728x90
PwController.java
package secure.ch04.ex01.controller;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
@RequestMapping("/ch04/ex01/pw")
public class PwController {
@RequestMapping(method=RequestMethod.GET)
public void main(){}
@RequestMapping(method=RequestMethod.POST)
@ResponseBody
public String validate(String pw){
String result = "BAD.";
String pwPolicy = "((?=.*[a-zA-Z])(?=.*[!@#])(?=.*[0-9]).{3,5})";
Pattern pattern = Pattern.compile(pwPolicy);
Matcher matcher = pattern.matcher(pw);
if(matcher.matches()) result = "GOOD.";
return result;
}
}/WEB-INF/views/ch04/ex01/pw.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<script src="//code.jquery.com/jquery-3.1.1.min.js"></script>
<script>
$(function(){
$("button").bind("click", function(){
$("#msg").empty();
var pw = $("input[name=pw]").val();
if(isValidPw(pw)){
$.ajax({
method: "post",
data: {"pw":pw},
success: function(result){
$("#msg").text("SERVER: " + result);
},
error: function(a, b, errMsg){
$("#msg").text("SERVER: " + errMsg);
}
});
}else{
$("#msg").text("CLIENT: bad.");
}
});
});
var isValidPw = function(pw){
var pattern = /^(?=.*[a-zA-Z])(?=.*[!@#])(?=.*[0-9]).{3,5}$/;
return pattern.test(pw);
};
</script>
<form>
<input type="text" name="pw"/><br><br>
<button type="button">검증</button>
</form>
<p id="msg"></p>* 나쁜 암호
123456
password
12345678
qwerty
12345
123456789
football
1234
1234567
baseball
welcome
1234567890
abc123
11111111
1qaz2wsx
dragon
master
monkey
letmein
login
princess
qwertyuiop
solo
passw0rd
starwars
--
TimeoutController.java
package secure.ch04.ex02.controller;
import javax.servlet.http.HttpSession;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@Controller
@RequestMapping("/ch04/ex02")
public class TimeoutController {
@RequestMapping("/main")
public void main(){}
@RequestMapping(value="/login", method=RequestMethod.GET)
public void login(){}
@RequestMapping(value="/login", method=RequestMethod.POST)
public String login(@ModelAttribute("userId") String userId, HttpSession session){
session.setAttribute("userId", userId);
session.setMaxInactiveInterval(10); //10초
return "redirect:main";
}
@RequestMapping(value="/logout")
public String logout(HttpSession session){
session.invalidate();
return "redirect:main";
}
@RequestMapping(value="/article")
public String article(HttpSession session){
String view = "";
String userId = (String)session.getAttribute("userId");
if(userId != null) view = "ch04/ex02/article";
else view = "redirect:login";
return view;
}
}/WEB-INF/views/ch04/ex02/main.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<p>
<c:choose>
<c:when test="${empty userId}">
<a href="login">로그인</a>
</c:when>
<c:otherwise>
${userId}님, 환영합니다.
<a href="logout">로그아웃</a>
</c:otherwise>
</c:choose>
</p>
<a href="article">기사 보기</a>/WEB-INF/views/ch04/ex02/login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<form method="post">
<input type="text" name="userId"><br>
<input type="password" name="userPw"><br><br>
<button type="submit">제출</button>
</form>/WEB-INF/views/ch04/ex02/article.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<a href="logout">로그아웃</a>
<p>기사</p>
<a href="main">메인으로</a>--
Tomcat의 web.xml 에 타임아웃 설정
<session-config>
<session-timeout>30</session-timeout>
</session-config>
LoginCntController.java
package secure.ch04.ex03.controller;
import javax.servlet.http.HttpSession;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@Controller
@RequestMapping("/ch04/ex03")
public class LoginCntController {
@RequestMapping(value="/login", method=RequestMethod.GET)
public void login(){}
@RequestMapping(value="/login", method=RequestMethod.POST)
public String login(String userId, HttpSession session, Model model){
String result = "";
if(userId.equals("id")) {
session.setAttribute("userId", userId);
result = "ch04/ex03/loginAfter";
}else {
int loginCnt = 1;
Object obj = session.getAttribute("loginCnt");
if(obj != null) loginCnt += (int)obj;
if(loginCnt > 3) result = "ch04/ex03/loginDeny";
else{
session.setAttribute("loginCnt", loginCnt);
result = "redirect:login";
}
}
return result;
}
@RequestMapping(value="/logout")
public String logout(HttpSession session){
session.invalidate();
return "redirect:login";
}
}/WEB-INF/views/ch04/ex03/login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<form method="post">
<input type="text" name="userId"><br>
<input type="password" name="userPw"><br><br>
<button type="submit">제출</button>
</form>
<c:if test="${!(empty sessionScope.loginCnt)}">
${sessionScope.loginCnt}회, 로그인 실패.
</c:if>/WEB-INF/views/ch04/ex03/loginAfter.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
${userId}님, 환영합니다. <br>
<a href="logout">로그아웃</a>/WEB-INF/views/ch04/ex03/loginDeny.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
계정 사용 차단
728x90
'SKILL > Security' 카테고리의 다른 글
| LETSENCRYPT 에서 SSL 인증서를 무료로 발급 받아 웹 서버에 적용하기 (0) | 2018.05.17 |
|---|---|
| SSL 보안 인증서 발급 - CSR 발급 (0) | 2018.05.17 |
| [SPRING] ch03. OS 명령어 (0) | 2017.09.21 |
| [SPRING] ch02. SQL Injection - 방어 (0) | 2017.09.21 |
| [SPRING] ch01.SQL Injection - 공격 (0) | 2017.09.21 |
댓글