admin/madeu_crm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

음....

Browse Source
This commit is contained in:
bd091
2025-12-07 01:43:54 +09:00
parent c8b3150a80
commit 89975cbb02
1 changed files with 19 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/main/java/com/madeu/config/WebConfig.java
View File

@@ -6,10 +6,12 @@ import org.springframework.core.io.Resource;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.resource.PathResourceResolver; import org.springframework.web.servlet.resource.PathResourceResolver;
import org.springframework.web.util.UriUtils;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import java.io.IOException; import java.io.IOException;
import java.nio.charset.StandardCharsets;
@Slf4j @Slf4j
@Configuration @Configuration
@@ -31,30 +33,36 @@ public class WebConfig implements WebMvcConfigurer {
@Override @Override
protected Resource getResource(String resourcePath, Resource location) throws IOException { protected Resource getResource(String resourcePath, Resource location) throws IOException {
log.info("=== Resource 요청 받음 ==="); log.info("=== Resource 요청 받음 ===");
log.info("Resource Path: {}", resourcePath); log.info("원본 Resource Path (인코딩됨): {}", resourcePath);
// URL 디코딩 처리 (한글 파일명 지원)
String decodedResourcePath = UriUtils.decode(resourcePath, StandardCharsets.UTF_8);
log.info("디코딩된 Resource Path: {}", decodedResourcePath);
log.info("Location: {}", location.getURI()); log.info("Location: {}", location.getURI());
Resource requestedResource = location.createRelative(resourcePath); Resource requestedResource = location.createRelative(decodedResourcePath);
log.info("Requested Resource exists: {}", requestedResource.exists());
log.info("Requested Resource readable: {}", requestedResource.isReadable()); boolean exists = requestedResource.exists();
boolean readable = exists && requestedResource.isReadable();
log.info("Requested Resource URI: {}", requestedResource.getURI()); log.info("Requested Resource URI: {}", requestedResource.getURI());
log.info("Requested Resource exists: {}", exists);
log.info("Requested Resource readable: {}", readable);
// 보안 검증: 허용된 파일 타입만 // 보안 검증: 허용된 파일 타입만
if (requestedResource.exists() && requestedResource.isReadable()) { if (exists && readable) {
boolean allowed = isAllowedResource(requestedResource); boolean allowed = isAllowedResource(requestedResource);
log.info("Resource allowed: {}", allowed); log.info("Resource allowed: {}", allowed);
if (allowed) { if (allowed) {
log.info("✓ 파일 반환 성공: {}", resourcePath); log.info("✓ 파일 반환 성공: {}", decodedResourcePath);
return requestedResource; return requestedResource;
} else { } else {
log.info("✗ 허용되지 않은 파일 타입: {}", resourcePath); log.info("✗ 허용되지 않은 파일 타입: {}", decodedResourcePath);
} }
} else { } else {
log.info("✗ 파일 없음 또는 읽을 수 없음: {}", resourcePath); log.info("✗ 파일 없음 또는 읽을 수 없음: {}", decodedResourcePath);
log.info(" - exists: {}, readable: {}", log.info(" - exists: {}, readable: {}", exists, readable);
requestedResource.exists(),
requestedResource.isReadable());
} }
return null; return null;