web security last update

src/main/java/com/its/op/controller/its/LoginController.java

@@ -94,16 +94,17 @@ public class LoginController {
     @GetMapping({"/logout.do"})
     public ModelAndView getLogout(HttpServletRequest request, HttpServletResponse response) {
         Cookie[] cookies = request.getCookies();
-//        log.error("{}", cookies.length);
-//        for (int ii = 0; ii < cookies.length; ii++) {
-//            log.error("{}, {}", cookies[ii].getName(), cookies[ii].getValue());
-//        }
+        for (int ii = 0; ii < cookies.length; ii++) {
+            log.error("getLogout: {}, {}", cookies[ii].getName(), cookies[ii].getValue());
+        }
         String encUserId = "";
         String loginHms = "";
         if (cookies != null && cookies.length > 0) {
             try {
                 encUserId = CookieUtils.getCookie(request, WebMvcConfig.USER_UUID);
                 loginHms = CookieUtils.getCookie(request, WebMvcConfig.USER_TIME);
+//                expiredCookie(response, WebMvcConfig.USER_UUID);
+//                expiredCookie(response, WebMvcConfig.USER_TIME);
             } catch (Exception e) {
                 log.error("{}", e.getMessage());
             }
@@ -119,17 +120,24 @@ public class LoginController {
             this.service.logout(req);
         }
 
-        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-        if (auth != null) {
-            expiredCookie(response, WebMvcConfig.USER_UUID);
-            expiredCookie(response, WebMvcConfig.USER_TIME);
-            new SecurityContextLogoutHandler().logout(request, response, auth);
-        }
+//        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+//        if (auth != null) {
+//            // 여기로 안들어오네... 나중에 확인.....
+//            log.error("Authentication: {}", auth.toString());
+//            expiredCookie(response, WebMvcConfig.USER_UUID);
+//            expiredCookie(response, WebMvcConfig.USER_TIME);
+//            //new SecurityContextLogoutHandler().logout(request, response, auth);
+//        }
+
         HttpSession session = request.getSession(false);
         if (session != null) {
+            log.error("session: {}", session.toString());
             session.invalidate();   // session remove
         }
-        return new ModelAndView("forward:/application/login/login.html");
+        new SecurityContextLogoutHandler().logout(request, response, SecurityContextHolder.getContext().getAuthentication());
+
+        //return new ModelAndView("redirect:/api/auth/login.do");
+        return new ModelAndView("redirect:/application/login/login.html");
     }
 
     private void expiredCookie(HttpServletResponse response, String cookieName) {

src/main/java/com/its/op/controller/its/cctv/TbCctvCtlrController.java

@@ -5,6 +5,7 @@ import com.its.op.dto.its.common.NewIdLongDto;
 import com.its.op.service.its.cctv.TbCctvCtlrService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
+import io.swagger.annotations.ApiParam;
 import lombok.RequiredArgsConstructor;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
@@ -29,19 +30,26 @@ public class TbCctvCtlrController {
 
     @ApiOperation(value = "CCTV 제어기 개별조회(TB_CCTV_CTLR)", response = TbCctvCtlrDto.class)
     @GetMapping(value = "/{id}", produces = {"application/json; charset=utf8"})
-    public TbCctvCtlrDto findById(@PathVariable final Long id) {
+    public TbCctvCtlrDto findById(
+            @ApiParam(name = "id", value = "제어기 관리번호", example = "1", required = true)
+            @PathVariable final Long id) {
         return this.service.findById(id);
     }
 
     @ApiOperation(value = "CCTV 제어기 정보변경/생성-개별(TB_CCTV_CTLR)", response = TbCctvCtlrDto.class)
     @PostMapping(value = "/{id}", produces = {"application/json; charset=utf8"})
-    public TbCctvCtlrDto mergeInfo(@PathVariable("id") Long id, @RequestBody @Valid final TbCctvCtlrDto.TbCctvCtlrUpdReq req) {
+    public TbCctvCtlrDto mergeInfo(
+            @ApiParam(name = "id", value = "제어기 관리번호", example = "1", required = true)
+            @PathVariable("id") Long id,
+            @RequestBody @Valid final TbCctvCtlrDto.TbCctvCtlrUpdReq req) {
         return this.service.mergeInfo(req);
     }
 
     @ApiOperation(value = "CCTV 제어기 정보삭제-개별(TB_CCTV_CTLR)", response = TbCctvCtlrDto.class)
     @DeleteMapping(value = "/{id}", produces = {"application/json; charset=utf8"})
-    public TbCctvCtlrDto deleteDataById(@PathVariable("id") Long id) {
+    public TbCctvCtlrDto deleteDataById(
+            @ApiParam(name = "id", value = "제어기 관리번호", example = "1", required = true)
+            @PathVariable("id") Long id) {
         return this.service.deleteById(id);
     }
 

src/main/java/com/its/op/controller/its/database/TbLeglHldyInfrController.java

@@ -38,7 +38,7 @@ public class TbLeglHldyInfrController {
     @ApiOperation(value = "공휴일 정보 개별조회(TB_LEGL_HLDY_INFR)", response = TbLeglHldyInfrDto.class)
     @GetMapping(value = "/{day}", produces = {"application/json; charset=utf8"})
     public TbLeglHldyInfrDto findById(
-            @ApiParam(name = "day", value = "일자(YYYYMMDD'", example = "20210101", required = true)
+            @ApiParam(name = "day", value = "일자(YYYYMMDD)", example = "20210101", required = true)
             @PathVariable final String day) {
         return this.service.findById(day);
     }

src/main/java/com/its/op/controller/its/vms/TbVmsIfscController.java

@@ -50,7 +50,6 @@ public class TbVmsIfscController {
     @ApiOperation(value = "VMS 정보제공구간 정보변경/생성-개별(TB_VMS_IFSC)", response = TbVmsIfscDto.class)
     @PostMapping(value = "/{id}", produces = {"application/json; charset=utf8"})
     public TbVmsIfscDto.TbVmsIfscUpdReq mergeInfo(@PathVariable("id") Long id, @RequestBody @Valid final TbVmsIfscDto.TbVmsIfscUpdReq req) {
-        log.error("mergeInfo: {}", req);
         return this.service.mergeInfo(req);
     }
 

src/main/java/com/its/op/dto/its/cctv/TbCctvCtlrDto.java

@@ -7,6 +7,7 @@ import io.swagger.annotations.ApiModelProperty;
 import lombok.*;
 
 import javax.validation.constraints.Pattern;
+import javax.validation.constraints.Positive;
 import javax.validation.constraints.PositiveOrZero;
 import javax.validation.constraints.Size;
 import java.io.Serializable;
@@ -210,32 +211,38 @@ public class TbCctvCtlrDto implements Serializable {
 
