LifeCenterInterCeptor.java 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295
  1. package com.lemon.lifecenter.common;
  2. import java.io.IOException;
  3. import java.lang.reflect.Method;
  4. import javax.servlet.http.HttpServletRequest;
  5. import javax.servlet.http.HttpServletResponse;
  6. import org.slf4j.Logger;
  7. import org.slf4j.LoggerFactory;
  8. import org.springframework.beans.factory.annotation.Autowired;
  9. import org.springframework.stereotype.Component;
  10. import org.springframework.web.method.HandlerMethod;
  11. import org.springframework.web.servlet.ModelAndView;
  12. import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
  13. import com.lemon.lifecenter.dto.RoleDTO;
  14. import com.lemon.lifecenter.service.RoleService;
  15. @Component
  16. public class LifeCenterInterCeptor extends HandlerInterceptorAdapter {
  17. @Autowired
  18. private LifeCenterConfigVO config;
  19. @Autowired
  20. private RoleService roleService;
  21. private final Logger logger = LoggerFactory.getLogger(this.getClass());
  22. @Override
  23. public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws IOException {
  24. logger.info( "--------------------- InterCeptor Start --------------------- " );
  25. String url = request.getRequestURI().toString();
  26. String port = String.valueOf(request.getServerPort());
  27. Object session = request.getSession().getAttribute( "sesId" );
  28. Object groupIdx = request.getSession().getAttribute( "sesGroupIdx" );
  29. Object sesMId = request.getSession().getAttribute( "sesMId" );
  30. Object sesPasswordChange = request.getSession().getAttribute( "sesPasswordChange" );
  31. Object sesAcceptCheck = request.getSession().getAttribute( "sesAcceptCheck" );
  32. Object sesPermissions = request.getSession().getAttribute( "sesPermissions" );
  33. logger.info( "|------------------------------------------------------------------|" );
  34. logger.info( "| URL : " + url + " | IP : " + LifeCenterFunction.getRemoteAddr(request) + " | Port : " + port );
  35. logger.info( "|------------------------------------------------------------------|" );
  36. logger.info( "redirectUrl -- > " + request.getParameter("redirectUrl") );
  37. logger.info( " sesMobileId : " + sesMId + " sesWebId : " + session + " groupIdx : " + groupIdx );
  38. if ( url.contains( "/error" ) || url.contains( "/nonface/wait" ) || url.contains( "/mobile/call" ) ||
  39. url.contains( "/store" ) || url.contains( "/favicon.ico" ) || url.contains( "/mobile/getAppVersion" ) ||
  40. url.contains("/lifeCenter/api") || url.contains( "/accept/public" ) ) {
  41. return true;
  42. }
  43. if( url.contains( "/mobile" ) ) {
  44. if (url.contains("/mobile/helper")) {
  45. return true;
  46. }
  47. if( !url.equals( "/mobile/login" ) && !url.equals( "/mobile/check" ) && !url.equals("/mobile/logout") ) {
  48. if( sesMId == null ) {
  49. if (request.getParameter("redirectUrl") == null) {
  50. response.sendRedirect( "/mobile/login" );
  51. } else {
  52. response.sendRedirect( "/mobile/login?redirectUrl=" + request.getParameter("redirectUrl") );
  53. }
  54. return false;
  55. } else {
  56. logger.info( "IP : " + LifeCenterFunction.getRemoteAddr( request ) + " ID : " + sesMId.toString() + " URL : " + url + " Port : " + port );
  57. /*
  58. * 서비스 메뉴별 페이지 뷰
  59. * 웹 / 앱 트래킹 분석 부분 주석 처리
  60. */
  61. /*
  62. String patientIdx = LifeCenterSessionController.getSession(request, "sesMpIdx");
  63. String referer = request.getHeader("Referer");
  64. RoleDTO roleDTO = new RoleDTO();
  65. roleDTO.setMenuPath( url );
