Spring에서 FrontController는 DispatcherServlet이라고 함.
공통로직을 작성하여 DispatcherServlet을 통한다음 다른 페이지에 접속하도록 코드 작성
1. 보안에 취약
DispatcherServlet
package com.example.userapp.conpig; import jakarta.servlet.ServletException; import jakarta.servlet.annotation.WebServlet; import jakarta.servlet.http.HttpServlet; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; // FrontController @WebServlet("*.do") public class DispatcherServlet extends HttpServlet { @Override protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { // 1. 공통로직 System.out.println("common logic~~"); resp.setHeader("Content-Type", "text/html; charset=utf-8"); // 2. 분기 String uri = req.getRequestURI(); System.out.println(uri); if(uri.equals("/join-form.do")){ resp.sendRedirect("/user/join-form.jsp"); } else if (uri.equals("/join.do")) { resp.sendRedirect("/user/join.jsp"); } else if (uri.equals("/main.do")) { resp.sendRedirect("/board/main.jsp"); } else { resp.setStatus(404); resp.getWriter().println("잘못된 페이지를 입력하셨습니다."); } } }
main.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>Title</title> </head> <body> <h1>main page</h1> <hr> </body> </html>
join.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %> <% response.setHeader("Content-Type", "text/html; charset=utf-8"); // 한글 처리 // 1. 파싱 String username = request.getParameter("username"); String password = request.getParameter("password"); String email = request.getParameter("email"); System.out.println("username : " + username); System.out.println("password : " + password); System.out.println("email : " + email); // 2. 유효성 검사 (1000줄 됨) if (username.length() < 3 || username.length() > 10) { response.getWriter().println("<h1>username 글자수가 3~10여야 합니다.</h1>"); return; } response.setStatus(302); response.setHeader("Location","/board/main.jsp"); response.setHeader("clock","/12pm"); %>
join-form.jsp
<%@ page import="java.time.LocalDateTime" %> <%@ page contentType="text/html;charset=UTF-8" language="java" %> <% LocalDateTime now = LocalDateTime.now(); %> <html> <head> <title>Title</title> </head> <body> <h1>회원가입 페이지 <%=now%></h1> <hr> <form action="/WEB-INF/user/join.jsp" method=""> <input type="text" placeholder="username" name="username"> <input type="text" placeholder="password" name="password"> <input type="text" placeholder="email" name="email"> <button>회원가입</button> </form> </body> </html>
외부에서 접근이 가능해서 DispatcherServlet을 거치지않고도 접속이 가능 /join-form.do를 입력해서 들어가야 하는데 /user/join-form.jsp 이걸로 바로 접속이가능함(강제성을 부여해줘야함)
2. 강제성 부여
내부적으로 요청하여 보안폴더(WEB-INF)에 접근이 가능하게 코드 작성
DispatcherServlet
package com.example.userapp.conpig; import jakarta.servlet.ServletException; import jakarta.servlet.annotation.WebServlet; import jakarta.servlet.http.HttpServlet; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; // FrontController @WebServlet("*.do") public class DispatcherServlet extends HttpServlet { @Override protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { // 1. 공통로직 System.out.println("common logic~~"); resp.setHeader("Content-Type", "text/html; charset=utf-8"); // 2. 분기 String uri = req.getRequestURI(); System.out.println(uri); if(uri.equals("/join-form.do")){ //resp.sendRedirect("/WEB-INF/user/join-form.jsp"); req.getRequestDispatcher("/WEB-INF/user/join-form.jsp").forward(req,resp); } else if (uri.equals("/join.do")) { //resp.sendRedirect("/WEB-INF/user/join.jsp"); req.getRequestDispatcher("/WEB-INF/user/join.jsp").forward(req,resp); } else if (uri.equals("/main.do")) { //resp.sendRedirect("/WEB-INF/board/main.jsp"); req.getRequestDispatcher("/WEB-INF/board/main.jsp").forward(req,resp); } else { resp.setStatus(404); resp.getWriter().println("잘못된 페이지를 입력하셨습니다."); } } }
main.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>Title</title> </head> <body> <h1>main page</h1> <hr> </body> </html>
join.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %> <% response.setHeader("Content-Type", "text/html; charset=utf-8"); // 한글 처리 // 1. 파싱 String username = request.getParameter("username"); String password = request.getParameter("password"); String email = request.getParameter("email"); System.out.println("username : " + username); System.out.println("password : " + password); System.out.println("email : " + email); // 2. 유효성 검사 (1000줄 됨) if (username.length() < 3 || username.length() > 10) { response.getWriter().println("<h1>username 글자수가 3~10여야 합니다.</h1>"); return; } response.setStatus(302); response.setHeader("Location","/main.do"); response.setHeader("clock","/12pm"); %>
join-form.jsp
<%@ page import="java.time.LocalDateTime" %> <%@ page contentType="text/html;charset=UTF-8" language="java" %> <% LocalDateTime now = LocalDateTime.now(); %> <html> <head> <title>Title</title> </head> <body> <h1>회원가입 페이지 <%=now%></h1> <hr> <form action="/join.do" method="post"> <input type="text" placeholder="username" name="username"> <input type="text" placeholder="password" name="password"> <input type="text" placeholder="email" name="email"> <button>회원가입</button> </form> </body> </html>
Share article