CSRF 처리.

Author: jstree

.idea/sonarIssues.xml

@@ -8,6 +8,7 @@
 import egovframework.com.sec.ram.service.EgovAuthorManageService;
 
 import egovframework.rte.fdl.property.EgovPropertyService;
+import egovframework.rte.fdl.security.intercept.EgovReloadableFilterInvocationSecurityMetadataSource;
 import egovframework.rte.ptl.mvc.tags.ui.pagination.PaginationInfo;
 
 import javax.annotation.Resource;
@@ -59,6 +60,9 @@ public class EgovAuthorManageController {
 
     @Autowired
 	private DefaultBeanValidator beanValidator;
+
+	@Resource(name="databaseSecurityMetadataSource")
+	EgovReloadableFilterInvocationSecurityMetadataSource databaseSecurityMetadataSource;
 
     /**
 	 * 권한 목록화면 이동
@@ -158,6 +162,7 @@ public String insertAuthor(@ModelAttribute("authorManage") AuthorManage authorMa
 		} else {
 	    	egovAuthorManageService.insertAuthor(authorManage);
 	        status.setComplete();
+			databaseSecurityMetadataSource.reload();
 	        model.addAttribute("message", egovMessageSource.getMessage("success.common.insert"));
 	        return "forward:/sec/ram/EgovAuthor.do";
 		}

development-project/project-standard/standard-server/src/main/java/egovframework/com/sec/ram/web/EgovAuthorManageController.java

@@ -19,6 +19,8 @@
 import org.springframework.web.bind.annotation.SessionAttributes;
 import org.springframework.web.bind.support.SessionStatus;
 
+import egovframework.rte.fdl.security.intercept.EgovReloadableFilterInvocationSecurityMetadataSource;
+
 /**
  * 권한별 롤관리에 관한 controller 클래스를 정의한다.
  * @author 공통서비스 개발팀 이문준
@@ -50,6 +52,9 @@ public class EgovAuthorRoleController {
     @Resource(name = "propertiesService")
     protected EgovPropertyService propertiesService;
 
+	@Resource(name="databaseSecurityMetadataSource")
+	EgovReloadableFilterInvocationSecurityMetadataSource databaseSecurityMetadataSource;
+
     /**
 	 * 권한 롤 관계 화면 이동
 	 * @return "egovframework/com/sec/ram/EgovDeptAuthorList"
@@ -128,6 +133,9 @@ public String insertAuthorRole(@RequestParam("authorCode") String authorCode,
     	}
 
         status.setComplete();
+
+		databaseSecurityMetadataSource.reload();
+
         model.addAttribute("message", egovMessageSource.getMessage("success.common.insert"));		
 		return "forward:/sec/ram/EgovAuthorRoleList.do";
 	}    

development-project/project-standard/standard-server/src/main/java/egovframework/com/sec/ram/web/EgovAuthorRoleController.java

@@ -5,6 +5,7 @@
 <%@ taglib prefix="ui" uri="http://egovframework.gov/ctl/ui"%>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
+<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 <%
  /**
   * @Class Name : EgovBBSListByTarget.jsp
@@ -63,7 +64,7 @@
 </head>
 <body>
 
-<form name="frm" action ="" method="post">
+<form:form name="frm" action ="" method="post">
 <input type="hidden" name="bbsId" value="">
 <input type="hidden" name="trgetId" value="${trgetId}">
 <input type="hidden" name="param_bbsId" value="">
@@ -157,6 +158,6 @@
 	</div>
 	<input name="pageIndex" type="hidden" value="<c:out value='${searchVO.pageIndex}'/>"/>
 </div>
-</form>
+</form:form>
 </body>
 </html>

development-project/project-standard/standard-server/src/main/webapp/WEB-INF/jsp/egovframework/com/cop/bbs/EgovBBSListByTrget.jsp