         @ApiModelProperty("CCTV 자막기 아이피, Nullable = Y, VARCHAR(20)")  // Y VARCHAR(20)
         @JsonProperty("cctv_capt_ip")
-        @Size(min=1, max=20)
+        //@Size(min=1, max=20)
+        @Size(max=20)
         private String cctvCaptIp;
 
         @ApiModelProperty("CCTV 자막기 포트, Nullable = Y, VARCHAR(5)")  // Y VARCHAR(5)
         @JsonProperty("cctv_capt_port")
-        @Size(min=1, max=5)
+        //@Size(min=1, max=5)
+        @Size(max=5)
         private String cctvCaptPort;
 
         @ApiModelProperty("CCTV 광장비 아이피, Nullable = Y, VARCHAR(20)")  // Y VARCHAR(20)
         @JsonProperty("cctv_fibr_ip")
-        @Size(min=1, max=20)
+        //@Size(min=1, max=20)
+        @Size(max=20)
         private String cctvFibrIp;
 
         @ApiModelProperty("CCTV 인코더 아이피, Nullable = Y, VARCHAR(20)")  // Y VARCHAR(20)
         @JsonProperty("cctv_encd_ip")
-        @Size(min=1, max=20)
+        //@Size(min=1, max=20)
+        @Size(max=20)
         private String cctvEncdIp;
 
         @ApiModelProperty("스트리밍 서버 아이피, Nullable = Y, VARCHAR(20)")  // Y VARCHAR(20)
         @JsonProperty("strm_svr_ip")
-        @Size(min=1, max=20)
+        //@Size(min=1, max=20)
+        @Size(max=20)
         private String strmSvrIp;
 
         @ApiModelProperty("스트리밍 서버 포트, Nullable = Y, VARCHAR(5)")  // Y VARCHAR(5)
         @JsonProperty("strm_svr_port")
-        @Size(min=1, max=5)
+        //@Size(min=1, max=5)
+        @Size(max=5)
         private String strmSvrPort;
 
         @ApiModelProperty("스트리밍 세션 명, Nullable = Y, VARCHAR(200)")  // Y VARCHAR(200)
@@ -245,10 +252,12 @@ public class TbCctvCtlrDto implements Serializable {
 
         @ApiModelProperty("X 좌표, , NUMBER(11,8)")  // Y NUMBER(11,8)
         @JsonProperty("x_crdn")
+        @Positive
         private Double xCrdn;
 
         @ApiModelProperty("Y 좌표, , NUMBER(10,8)")  // Y NUMBER(10,8)
         @JsonProperty("y_crdn")
+        @Positive
         private Double yCrdn;
 
         @ApiModelProperty("설치 위치 명, Nullable = Y, VARCHAR(40)")  // Y VARCHAR(40)
@@ -274,52 +283,60 @@ public class TbCctvCtlrDto implements Serializable {
 
         @ApiModelProperty("최초 등록자 번호, Nullable = Y, VARCHAR(20)")  // Y VARCHAR(20)
         @JsonProperty("frst_regr_nmbr")
-        @Size(min=1, max=20)
+        //@Size(min=1, max=20)
+        @Size(max=20)
         private String frstRegrNmbr;
 
         @ApiModelProperty("최초 등록 일시, Nullable = Y, VARCHAR(14)")  // Y VARCHAR(14)
         @JsonProperty("frst_rgst_dt")
-        @Size(min=1, max=14)
+        //@Size(min=1, max=14)
+        @Size(max=14)
         private String frstRgstDt;
 
         @ApiModelProperty("최종 수정자 번호, Nullable = Y, VARCHAR(20)")  // Y VARCHAR(20)
         @JsonProperty("last_crpr_nmbr")
-        @Size(min=1, max=20)
+        //@Size(min=1, max=20)
+        @Size(max=20)
         private String lastCrprNmbr;
 
         @ApiModelProperty("최종 수정 일시, Nullable = Y, VARCHAR(14)")  // Y VARCHAR(14)
         @JsonProperty("last_crct_dt")
-        @Size(min=1, max=14)
+        //@Size(min=1, max=14)
+        @Size(max=14)
         private String lastCrctDt;
 
         @ApiModelProperty("링크ID, Nullable = Y, NUMBER(10)")  // Y NUMBER(10)
         @JsonProperty("link_id")
-        @PositiveOrZero
+        //@PositiveOrZero
         private Long linkId;
 
         @ApiModelProperty("노드ID, Nullable = Y, NUMBER(10)")  // Y NUMBER(10)
         @JsonProperty("node_id")
-        @PositiveOrZero
+        //@PositiveOrZero
         private Long nodeId;
 
         @ApiModelProperty("공단 CCTV ID, Nullable = Y, VARCHAR(10)")  // Y VARCHAR(10)
         @JsonProperty("cctv_id")
-        @Size(min=1, max=10)
+        //@Size(min=1, max=10)
+        @Size(max=10)
         private String cctvId;
 
         @ApiModelProperty("연계 포트, Nullable = Y, VARCHAR(5)")  // Y VARCHAR(5)
         @JsonProperty("rely_port")
-        @Size(min=1, max=5)
+        //@Size(min=1, max=5)
+        @Size(max=5)
         private String relyPort;
 
         @ApiModelProperty("스트리밍 RTSP 주소, Nullable = Y, VARCHAR(200)")  // Y VARCHAR(200)
         @JsonProperty("strm_rtsp_addr")
-        @Size(min=1, max=200)
+        //@Size(min=1, max=200)
+        @Size(max=200)
         private String strmRtspAddr;
 
         @ApiModelProperty("스트리밍 RTMP 주소, Nullable = Y, VARCHAR(200)")  // Y VARCHAR(200)
         @JsonProperty("strm_rtmp_addr")
-        @Size(min=1, max=200)
+        //@Size(min=1, max=200)
+        @Size(max=200)
         private String strmRtmpAddr;
 
         @ApiModelProperty("스트리밍 HTTP 주소, Nullable = Y, VARCHAR(200)")  // Y VARCHAR(200)
@@ -329,12 +346,14 @@ public class TbCctvCtlrDto implements Serializable {
 
         @ApiModelProperty("스트리밍 저장 주소, Nullable = Y, VARCHAR(200)")  // Y VARCHAR(200)
         @JsonProperty("strm_stor_addr")
-        @Size(min=1, max=200)
+        //@Size(min=1, max=200)
+        @Size(max=200)
         private String strmStorAddr;
 
         @ApiModelProperty("지역 코드, Nullable = Y, VARCHAR(7)")  // Y VARCHAR(7)
         @JsonProperty("area_cd")
-        @Size(min=1, max=7)
+        //@Size(min=1, max=7)
+        @Size(max=7)
         private String areaCd;
 
