Spring에서 FrontController는 DispatcherServlet이라고 함.
공통로직을 작성하여 DispatcherServlet을 통한다음 다른 페이지에 접속하도록 코드 작성
1. 보안에 취약
DispatcherServlet
package com.example.userapp.conpig;
import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
// FrontController
@WebServlet("*.do")
public class DispatcherServlet extends HttpServlet {
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// 1. 공통로직
System.out.println("common logic~~");
resp.setHeader("Content-Type", "text/html; charset=utf-8");
// 2. 분기
String uri = req.getRequestURI();
System.out.println(uri);
if(uri.equals("/join-form.do")){
resp.sendRedirect("/user/join-form.jsp");
} else if (uri.equals("/join.do")) {
resp.sendRedirect("/user/join.jsp");
} else if (uri.equals("/main.do")) {
resp.sendRedirect("/board/main.jsp");
} else {
resp.setStatus(404);
resp.getWriter().println("잘못된 페이지를 입력하셨습니다.");
}
}
}main.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>main page</h1>
<hr>
</body>
</html>join.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%
response.setHeader("Content-Type", "text/html; charset=utf-8"); // 한글 처리
// 1. 파싱
String username = request.getParameter("username");
String password = request.getParameter("password");
String email = request.getParameter("email");
System.out.println("username : " + username);
System.out.println("password : " + password);
System.out.println("email : " + email);
// 2. 유효성 검사 (1000줄 됨)
if (username.length() < 3 || username.length() > 10) {
response.getWriter().println("<h1>username 글자수가 3~10여야 합니다.</h1>");
return;
}
response.setStatus(302);
response.setHeader("Location","/board/main.jsp");
response.setHeader("clock","/12pm");
%>join-form.jsp
<%@ page import="java.time.LocalDateTime" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%
LocalDateTime now = LocalDateTime.now();
%>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>회원가입 페이지 <%=now%></h1>
<hr>
<form action="/WEB-INF/user/join.jsp" method="">
<input type="text" placeholder="username" name="username">
<input type="text" placeholder="password" name="password">
<input type="text" placeholder="email" name="email">
<button>회원가입</button>
</form>
</body>
</html>외부에서 접근이 가능해서 DispatcherServlet을 거치지않고도 접속이 가능 /join-form.do를 입력해서 들어가야 하는데 /user/join-form.jsp 이걸로 바로 접속이가능함(강제성을 부여해줘야함)
2. 강제성 부여
내부적으로 요청하여 보안폴더(WEB-INF)에 접근이 가능하게 코드 작성
DispatcherServlet
package com.example.userapp.conpig;
import jakarta.servlet.ServletException;
import jakarta.servlet.annotation.WebServlet;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
// FrontController
@WebServlet("*.do")
public class DispatcherServlet extends HttpServlet {
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// 1. 공통로직
System.out.println("common logic~~");
resp.setHeader("Content-Type", "text/html; charset=utf-8");
// 2. 분기
String uri = req.getRequestURI();
System.out.println(uri);
if(uri.equals("/join-form.do")){
//resp.sendRedirect("/WEB-INF/user/join-form.jsp");
req.getRequestDispatcher("/WEB-INF/user/join-form.jsp").forward(req,resp);
} else if (uri.equals("/join.do")) {
//resp.sendRedirect("/WEB-INF/user/join.jsp");
req.getRequestDispatcher("/WEB-INF/user/join.jsp").forward(req,resp);
} else if (uri.equals("/main.do")) {
//resp.sendRedirect("/WEB-INF/board/main.jsp");
req.getRequestDispatcher("/WEB-INF/board/main.jsp").forward(req,resp);
} else {
resp.setStatus(404);
resp.getWriter().println("잘못된 페이지를 입력하셨습니다.");
}
}
}main.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>main page</h1>
<hr>
</body>
</html>join.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%
response.setHeader("Content-Type", "text/html; charset=utf-8"); // 한글 처리
// 1. 파싱
String username = request.getParameter("username");
String password = request.getParameter("password");
String email = request.getParameter("email");
System.out.println("username : " + username);
System.out.println("password : " + password);
System.out.println("email : " + email);
// 2. 유효성 검사 (1000줄 됨)
if (username.length() < 3 || username.length() > 10) {
response.getWriter().println("<h1>username 글자수가 3~10여야 합니다.</h1>");
return;
}
response.setStatus(302);
response.setHeader("Location","/main.do");
response.setHeader("clock","/12pm");
%>join-form.jsp
<%@ page import="java.time.LocalDateTime" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%
LocalDateTime now = LocalDateTime.now();
%>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>회원가입 페이지 <%=now%></h1>
<hr>
<form action="/join.do" method="post">
<input type="text" placeholder="username" name="username">
<input type="text" placeholder="password" name="password">
<input type="text" placeholder="email" name="email">
<button>회원가입</button>
</form>
</body>
</html>Share article