@@ -5,6 +5,7 @@
 <%@ taglib prefix="ui" uri="http://egovframework.gov/ctl/ui"%>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
+<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 <%
  /**
   * @Class Name : EgovBBSLoneMstrList.jsp
@@ -61,7 +62,7 @@
 </head>
 <body>
 
-<form name="frm" method="post" action="<c:url value='/cop/bbs/selectBoardMasterList.do'/>" >
+<form:form name="frm" method="post" action="<c:url value='/cop/bbs/selectBoardMasterList.do'/>" >
 <input type="hidden" name="bbsId">
 <input type="hidden" name="trgetId">
 
@@ -150,6 +151,6 @@
 	</div>
 	<input name="pageIndex" type="hidden" value="<c:out value='${searchVO.pageIndex}'/>"/>
 </div>
-</form>
+</form:form>
 </body>
 </html>

development-project/project-standard/standard-server/src/main/webapp/WEB-INF/jsp/egovframework/com/cop/bbs/EgovBBSLoneMstrList.jsp

@@ -5,6 +5,7 @@
 <%@ taglib prefix="ui" uri="http://egovframework.gov/ctl/ui"%>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
+<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 <%
  /**
   * @Class Name : EgovBoardMstrList.jsp
@@ -68,7 +69,7 @@
 </head>
 <body>
 <div id="border" style="width:730px">
-<form name="frm" action="<c:url value='/cop/bbs/SelectBBSMasterInfs.do'/>" method="post">
+<form:form name="frm" action="<c:url value='/cop/bbs/SelectBBSMasterInfs.do'/>" method="post">
 <input type="hidden" name="bbsId">
 <input type="hidden" name="trgetId">
 
@@ -154,7 +155,7 @@
 		<ui:pagination paginationInfo="${paginationInfo}" type="image" jsFunction="fn_egov_select_brdMstr" />
 	</div>
 	<input name="pageIndex" type="hidden" value="<c:out value='${searchVO.pageIndex}'/>"/>
-</form>
+</form:form>
 </div>
 
 </body>

development-project/project-standard/standard-server/src/main/webapp/WEB-INF/jsp/egovframework/com/cop/bbs/EgovBoardMstrList.jsp

@@ -5,6 +5,7 @@
 <%@ taglib prefix="ui" uri="http://egovframework.gov/ctl/ui"%>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
+<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 <%
  /**
   * @Class Name : EgovBoardMstrListPop.jsp
@@ -55,7 +56,7 @@
 
 </head>
 <body>
-<form name="frm" action ="" method="post">
+<form:form name="frm" action ="" method="post">
 <input type="hidden" name="bbsId" value="">
 
 	<table width="100%" cellpadding="8" class="table-search" border="0">
@@ -167,6 +168,6 @@
 	</tr>
 	</table>
 	</div>
-</form>
+</form:form>
 </body>
 </html>

development-project/project-standard/standard-server/src/main/webapp/WEB-INF/jsp/egovframework/com/cop/bbs/EgovBoardMstrListPop.jsp

@@ -5,6 +5,7 @@
 <%@ taglib prefix="ui" uri="http://egovframework.gov/ctl/ui"%>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
+<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 <%
  /**
   * @Class Name : EgovNoticeInqire.jsp
@@ -102,7 +103,7 @@
 
 </head>
 <body onload="onloading();">
-<form name="frm" method="post" action="">
+<form:form name="frm" method="post" action="">
 <input type="hidden" name="pageIndex" value="<c:out value='${searchVO.pageIndex}'/>">
 <input type="hidden" name="bbsId" value="<c:out value='${result.bbsId}'/>" >
 <input type="hidden" name="nttId" value="<c:out value='${result.nttId}'/>" >
@@ -271,6 +272,6 @@
 	</table>
 	</div>
 </div>
-</form>
+</form:form>
 </body>
 </html>

development-project/project-standard/standard-server/src/main/webapp/WEB-INF/jsp/egovframework/com/cop/bbs/EgovNoticeInqire.jsp