         @ApiModelProperty("CCTV 유형(1:제노시스,2:프로브디지터,3:영국전자), Nullable = Y, VARCHAR(10)")  // Y VARCHAR(10)
@@ -359,7 +378,8 @@ public class TbCctvCtlrDto implements Serializable {
 
         @ApiModelProperty("내부 RTMP 주소, Nullable = Y, VARCHAR(200)")  // Y VARCHAR(200)
         @JsonProperty("intr_rtmp_addr")
-        @Size(min=1, max=200)
+        //@Size(min=1, max=200)
+        @Size(max=200)
         private String intrRtmpAddr;
 
         @ApiModelProperty("운영자 제어 여부, Nullable = Y, CHAR(1)")  // Y CHAR(1)

src/main/java/com/its/op/dto/its/database/TbCnctIntnDto.java

@@ -8,7 +8,7 @@ import io.swagger.annotations.ApiModelProperty;
 import lombok.*;
 
 import javax.validation.constraints.Pattern;
-import javax.validation.constraints.PositiveOrZero;
+import javax.validation.constraints.Positive;
 import javax.validation.constraints.Size;
 import java.io.Serializable;
 
@@ -63,7 +63,7 @@ public class TbCnctIntnDto implements Serializable {
 
         @ApiModelProperty("연계 기관 관리 번호, Nullable = N, NUMBER(10)")  // N NUMBER(10)
         @JsonProperty("cnct_intn_mngm_nmbr")
-        @PositiveOrZero
+        @Positive
         private Long cnctIntnMngmNmbr;
 
         @ApiModelProperty("연계 기관 명, Nullable = Y, VARCHAR(50)")  // Y VARCHAR(50)
@@ -88,7 +88,8 @@ public class TbCnctIntnDto implements Serializable {
 
         @ApiModelProperty("비고, Nullable = Y, VARCHAR(600)")  // Y VARCHAR(600)
         @JsonProperty("rmrk")
-        @Size(min=1, max=600)
+        //@Size(min=1, max=600)
+        @Size(max=600)
         private String rmrk;
 
         @ApiModelProperty("삭제 여부, Nullable = Y, CHAR(1)")  // Y CHAR(1)

src/main/java/com/its/op/dto/its/database/TbLeglHldyInfrDto.java

@@ -64,7 +64,8 @@ public class TbLeglHldyInfrDto implements Serializable {
 
         @ApiModelProperty("비고, Nullable = Y, VARCHAR(200)")  // Y VARCHAR(200)
         @JsonProperty("rmrk")
-        @Size(min=1, max=200)
+        //@Size(min=1, max=200)
+        @Size(max=200)
         private String rmrk;
 
         @Builder

src/main/java/com/its/op/dto/its/facility/TbFcltCmpyDto.java

@@ -105,7 +105,8 @@ public class TbFcltCmpyDto implements Serializable {
 
         @ApiModelProperty("사업자 등록 번호, Nullable = Y, VARCHAR(30)")  // Y VARCHAR(30)
         @JsonProperty("brno")
-        @Size(min=1, max=30)
+        //@Size(min=1, max=30)
+        @Size(max=30)
         private String brno;
 
         @ApiModelProperty("주소, Nullable = Y, VARCHAR(200)")  // Y VARCHAR(200)
@@ -120,7 +121,8 @@ public class TbFcltCmpyDto implements Serializable {
 
         @ApiModelProperty("팩스 번호, Nullable = Y, VARCHAR(128)")  // Y VARCHAR(128)
         @JsonProperty("fcsm_nmbr")
-        @Size(min=1, max=128)
+        //@Size(min=1, max=128)
+        @Size(max=128)
         private String fcsmNmbr;
 
         @ApiModelProperty("대표자 명, Nullable = Y, VARCHAR(30)")  // Y VARCHAR(30)

src/main/java/com/its/op/dto/its/facility/TbFcltInfrDto.java

@@ -149,18 +149,20 @@ public class TbFcltInfrDto implements Serializable {
 
         @ApiModelProperty("설치 위치 주소, Nullable = Y, VARCHAR(200)")  // Y VARCHAR(200)
         @JsonProperty("istl_lctn_addr")
-        @Size(min=0, max=200)
+        //@Size(min=1, max=200)
+        @Size(max=200)
         private String istlLctnAddr;
 
         @ApiModelProperty("자산 유무, Nullable = Y, CHAR(1)")  // Y CHAR(1)
         @JsonProperty("rsce_yn")
-        @Size(min=0, max=1)
+        @Size(min=1, max=1)
         @Pattern(regexp = "[YN]")
         private String rsceYn;
 
         @ApiModelProperty("모델 명, Nullable = Y, VARCHAR(30)")  // Y VARCHAR(30)
         @JsonProperty("mdl_nm")
-        @Size(min=0, max=30)
+        //@Size(min=1, max=30)
+        @Size(max=30)
         private String mdlNm;
 
         @ApiModelProperty("사용 년수, Nullable = Y, NUMBER(3)")  // Y NUMBER(3)
@@ -170,57 +172,68 @@ public class TbFcltInfrDto implements Serializable {
 
         @ApiModelProperty("입고 일시, Nullable = Y, VARCHAR(14)")  // Y VARCHAR(14)
         @JsonProperty("inwr_dt")
-        @Size(min=0, max=14)
+        //@Size(min=1, max=14)
+        @Size(max=14)
         private String inwrDt;
 
         @ApiModelProperty("출고 일시, Nullable = Y, VARCHAR(14)")  // Y VARCHAR(14)
         @JsonProperty("otwr_dt")
-        @Size(min=0, max=14)
+        //@Size(min=1, max=14)
+        @Size(max=14)
         private String otwrDt;
 
         @ApiModelProperty("설치 일시, Nullable = Y, VARCHAR(14)")  // Y VARCHAR(14)
         @JsonProperty("istl_dt")
-        @Size(min=0, max=14)
+        //@Size(min=1, max=14)
+        @Size(max=14)
         private String istlDt;
 
         @ApiModelProperty("반출 일시, Nullable = Y, VARCHAR(14)")  // Y VARCHAR(14)
         @JsonProperty("takt_dt")
-        @Size(min=0, max=14)
+        //@Size(min=1, max=14)
+        @Size(max=14)
         private String taktDt;
 
         @ApiModelProperty("반출 사유, Nullable = Y, VARCHAR(100)")  // Y VARCHAR(100)
         @JsonProperty("takt_resn")
-        @Size(min=0, max=100)
+        //@Size(min=1, max=100)
+        @Size(max=100)
         private String taktResn;
 
         @ApiModelProperty("반입 일시, Nullable = Y, VARCHAR(14)")  // Y VARCHAR(14)
         @JsonProperty("takn_dt")
-        @Size(min=0, max=14)
+        //@Size(min=1, max=14)
+        @Size(max=14)
         private String taknDt;
 