  66. int menuTotal = roleService.selectMobileMenuCount( roleDTO );
  67. if( menuTotal > 0 ) {
  68. roleDTO = roleService.selectMobileMenuData( roleDTO );
  69. roleDTO.setPatientIdx( Integer.valueOf( patientIdx.toString() ) );
  70. if (url.equals("/mobile/health/insert")) {
  71. String type = referer.substring(referer.length() - 1, referer.length());
  72. roleDTO.setEtc(type);
  73. }
  74. roleService.insertMobileMenuAccessLog( roleDTO );
  75. }
  76. */
  77. Object sesMAcceptCheck = request.getSession().getAttribute( "sesMAcceptCheck" );
  78. // System.err.println( "sesMAcceptCheck : " + sesMAcceptCheck );
  79. if( sesMAcceptCheck != null && sesMAcceptCheck.equals( "Y" ) ) {
  80. if( !url.equals( "/mobile/accept/list" ) && !url.equals( "/mobile/insertDeviceInfo" ) ) {
  81. logger.info( "약관 동의 페이지로 이동" );
  82. if( !url.equals( "/mobile/accept/insert" ) && !url.equals( "/mobile/login/logout" ) ) {
  83. LifeCenterFunction.scriptMessage( response, "location.href='/mobile/accept/list';" );
  84. return false;
  85. }
  86. } else {
  87. // LifeCenterFunction.scriptMessage( response, "alertBox({ txt: '약관 동의 후 서비스 이용이 가능합니다.', callBack : function(){ } });" );
  88. }
  89. } else {
  90. if( url.equals( "/mobile/accept/list" ) ) {
  91. response.sendRedirect( "/mobile/menu" );
  92. }
  93. }
  94. }
  95. } else if( url.equals( "/mobile/login" ) ) {
  96. if( sesMId != null ) {
  97. response.sendRedirect( "/mobile/menu" );
  98. return false;
  99. }
  100. }
  101. } else {
  102. if( !url.equals( "/login/staff" ) && !url.equals( "/login/hcms" ) && !url.equals( "/login/check" ) ) {
  103. if( session == null ) {
  104. response.sendRedirect( "/login/staff" );
  105. return false;
  106. } else {
  107. logger.info( "IP : " + LifeCenterFunction.getRemoteAddr( request ) + " ID : " + session.toString() + " URL : " + url + " Port : " + port );
  108. /*
  109. * 현재경로에대해 권한 체크
  110. */
  111. RoleDTO roleDTO = new RoleDTO();
  112. roleDTO.setMenuPath( url );
  113. int roleCount = roleService.selectNowPathRoleCheckTotal( roleDTO );
  114. if( roleCount > 0 ) {
  115. Object sesGroupIdx = request.getSession().getAttribute( "sesGroupIdx" );
  116. roleDTO.setGroupIdx( Integer.valueOf( sesGroupIdx.toString() ) );
  117. roleDTO = roleService.selectNowPathRoleCheckData( roleDTO );
  118. String menuType = roleDTO.getMenuType();
  119. boolean roleFlag = true;
  120. if( menuType.equals( "C" ) ) {
  121. if( roleDTO.getCreateYn().equals( "N" ) ) {
  122. roleFlag = false;
  123. }
  124. } else if( menuType.equals( "R" ) ) {
  125. if( roleDTO.getReadYn().equals( "N" ) ) {
  126. roleFlag = false;
  127. }
  128. } else if( menuType.equals( "U" ) ) {
  129. if( roleDTO.getUpdateYn().equals( "N" ) ) {
  130. roleFlag = false;
  131. }
  132. } else if( menuType.equals( "" ) ) {
  133. if( roleDTO.getDeleteYn().equals( "N" ) ) {
  134. roleFlag = false;
  135. }
  136. }
  137. /*
  138. * 메뉴접근이력 insert 성공/실패 유무도 같이
  139. */
  140. if( !url.equals( "/history/list" ) ) {
  141. roleDTO.setMenuPath( url );
  142. roleDTO.setId( session.toString() );
  143. roleDTO.setIp( LifeCenterFunction.getRemoteAddr( request ) );
  144. roleDTO.setSuccessYn( roleFlag == true ? "Y" : "N" );
  145. roleService.insertMenuAccessLog( roleDTO );
  146. // if (url.equals("/patient/info") || url.equals("/staff/info") || url.equals("/clinic/state") || url.equals("/clinic/api/state") || url.equals("/clinic/info")) {
  147. // roleDTO.setMenuPath( url );
  148. // roleDTO.setId( session.toString() );
  149. // roleDTO.setIp( LifeCenterFunction.getRemoteAddr( request ) );
