectMapper();
|
|
|
+ objectMapper.getFactory().setCharacterEscapes(new TscHtmlCharacterEscapes());
|
|
|
+
|
|
|
+ // 도메인이 정의되지 않은 경우 JsonMappingException 발생 처리 안 하도록
|
|
|
+ objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
|
|
|
+
|
|
|
+ return new MappingJackson2HttpMessageConverter(objectMapper);
|
|
|
+ }
|
|
|
|
|
|
/**
|
|
|
* API 호출을 위한 RestTemplate 설정
|
eskim