         @ApiModelProperty("폐기 일시, Nullable = Y, VARCHAR(14)")  // Y VARCHAR(14)
         @JsonProperty("abdn_dt")
-        @Size(min=0, max=14)
+        //@Size(min=1, max=14)
+        @Size(max=14)
         private String abdnDt;
 
         @ApiModelProperty("추가자 명, Nullable = Y, VARCHAR(30)")  // Y VARCHAR(30)
         @JsonProperty("adtn_nm")
-        @Size(min=0, max=30)
+        //@Size(min=1, max=30)
+        @Size(max=30)
         private String adtnNm;
 
         @ApiModelProperty("추가 일시, Nullable = Y, VARCHAR(14)")  // Y VARCHAR(14)
         @JsonProperty("adtn_dt")
-        @Size(min=0, max=14)
+        //@Size(min=1, max=14)
+        @Size(max=14)
         private String adtnDt;
 
         @ApiModelProperty("변경자 명, Nullable = Y, VARCHAR(30)")  // Y VARCHAR(30)
         @JsonProperty("chng_nm")
-        @Size(min=0, max=30)
+        //@Size(min=1, max=30)
+        @Size(max=30)
         private String chngNm;
 
         @ApiModelProperty("변경 일시, Nullable = Y, VARCHAR(14)")  // Y VARCHAR(14)
         @JsonProperty("chng_dt")
-        @Size(min=0, max=14)
+        //@Size(min=1, max=14)
+        @Size(max=14)
         private String chngDt;
 
         @ApiModelProperty("금액, Nullable = Y, NUMBER(15)")  // Y NUMBER(15)
@@ -236,17 +249,20 @@ public class TbFcltInfrDto implements Serializable {
 
         @ApiModelProperty("설치 업체 ID, Nullable = Y, VARCHAR(30)")  // Y VARCHAR(30)
         @JsonProperty("istl_cmpy_id")
-        @Size(min=0, max=30)
+        //@Size(min=1, max=30)
+        @Size(max=30)
         private String istlCmpyId;
 
         @ApiModelProperty("제조 업체 ID, Nullable = Y, VARCHAR(30)")  // Y VARCHAR(30)
         @JsonProperty("mnfc_cmpy_id")
-        @Size(min=0, max=30)
+        //@Size(min=1, max=30)
+        @Size(max=30)
         private String mnfcCmpyId;
 
         @ApiModelProperty("RFID ID, Nullable = Y, VARCHAR(30)")  // Y VARCHAR(30)
         @JsonProperty("rfid_id")
-        @Size(min=0, max=30)
+        //@Size(min=1, max=30)
+        @Size(max=30)
         private String rfidId;
 
         @Builder

src/main/java/com/its/op/dto/its/incident/TbIncdOcrrDto.java

@@ -7,6 +7,7 @@ import io.swagger.annotations.ApiModelProperty;
 import lombok.*;
 
 import javax.validation.constraints.Pattern;
+import javax.validation.constraints.Positive;
 import javax.validation.constraints.PositiveOrZero;
 import javax.validation.constraints.Size;
 import java.io.Serializable;
@@ -278,10 +279,12 @@ public class TbIncdOcrrDto implements Serializable {
 
         @ApiModelProperty("X 좌표, , NUMBER(11,8)")  // Y NUMBER(11,8)
         @JsonProperty("x_crdn")
+        @Positive
         private Double xCrdn;
 
         @ApiModelProperty("Y 좌표, , NUMBER(10,8)")  // Y NUMBER(10,8)
         @JsonProperty("y_crdn")
+        @Positive
         private Double yCrdn;
 
         @ApiModelProperty("돌발상황 설명, Nullable = Y, VARCHAR(600)")  // Y VARCHAR(600)
@@ -296,7 +299,8 @@ public class TbIncdOcrrDto implements Serializable {
 
         @ApiModelProperty("제보자 명, Nullable = Y, VARCHAR(20)")  // Y VARCHAR(20)
         @JsonProperty("ifmr_nm")
-        @Size(min=1, max=20)
+        //@Size(min=1, max=20)
+        @Size(max=20)
         private String ifmrNm;
 
         @ApiModelProperty("돌발상황 확인 방법 코드, Nullable = Y, VARCHAR(7)")  // Y VARCHAR(7)
@@ -410,7 +414,8 @@ public class TbIncdOcrrDto implements Serializable {
 
         @ApiModelProperty("기상 코드, Nullable = Y, VARCHAR(7)")  // Y VARCHAR(7)
         @JsonProperty("wthr_cd")
-        @Size(min=1, max=7)
+        //@Size(min=1, max=7)
+        @Size(max=7)
         private String wthrCd;
 
         @ApiModelProperty("대응 수준 코드, Nullable = Y, VARCHAR(7)")  // Y VARCHAR(7)
@@ -441,7 +446,8 @@ public class TbIncdOcrrDto implements Serializable {
 
         @ApiModelProperty("출동 장비 내용, Nullable = Y, VARCHAR(400)")  // Y VARCHAR(400)
         @JsonProperty("mblz_eqpm_cont")
-        @Size(min=1, max=400)
+        //@Size(min=1, max=400)
+        @Size(max=400)
         private String mblzEqpmCont;
 
         @ApiModelProperty("출동 인원수, Nullable = Y, NUMBER(5)")  // Y NUMBER(5)
@@ -451,7 +457,8 @@ public class TbIncdOcrrDto implements Serializable {
 
         @ApiModelProperty("복구 내용, Nullable = Y, VARCHAR(400)")  // Y VARCHAR(400)
         @JsonProperty("recr_cont")
-        @Size(min=1, max=400)
+        //@Size(min=1, max=400)
+        @Size(max=400)
         private String recrCont;
 
         @ApiModelProperty("복구 기간, Nullable = Y, NUMBER(5)")  // Y NUMBER(5)

src/main/java/com/its/op/dto/its/node/TbNodeDto.java

@@ -6,6 +6,7 @@ import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.*;
 
+import javax.validation.constraints.Positive;
 import javax.validation.constraints.PositiveOrZero;
 import javax.validation.constraints.Size;
 import java.io.Serializable;
@@ -90,13 +91,14 @@ public class TbNodeDto implements Serializable {
 
         @ApiModelProperty("X 좌표, , NUMBER(11,8)")  // Y NUMBER(11,8)
         @JsonProperty("x_crdn")
+        @Positive
         private Double xCrdn;
 
         @ApiModelProperty("Y 좌표, , NUMBER(10,8)")  // Y NUMBER(10,8)
         @JsonProperty("y_crdn")
+        @Positive
         private Double yCrdn;
 