  150. // roleDTO.setSuccessYn( roleFlag == true ? "Y" : "N" );
  151. // roleService.insertMenuAccessLog( roleDTO );
  152. // }
  153. }
  154. if( roleFlag == false ) {
  155. logger.error( "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" );
  156. logger.error( "현재 경로에 대한 권한이 없습니다 . IP : " + LifeCenterFunction.getRemoteAddr( request ) + " ID : " + session.toString() + " URL : " + url + " Port : " + port );
  157. logger.error( "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" );
  158. // System.err.println( "XMLHttpRequest".equals( request.getHeader( "x-requested-with" ) ) );
  159. // Ajax 요청인지 확인
  160. if( "XMLHttpRequest".equals( request.getHeader( "x-requested-with" ) ) == true ) {
  161. response.sendError( 999 );
  162. } else {
  163. response.sendError( 403 );
  164. }
  165. return false;
  166. }
  167. }
  168. /*
  169. * 약관 동의 체크, 비밀번호 초기화 체크
  170. */
  171. if( sesAcceptCheck != null && sesAcceptCheck.equals( "Y" ) ) {
  172. if( !url.equals( "/accept/list" ) ) {
  173. logger.info( "약관 동의 페이지로 이동" );
  174. if( !url.equals( "/accept/insert" ) && !url.equals( "/login/logout" ) ) {
  175. LifeCenterFunction.scriptMessage( response, "location.href='/accept/list';" );
  176. return false;
  177. }
  178. } else {
  179. // LifeCenterFunction.scriptMessage( response, "alertBox({ txt: '약관 동의 후 서비스 이용이 가능합니다.', callBack : function(){ } });" );
  180. }
  181. } else {
  182. if( url.equals( "/accept/list" ) ) {
  183. response.sendRedirect( "/" );
  184. }
  185. if( sesPasswordChange != null ) {
  186. if( sesPasswordChange.equals( "REQUIRED" ) ) {
  187. if( !url.equals( "/staff/myinfo" ) ) {
  188. logger.info( "비밀번호 변경 필요 -> 비밀번호 변경 페이지로 이동" );
  189. if( !url.equals( "/common/passwordCheck" ) && !url.equals( "/staff/myinfo/update" ) && !url.equals( "/login/logout" ) ) {
  190. LifeCenterFunction.scriptMessage( response, "location.href='/staff/myinfo';" );
  191. return false;
  192. }
  193. } else {
  194. LifeCenterFunction.scriptMessage( response, "alertBox({ txt: '비밀번호 보안 규정 변경으로 인하여 의무적으로 비밀번호 1회 변경 진행 후 서비스 이용이 가능합니다.', callBack : function(){ } });" );
  195. }
  196. } else if( sesPasswordChange.equals( "RESET" ) ) {
  197. if( !url.equals( "/staff/myinfo" ) ) {
  198. logger.info( "초기화 비밀번호로 로그인 -> 비밀번호 변경 페이지로 이동" );
  199. if( !url.equals( "/common/passwordCheck" ) && !url.equals( "/staff/myinfo/update" ) && !url.equals( "/login/logout" ) ) {
  200. LifeCenterFunction.scriptMessage( response, "location.href='/staff/myinfo';" );
  201. return false;
  202. }
  203. } else {
  204. LifeCenterFunction.scriptMessage( response, "alertBox({ txt: '초기화 비밀번호로 로그인시 비밀번호 변경 후 서비스 이용이 가능합니다.', callBack : function(){ } });" );
  205. }
  206. }
  207. }
  208. }
  209. }
  210. } else if( url.equals( "/login/staff" ) || url.equals( "/login/hcms" ) ) {
  211. if( session != null ) {
  212. if( sesPermissions.equals( "SYSTEM" ) ) {
  213. response.sendRedirect( "/center/list" );
  214. } else {
  215. response.sendRedirect( "/patient/list" );
  216. }
  217. return false;
  218. }
  219. }
  220. }
  221. return true;
  222. }
  223. @Override
  224. public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
  225. ModelAndView modelAndView) {
  226. //logger.info("Method Executed Time : postHandle");
  227. }
  228. @Override
  229. public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
  230. Exception ex) {
  231. //logger.info("Method Completed Time : afterCompletion");
  232. logger.info( "--------------------- InterCeptor afterCompletion ---------------------" );
  233. }
  234. }