@@ -6,6 +6,7 @@
 <%@ taglib prefix="ui" uri="http://egovframework.gov/ctl/ui"%>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
+<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 <c:set var="ImgUrl" value="/images/egovframework/com/cop/bbs/"/>
 <%
  /**
@@ -95,7 +96,7 @@
 
 <div id="border">
 
-<form name="frm" action ="<c:url value='/cop/bbs${prefix}/selectBoardList.do'/>" method="post">
+<form:form name="frm" action ="<c:url value='/cop/bbs${prefix}/selectBoardList.do'/>" method="post">
 <input type="hidden" name="bbsId" value="<c:out value='${boardVO.bbsId}'/>" />
 <input type="hidden" name="nttId"  value="0" />
 <input type="hidden" name="bbsTyCode" value="<c:out value='${brdMstrVO.bbsTyCode}'/>" />
@@ -134,7 +135,7 @@
   </th>
  </tr>
  </table>
- </form>
+ </form:form>
 
 <table width="100%" cellpadding="8" class="listTable" summary="번호, 제목, 게시시작일, 게시종료일, 작성자, 작성일, 조회수   입니다">
  <thead>
@@ -155,10 +156,10 @@
  </thead>
 
  <tbody>
- 	<form name="submitParam" method="post">
+ 	<form:form name="submitParam" method="post">
 	 	<input type="hidden" name="bbsId"  />
 		<input type="hidden" name="nttId"  />
- 	</form>
+ 	</form:form>
 	 <c:forEach var="result" items="${resultList}" varStatus="status">
 	  <tr>
 	    <!--td class="lt_text3" nowrap><input type="checkbox" name="check1" class="check2"></td-->
@@ -175,7 +176,7 @@
 	    			<c:out value="${result.nttSj}" />
 	    		</c:when>
 	    		<c:otherwise>
-		    		<form name="subForm" method="post" action="<c:url value='/cop/bbs${prefix}/selectBoardArticle.do'/>">
+		    		<form:form name="subForm" method="post" action="<c:url value='/cop/bbs${prefix}/selectBoardArticle.do'/>">
 						<input type="hidden" name="bbsTyCode" value="<c:out value='${brdMstrVO.bbsTyCode}'/>" />
 						<input type="hidden" name="bbsAttrbCode" value="<c:out value='${brdMstrVO.bbsAttrbCode}'/>" />
 						<input type="hidden" name="authFlag" value="<c:out value='${brdMstrVO.authFlag}'/>" />
@@ -189,7 +190,7 @@
 			    		<span class="link">
 			    			<a href="#"  onclick="fn_egov_inqire_notice('${result.nttId}', '${result.bbsId }');"><c:out value="${result.nttSj}"/></a>
 			    		</span>
-			    	</form>
+			    	</form:form>
 	    		</c:otherwise>
 	    	</c:choose>
 	    </td>

development-project/project-standard/standard-server/src/main/webapp/WEB-INF/jsp/egovframework/com/cop/bbs/EgovNoticeList.jsp

@@ -5,6 +5,7 @@
 <%@ taglib prefix="ui" uri="http://egovframework.gov/ctl/ui"%>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
+<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 <%
  /**
   * @Class Name : EgovCmmntyInqire.jsp
@@ -49,7 +50,7 @@
 
 </head>
 <body>
-<form name="frm" method="post" action="<c:url value='/cop/cmy/selectCmmntyInfs.do'/>">
+<form:form name="frm" method="post" action="<c:url value='/cop/cmy/selectCmmntyInfs.do'/>">
 <input name="pageIndex" type="hidden" value="<c:out value='${searchVO.pageIndex}'/>"/>
 <input name="cmmntyId" type="hidden" value="<c:out value='${cmmntyVO.cmmntyId}'/>"/>
 <input name="param_cmmntyId" type="hidden" />
@@ -147,6 +148,6 @@
 	</table>
 	</div>
 </div>
-</form>
+</form:form>
 </body>
 </html>