-
         @Builder
         public TbNodeUpdReq(Long node_id, String node_type, String node_name, String turn_p, String rmrk, Double x_crdn, Double y_crdn) {
             this.nodeId = node_id;

src/main/java/com/its/op/dto/its/oper/TbUserGropInfrDto.java

@@ -15,7 +15,7 @@ import java.io.Serializable;
  */
 @Data
 @Builder
-@ApiModel("TbUsergropInfrDto(사용자그룹정보)")
+@ApiModel("TbUserGropInfrDto(사용자그룹정보)")
 public class TbUserGropInfrDto implements Serializable {
     private static final long serialVersionUID = 1L;
 
@@ -40,7 +40,7 @@ public class TbUserGropInfrDto implements Serializable {
     @JsonProperty("grop_desc")
     private String gropDesc;
 
-    @ApiModel("TbUsergropInfrUpdReq(사용자그룹정보 정보변경)")
+    @ApiModel("TbUserGropInfrUpdReq(사용자그룹정보 정보변경)")
     @Getter
     @Setter
     @ToString
@@ -59,7 +59,8 @@ public class TbUserGropInfrDto implements Serializable {
 
         @ApiModelProperty("설명, Nullable = Y, VARCHAR(100)")  // Y VARCHAR(100)
         @JsonProperty("expl")
-        @Size(min=1, max=100)
+        //@Size(min=1, max=100)
+        @Size(max=100)
         private String expl;
 
         @ApiModelProperty("삭제 여부, Nullable = Y, CHAR(1)")  // Y CHAR(1)

src/main/java/com/its/op/dto/its/oper/TbUserInfrDto.java

@@ -109,17 +109,20 @@ public class TbUserInfrDto implements Serializable {
 
         @ApiModelProperty("회사, Nullable = Y, VARCHAR(50)")  // Y VARCHAR(50)
         @JsonProperty("comp")
-        @Size(min=1, max=50)
+        //@Size(min=1, max=50)
+        @Size(max=50)
         private String comp;
 
         @ApiModelProperty("전화번호, Nullable = Y, VARCHAR(128)")  // Y VARCHAR(128)
         @JsonProperty("tel")
-        @Size(min=1, max=128)
+        //@Size(min=1, max=128)
+        @Size(max=128)
         private String tel;
 
         @ApiModelProperty("주소, Nullable = Y, VARCHAR(200)")  // Y VARCHAR(200)
         @JsonProperty("addr")
-        @Size(min=1, max=200)
+        //@Size(min=1, max=200)
+        @Size(max=200)
         private String addr;
 
         @ApiModelProperty("이동전화, Nullable = Y, VARCHAR(128)")  // Y VARCHAR(128)
@@ -140,22 +143,26 @@ public class TbUserInfrDto implements Serializable {
 
         @ApiModelProperty("등록일자, Nullable = Y, VARCHAR(14)")  // Y VARCHAR(14)
         @JsonProperty("rgstymd")
-        @Size(min=1, max=14)
+        //@Size(min=1, max=14)
+        @Size(max=14)
         private String rgstymd;
 
         @ApiModelProperty("수정일자, Nullable = Y, VARCHAR(14)")  // Y VARCHAR(14)
         @JsonProperty("crctymd")
-        @Size(min=1, max=14)
+        //@Size(min=1, max=14)
+        @Size(max=14)
         private String crctymd;
 
         @ApiModelProperty("힌트질문, Nullable = Y, VARCHAR(7)")  // Y VARCHAR(7)
         @JsonProperty("hint_ques")
-        @Size(min=1, max=7)
+        //@Size(min=1, max=7)
+        @Size(max=7)
         private String hintQues;
 
         @ApiModelProperty("힌트질문답, Nullable = Y, VARCHAR(100)")  // Y VARCHAR(100)
         @JsonProperty("hint_ans")
-        @Size(min=1, max=100)
+        //@Size(min=1, max=100)
+        @Size(max=100)
         private String hintAns;
 
         @ApiModelProperty("그룹ID, Nullable = Y, VARCHAR(30)")  // Y VARCHAR(30)

src/main/java/com/its/op/dto/its/parking/ParkingLotDto.java

@@ -75,7 +75,7 @@ public class ParkingLotDto implements Serializable {
     private String eAddress;
 
     // Code Description Field
-    @ApiModel("ParkinglotUpdReq(주차장 정보변경)")
+    @ApiModel("ParkingLotUpdReq(주차장 정보변경)")
     @Getter
     @Setter
     @ToString
@@ -137,17 +137,20 @@ public class ParkingLotDto implements Serializable {
 
         @ApiModelProperty("영문명, Nullable = Y, VARCHAR(30)")  // Y VARCHAR(30)
         @JsonProperty("parkingename")
-        @Size(min=1, max=30)
+        //@Size(min=1, max=30)
+        @Size(max=30)
         private String parkingEName;
 
         @ApiModelProperty("영문위치, Nullable = Y, VARCHAR(128)")  // Y VARCHAR(128)
         @JsonProperty("elocation")
-        @Size(min=1, max=128)
+        //@Size(min=1, max=128)
+        @Size(max=128)
         private String eLocation;
 
         @ApiModelProperty("영문주소, Nullable = Y, VARCHAR(100)")  // Y VARCHAR(100)
         @JsonProperty("eaddress")
-        @Size(min=1, max=100)
+        //@Size(min=1, max=100)
+        @Size(max=100)
         private String eAddress;
 
         @Builder

src/main/java/com/its/op/dto/its/unit/TbUnitSystDto.java

@@ -82,7 +82,8 @@ public class TbUnitSystDto implements Serializable {
 
         @ApiModelProperty("시스템 유형, Nullable = Y, VARCHAR(7)")  // Y VARCHAR(7)
         @JsonProperty("syst_type")
-        @Size(min=1, max=7)
+        //@Size(min=1, max=7)
+        @Size(max=7)
         private String systType;
 
         @ApiModelProperty("시스템 번호, Nullable = Y, NUMBER(3)")  // Y NUMBER(3)
@@ -102,7 +103,8 @@ public class TbUnitSystDto implements Serializable {
 
         @ApiModelProperty("시스템 IP_2, Nullable = Y, VARCHAR(20)")  // Y VARCHAR(20)
         @JsonProperty("syst_ip_2")
-        @Size(min=1, max=20)
+        //@Size(min=1, max=20)
+        @Size(max=20)
         private String systIp2;
 
         @ApiModelProperty("프로그램 포트, Nullable = Y, VARCHAR(5)")  // Y VARCHAR(5)

src/main/java/com/its/op/dto/its/vds/TbVdsCtlrDto.java

@@ -7,6 +7,7 @@ import io.swagger.annotations.ApiModelProperty;
 import lombok.*;
 
 import javax.validation.constraints.Pattern;
+import javax.validation.constraints.Positive;
 import javax.validation.constraints.PositiveOrZero;
 import javax.validation.constraints.Size;
 import java.io.Serializable;
@@ -111,10 +112,12 @@ public class TbVdsCtlrDto implements Serializable {
 
