|
|
@@ -1,22 +1,28 @@
|
|
|
package com.style24.scm.support.config;
|
|
|
|
|
|
import java.nio.charset.Charset;
|
|
|
+import java.util.Iterator;
|
|
|
+import java.util.List;
|
|
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
|
|
import org.springframework.context.annotation.Bean;
|
|
|
import org.springframework.context.annotation.Configuration;
|
|
|
+import org.springframework.http.MediaType;
|
|
|
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
|
|
|
+import org.springframework.http.converter.HttpMessageConverter;
|
|
|
import org.springframework.http.converter.StringHttpMessageConverter;
|
|
|
+import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
|
|
|
import org.springframework.web.client.RestTemplate;
|
|
|
import org.springframework.web.multipart.support.MultipartFilter;
|
|
|
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
|
|
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
|
|
|
|
|
+import com.fasterxml.jackson.databind.ObjectMapper;
|
|
|
import com.style24.core.support.filter.TscXssServletFilter;
|
|
|
+import com.style24.core.support.text.TscHtmlCharacterEscapes;
|
|
|
import com.style24.scm.support.interceptor.TssDefaultInterceptor;
|
|
|
|
|
|
-import com.gagaframework.web.core.filter.GagaXssServletFilter;
|
|
|
import com.gagaframework.web.rest.client.GagaRequestStringTrim;
|
|
|
|
|
|
/**
|
|
|
@@ -91,6 +97,37 @@ public class TssWebMvcConfig implements WebMvcConfigurer {
|
|
|
return bean;
|
|
|
}
|
|
|
|
|
|
+ /**
|
|
|
+ * MappingJackson2HttpMessageConverter가 여러 개일 경우 내가 추가한 것이 선택되지 않을 수 있음
|
|
|
+ * 그러므로 application/json으로 선택되는 converter를 덮어 써야 함
|
|
|
+ */
|
|
|
+ @SuppressWarnings("rawtypes")
|
|
|
+ @Override
|
|
|
+ public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
|
|
|
+ // Replace MessageConverter from default WebMvcConfigurer
|
|
|
+ Iterator<HttpMessageConverter<?>> converterIterator = converters.iterator();
|
|
|
+ while (converterIterator.hasNext()) {
|
|
|
+ // Do not add new one, must replace
|
|
|
+ HttpMessageConverter converter = converterIterator.next();
|
|
|
+ if (converter.getSupportedMediaTypes().contains(MediaType.APPLICATION_JSON)) {
|
|
|
+ converterIterator.remove();
|
|
|
+ }
|
|
|
+ }
|
|
|
+ converters.add(jsonEscapeConverter());
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * XSS(Cross Site Script) Prevention
|
|
|
+ * @ResponseBody로 전달되는 JSON에 대한 처리
|
|
|
+ * @return
|
|
|
+ */
|
|
|
+ @Bean
|
|
|
+ public MappingJackson2HttpMessageConverter jsonEscapeConverter() {
|
|
|
+ ObjectMapper objectMapper = new ObjectMapper();
|
|
|
+ objectMapper.getFactory().setCharacterEscapes(new TscHtmlCharacterEscapes());
|
|
|
+ return new MappingJackson2HttpMessageConverter(objectMapper);
|
|
|
+ }
|
|
|
+
|
|
|
/**
|
|
|
* API 호출을 위한 RestTemplate 설정
|
|
|
*
|
gagamel