         @ApiModelProperty("X 좌표, , NUMBER(11,8)")  // Y NUMBER(11,8)
         @JsonProperty("x_crdn")
+        @Positive
         private Double xCrdn;
 
         @ApiModelProperty("Y 좌표, , NUMBER(10,8)")  // Y NUMBER(10,8)
         @JsonProperty("y_crdn")
+        @Positive
         private Double yCrdn;
 
         @ApiModelProperty("위치, Nullable = Y, VARCHAR(100)")  // Y VARCHAR(100)

src/main/java/com/its/op/dto/its/vms/TbVmsCmtrInfrDto.java

@@ -15,7 +15,7 @@ import java.io.Serializable;
  */
 @Data
 @Builder
-@ApiModel("TbVmsCmtrinfrDto(VMS_소통정보)")
+@ApiModel("TbVmsCmtrInfrDto(VMS_소통정보)")
 public class TbVmsCmtrInfrDto implements Serializable {
     private static final long serialVersionUID = 1L;
 
@@ -56,7 +56,7 @@ public class TbVmsCmtrInfrDto implements Serializable {
     @JsonProperty("cmtr_grad_desc")    // CMTR_GRAD_CD
     private String cmtrGradDesc;
 
-    @ApiModel("TbVmsCmtrinfrUpdReq(VMS_소통정보 정보변경)")
+    @ApiModel("TbVmsCmtrInfrUpdReq(VMS_소통정보 정보변경)")
     @Getter
     @Setter
     @ToString
@@ -70,7 +70,8 @@ public class TbVmsCmtrInfrDto implements Serializable {
 
         @ApiModelProperty("등록 일시, Nullable = Y, VARCHAR(14)")  // Y VARCHAR(14)
         @JsonProperty("rgst_dt")
-        @Size(min=1, max=14)
+        //@Size(min=1, max=14)
+        @Size(max=14)
         private String rgstDt;
 
         @ApiModelProperty("속도, Nullable = Y, NUMBER(3)")  // Y NUMBER(3)

src/main/java/com/its/op/security/WebController.java

@@ -20,11 +20,6 @@ public class WebController {
     private final String wallContext = "forward:/application/wall";
     private final String fcltContext = "forward:/application/facility";
 
-//    @RequestMapping({"", "/", "/index.do"})
-//    public ModelAndView index(HttpServletRequest request, HttpServletResponse response) {
-//        return new ModelAndView(this.operContext + "/index.html");
-//    }
-
     /**
      * 로그인 화면 리다이렉션
      * @param request

src/main/java/com/its/op/security/WebLoginSuccessHandler.java

@@ -33,12 +33,10 @@ public class WebLoginSuccessHandler implements AuthenticationSuccessHandler {
 
         // IP, 세션 ID
         WebAuthenticationDetails details = (WebAuthenticationDetails)authentication.getDetails();
-        log.info("Remote  IP: {}", details.getRemoteAddress());
-        log.info("Session ID: {}", details.getSessionId());
 
         // 인증 ID
         String userId = authentication.getName();
-        log.info("User ID: {}", userId);
+        log.info("Remote-IP/Session-ID/User-ID: {}/{}/{}", details.getRemoteAddress(), details.getSessionId(), userId);
 
         // 권한 리스트
         List<GrantedAuthority> authList = new ArrayList<>(authentication.getAuthorities());
@@ -46,11 +44,6 @@ public class WebLoginSuccessHandler implements AuthenticationSuccessHandler {
             log.info("Roll: {}", auth.getAuthority());
         }
 
-        ////////////////////////////////////////////////////////////////////////////////////////////////////////////////
-//        HttpSession session = request.getSession();
-//        if (session != null) {
-//        }
-
         UserInfrVo userInfr = (UserInfrVo)authentication.getPrincipal();
         String remoteIp = ItsUtils.getHttpServletRemoteIP(request);
         log.info("UserLogin: {}, {}", userInfr.getUserId(), remoteIp);

src/main/java/com/its/op/security/WebMvcConfig.java

@@ -1,15 +1,9 @@
 package com.its.op.security;
 
 import com.its.op.security.interceptor.ApiInterceptor;
-import com.its.op.security.interceptor.LoggerInterceptor;
-import com.its.op.security.interceptor.SessionTimerInterceptor;
-import com.its.op.security.interceptor.UserInterceptor;
 import lombok.AllArgsConstructor;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.servlet.config.annotation.CorsRegistry;
-import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
-import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.servlet.config.annotation.*;
 
 @AllArgsConstructor
 @Configuration
@@ -24,9 +18,9 @@ public class WebMvcConfig implements WebMvcConfigurer {
      */
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
-        registry.addInterceptor(new SessionTimerInterceptor());
-        registry.addInterceptor(new LoggerInterceptor());
-        registry.addInterceptor(new UserInterceptor());
+//        registry.addInterceptor(new SessionTimerInterceptor());
+//        registry.addInterceptor(new LoggerInterceptor());
+//        registry.addInterceptor(new UserInterceptor());
 
         registry.addInterceptor(new ApiInterceptor())
                 .addPathPatterns("/api/**")                         // API Controller interceptors
@@ -36,19 +30,25 @@ public class WebMvcConfig implements WebMvcConfigurer {
 
     @Override
     public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**")
-                //.allowCredentials(true)
+        registry.addMapping("/**")                  // 프로그램에서 제공하는 URL
+                //.allowCredentials(true)                         // 쿠키 요청을 허용한다(다른 도메인 서버에 인증하는 경우에만 사용해야하며, true 설정시 보안상 이슈가 발생할 수 있다)
                 //.allowedOriginPatterns("*")
                 .allowedOrigins("*")                            // 허용할 Origin(요청 url) : "*" 의 경우 모두 허용
+//                .allowedHeaders("*")                            // 어떤 헤더들을 허용할 것인지
                 .allowedMethods("GET", "POST", "PUT", "DELETE") // 허용할 request http METHOD : POST, GET, DELETE, PUT
+                //.exposedHeaders("authorization")                // authorization 헤더를 넘기 위해 exposedHeaders 조건을 추가했다.
                 .maxAge(3600)                                   // 브라우저 캐시 시간(단위: 초) : "3600" 이면 최소 1시간 안에는 서버로 재요청 되지 않음
         ;
+
+        // 스프링 부트에서 CORS 설정 시, .allowCredentials(true) 와 .allowedOrigins("*") 를 동시에 사용할 수 없도록 업데이트 되었음.
+        // .allowedOrigins("*") ==> .allowedOriginPatterns("*") 로 변경하여 해결...
     }
 
-//    @Override
-//    public void addViewControllers(ViewControllerRegistry registry) {
-//        //registry.addRedirectViewController("/", "/api/auth/login.do");
-//    }
+    @Override
+    public void addViewControllers(ViewControllerRegistry registry) {
+        //registry.addRedirectViewController("/api/auth/login.do", "/application/login/login.html");
+        //registry.addViewController("/api/auth/login.do").setViewName("/application/login/login.html");
+    }
 
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {

src/main/java/com/its/op/security/WebSecurityConfig.java

@@ -1,5 +1,6 @@
 package com.its.op.security;
 
+import com.its.op.security.interceptor.UserLogoutHandler;
 import lombok.RequiredArgsConstructor;
 import org.springframework.boot.web.servlet.ServletListenerRegistrationBean;
 import org.springframework.context.annotation.Bean;
@@ -17,6 +18,10 @@ import org.springframework.security.core.session.SessionRegistryImpl;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.session.HttpSessionEventPublisher;
 
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
 @Configuration
 @EnableWebSecurity
 @RequiredArgsConstructor
@@ -38,6 +43,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
+
+        // URL 권한 설정
+        //setAntMatchers(http, "ROLE_");
+
         http.csrf()
                 .disable()
         ;  // REST API 호출 유효하게(POST...)
@@ -62,6 +71,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                 .and()
             .formLogin()
                 .loginPage("/application/login/login.html")
+                //.loginProcessingUrl("/api/auth/login.do")
                 .loginProcessingUrl("/api/auth/login.do")
                 .defaultSuccessUrl("/application/op/00.main/main.html", true)
                 .usernameParameter("username")
@@ -71,24 +81,27 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                 .permitAll()
                 .and()
             .logout()
+                //.logoutUrl("/api/auth/logout.do")
+                //.logoutRequestMatcher(new AntPathRequestMatcher("/api/auth/logout.do"))
+                .addLogoutHandler(new UserLogoutHandler()).permitAll()
+                .logoutSuccessUrl("/application/login/login.html").permitAll()
                 .invalidateHttpSession(true)
                 .deleteCookies("JSESSIONID")
                 .deleteCookies(WebMvcConfig.USER_UUID)
                 .deleteCookies(WebMvcConfig.USER_TIME)
-                .logoutSuccessUrl("/api/auth/login.do").permitAll()
                 .and()
             .sessionManagement()
                 .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)   // 스프링 시큐리티가 필요 시 생성 (default)
                 // 인증에 성공할 때 마다 세션 ID나 세션을 변경해서 발급해줌으로써
                 // 세션을 중간에서 가로채더라도 해당 세션이 유효하지 않게 하는 기능
-                .invalidSessionUrl("/api/auth/login.do")    // 세션이 유효하지 않을 경우 이동 할 페이지
+                .invalidSessionUrl("/application/login/login.html")    // 세션이 유효하지 않을 경우 이동 할 페이지
                 .sessionFixation().changeSessionId()        // changeSessionId : 새로운 세션 ID를 발급해서 전달(default)
                                                             // none            : 아무 동작 안함
                                                             // migrateSession  : 새로운 세션을 생성해서 전달 (속성값 유지)
                                                             // newSession      : 새로운 세션 전달 (속성값 유지 안됨)
                 .maximumSessions(20)                        // 최대 허용 가능 세션 수, -1인 경우 무제한 세션 허용
                 .maxSessionsPreventsLogin(true)             // 동시 로그인 차단, false 인 경우 기존 세션 만료(default)
-                .expiredUrl("/api/auth/logout.do")          // 세션이 만료된 경우 이동 할 페이지
+                .expiredUrl("/application/login/login.html")          // 세션이 만료된 경우 이동 할 페이지
                 .sessionRegistry(sessionRegistry())
 //                .and()
 //            .exceptionHandling()
@@ -150,4 +163,37 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     public static ServletListenerRegistrationBean httpSessionEventPublisher() {
         return new ServletListenerRegistrationBean(new HttpSessionEventPublisher());
     }
+
+    protected List<Map<String, Object>> getAuthReq() {
+        Map<String, Object> roll = new HashMap<>();
+//        roll.put("id", "id");
+//        roll.put("url", "url");
+//        roll.put("hasAuthority", "auth");
+//        roll.put("date", "date");
+        return (List<Map<String, Object>>) roll;
+    }
+    protected void setAntMatchers(HttpSecurity http, String rolePrefix) throws Exception {
+        List<Map<String, Object>> list = getAuthReq();
+        System.out.println(list);
+        for(Map<String, Object> m : list) {
+            // 쉼표(,)로 구분된 권한 정보를 분리 후 배열로 저장
+            String[] roles = m.get("hasAuthority").toString().split(",");
+            // 권한 앞에 접두사(rolePrefix) 붙임
+            for(int ii = 0; ii < roles.length; ii++) {
+                roles[ii] = rolePrefix + roles[ii].toUpperCase();
+            }
+
+            String url = m.get("url").toString();
+            if(url.charAt(0) != '/') {
+                url = "/" + url;
+            }
+            // url, 권한 정보를 넣는다.
+            http.authorizeRequests()
+                    .antMatchers(url)
+                    .hasAnyAuthority(roles);
+        }
+        http.authorizeRequests()
+                .antMatchers("/**").permitAll()
+                .anyRequest().authenticated();
+    }
 }

src/main/java/com/its/op/security/interceptor/ApiInterceptor.java

@@ -18,7 +18,7 @@ public class ApiInterceptor implements HandlerInterceptor {
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
         // @CookieValue 를 컨트롤러에 추가해야함. (..., @CookieValue(value = "REMEMBER", required = false) Cookie rCookie)
-        log.info("START: Request URI: {}", request.getRequestURI());
+//        log.info("START: Request URI: {}", request.getRequestURI());
 
         HttpSession session = request.getSession(false);
         if (session == null) {
@@ -34,7 +34,7 @@ public class ApiInterceptor implements HandlerInterceptor {
             if (!"".equals(encUserId)) {
                 userId = WebMvcConfig.decUserId(encUserId);
             }
-            log.info("Session: {}", userId);
+//            log.info("Session: {}", userId);
         }
 
         return true;

src/main/java/com/its/op/security/interceptor/LoggerInterceptor.java

@@ -18,7 +18,7 @@ public class LoggerInterceptor implements HandlerInterceptor {
      **/
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
-        log.info("[preHandle][" + request + "]" + "[" + request.getMethod() + "]" + request.getRequestURI() + getParameters(request));
+//        log.info("[preHandle][" + request + "]" + "[" + request.getMethod() + "]" + request.getRequestURI() + getParameters(request));
         return true;
     }
 
@@ -27,7 +27,7 @@ public class LoggerInterceptor implements HandlerInterceptor {
      **/
     @Override
     public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception {
-        log.info("[postHandle][" + request + "]");
+//        log.info("[postHandle][" + request + "]");
     }
 
     /**
@@ -35,9 +35,10 @@ public class LoggerInterceptor implements HandlerInterceptor {
      **/
     @Override
     public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {
-        if (ex != null)
-            ex.printStackTrace();
-        log.info("[afterCompletion][" + request + "][exception: " + ex + "]");
+        if (ex != null) {
+            //ex.printStackTrace();
+            log.info("[afterCompletion][" + request + "][exception: " + ex + "]");
+        }
     }
 
     private String getParameters(final HttpServletRequest request) {
@@ -60,15 +61,16 @@ public class LoggerInterceptor implements HandlerInterceptor {
 
         final String ip = request.getHeader("X-FORWARDED-FOR");
         final String ipAddr = (ip == null) ? getRemoteAddr(request) : ip;
-        if (!Strings.isNullOrEmpty(ipAddr))
+        if (!Strings.isNullOrEmpty(ipAddr)) {
             posted.append("&_psip=" + ipAddr);
+        }
         return posted.toString();
     }
 
     private String getRemoteAddr(final HttpServletRequest request) {
         final String ipFromHeader = request.getHeader("X-FORWARDED-FOR");
         if (ipFromHeader != null && ipFromHeader.length() > 0) {
-            log.debug("ip from proxy - X-FORWARDED-FOR : " + ipFromHeader);
+//            log.debug("ip from proxy - X-FORWARDED-FOR : " + ipFromHeader);
             return ipFromHeader;
         }
         return request.getRemoteAddr();

src/main/java/com/its/op/security/interceptor/SessionTimerInterceptor.java

@@ -2,7 +2,6 @@ package com.its.op.security.interceptor;
 
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.lang.Nullable;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 
@@ -22,18 +21,17 @@ public class SessionTimerInterceptor implements HandlerInterceptor {
      **/
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
-        log.info("Pre handle method - check handling start time");
+        //log.info("Pre handle method - check handling start time");
         long startTime = System.currentTimeMillis();
         request.setAttribute("executionTime", startTime);
         if (UserInterceptor.isUserLogged()) {
             session = request.getSession();
-            log.info("Time since last request in this session: {} ms", System.currentTimeMillis() - request.getSession()
-                    .getLastAccessedTime());
+//            log.info("Time since last request in this session: {} ms", System.currentTimeMillis() - request.getSession().getLastAccessedTime());
             if (System.currentTimeMillis() - session.getLastAccessedTime() > MAX_INACTIVE_SESSION_TIME) {
                 log.warn("Logging out, due to inactive session");
-                SecurityContextHolder.clearContext();
-                request.logout();
-                response.sendRedirect("/spring-security-rest-full/logout");
+//                SecurityContextHolder.clearContext();
+//                request.logout();
+//                response.sendRedirect("/api/auth/logout.do");
             }
         }
         return true;
@@ -44,9 +42,9 @@ public class SessionTimerInterceptor implements HandlerInterceptor {
      **/
     @Override
     public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception {
-        log.info("Post handle method - check execution time of handling");
-        long startTime = (Long) request.getAttribute("executionTime");
-        log.info("Execution time for handling the request was: {} ms", System.currentTimeMillis() - startTime);
+//        log.info("Post handle method - check execution time of handling");
+//        long startTime = (Long) request.getAttribute("executionTime");
+//        log.info("Execution time for handling the request was: {} ms", System.currentTimeMillis() - startTime);
     }
 
 }

src/main/java/com/its/op/security/interceptor/UserInterceptor.java

@@ -42,13 +42,13 @@ public class UserInterceptor implements HandlerInterceptor {
      * Used before model is generated, based on session
      */
     private void addToModelUserDetails(HttpSession session) {
-        log.info("================= addToModelUserDetails ============================");
+//        log.info("================= addToModelUserDetails ============================");
         String loggedUsername = SecurityContextHolder.getContext()
                 .getAuthentication()
                 .getName();
         session.setAttribute("username", loggedUsername);
-        log.info("user(" + loggedUsername + ") session : " + session);
-        log.info("================= addToModelUserDetails ============================");
+//        log.info("user(" + loggedUsername + ") session : " + session);
+//        log.info("================= addToModelUserDetails ============================");
 
     }
 
@@ -56,13 +56,13 @@ public class UserInterceptor implements HandlerInterceptor {
      * Used when model is available
      */
     private void addToModelUserDetails(ModelAndView model) {
-        log.info("================= addToModelUserDetails ============================");
+//        log.info("================= addToModelUserDetails ============================");
         String loggedUsername = SecurityContextHolder.getContext()
                 .getAuthentication()
                 .getName();
         model.addObject("loggedUsername", loggedUsername);
-        log.trace("session : " + model.getModel());
-        log.info("================= addToModelUserDetails ============================");
+//        log.trace("session : " + model.getModel());
+//        log.info("================= addToModelUserDetails ============================");
 
     }
 

src/main/java/com/its/op/security/interceptor/UserLogoutHandler.java

@@ -0,0 +1,17 @@
+package com.its.op.security.interceptor;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.logout.LogoutHandler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@Slf4j
+public class UserLogoutHandler implements LogoutHandler {
+
+    @Override
+    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
+        log.info("logout............................");
+    }
+}

src/main/java/com/its/utils/EncryptionUtils.java

@@ -0,0 +1,29 @@
+package com.its.utils;
+
+import java.security.MessageDigest;
+
+public class EncryptionUtils {
+    public static String encryptSHA256(String s) {
+        return encrypt(s, "SHA-256");
+    }
+
+    public static String encryptMD5(String s) {
+        return encrypt(s, "MD5");
+    }
+
+    public static String encrypt(String s, String messageDigest) {
+        try {
+            MessageDigest md = MessageDigest.getInstance(messageDigest);
+            byte[] passBytes = s.getBytes();
+            md.reset();
+            byte[] digested = md.digest(passBytes);
+            StringBuilder sb = new StringBuilder();
+            for (int ii = 0; ii < digested.length; ii++) {
+                sb.append(Integer.toString((digested[ii]&0xff) + 0x100, 16).substring(1));
+            }
+            return sb.toString();
+        } catch (Exception e) {
+            return s;
+        }
+    }
+}

src/main/resources/static/application/login/login.html

@@ -4,10 +4,10 @@
         <meta charset="UTF-8" />
         <title>Log-In</title>
         <!-- <script src="https://kit.fontawesome.com/c818c46fe5.js" crossorigin="anonymous"></script> -->
-        <link rel="stylesheet" href="font-awesome.min.css" />
+        <link rel="stylesheet" href="./font-awesome.min.css" />
         <script src="/libs/jquery/jquery-3.6.0.min.js"></script>
-        <link rel="stylesheet" href="login.css" />
-        <script type="text/javascript" src="login.js"></script>
+        <link rel="stylesheet" href="./login.css" />
+        <script type="text/javascript" src="./login.js"></script>
     </head>
     <body>
         <div class="flex-container">