'개발자/spring' 카테고리의 글 목록

개발자/spring

[spring boot] SchedulerLock - 톰캣 스케줄러 중복 동작 방지 2021.08.26
XSS JSON 2021.06.16
spring lucy XSS 적용하기 2021.06.16

[spring boot] SchedulerLock - 톰캣 스케줄러 중복 동작 방지

2021. 8. 26. 10:08

pom.xml

<dependency>
<groupId>net.javacrumbs.shedlock</groupId>
<artifactId>shedlock-spring</artifactId>
<version>4.25.0</version>
</dependency>
<dependency>
<groupId>net.javacrumbs.shedlock</groupId>
<artifactId>shedlock-provider-jdbc-template</artifactId>
<version>4.25.0</version>
</dependency>

테이블 생성

CREATE TABLE shedlock ( name VARCHAR(64), lock_until TIMESTAMP(3) NULL, locked_at TIMESTAMP(3) NULL, locked_by VARCHAR(255), PRIMARY KEY (name) )

SchedulerConfiguration.java 생성

package com.test.abc.cmmn.config;

import net.javacrumbs.shedlock.core.LockProvider;
import net.javacrumbs.shedlock.provider.jdbctemplate.JdbcTemplateLockProvider;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.sql.DataSource;

@Configuration
public class SchedulerConfiguration {
    @Bean
    public LockProvider lockProvider(DataSource dataSource) {
        return new JdbcTemplateLockProvider(dataSource);
    }
}

AbcApplication 파일에 @EnableSchedulerLock(defaultLockAtMostFor = "10m") 추가

package com.test.abc;

import net.javacrumbs.shedlock.spring.annotation.EnableSchedulerLock;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
import org.springframework.context.annotation.Bean;
import org.springframework.scheduling.annotation.EnableScheduling;


@SpringBootApplication
@EnableScheduling
@EnableSchedulerLock(defaultLockAtMostFor = "10m")
public class AbcApplication extends SpringBootServletInitializer {

    public static void main(String[] args) {
        SpringApplication.run(AbcApplication.class, args);
    }

    @Override
    protected SpringApplicationBuilder configure(SpringApplicationBuilder builder) {
        return builder.sources(AbcApplication.class);
    }
    
}

TaskController
@SchedulerLock(name = "scheduledTaskName", lockAtMostFor = "14m", lockAtLeastFor = "14m")

@Scheduled(cron="0 */1 * * * *") 
@SchedulerLock(name = "scheduledTaskName", lockAtMostFor = "14m", lockAtLeastFor = "14m")
public void Schedule1() throws Exception {
   
   ( 스케줄러 내용 ...)
   
}

정상동작하게 되면 아래처럼 DB에 생성된 shedlock 테이블에 데이터가 들어갑니다.

저작자표시

'개발자 > spring' 카테고리의 다른 글

XSS JSON (0)	2021.06.16
spring lucy XSS 적용하기 (0)	2021.06.16

XSS JSON

2021. 6. 16. 14:48

HtmlEscapingObjectMapperFactory.java 생성

package com.abc.cmmn.web;

import org.apache.commons.lang3.StringEscapeUtils;
import org.springframework.beans.factory.FactoryBean;
import com.fasterxml.jackson.core.SerializableString;
import com.fasterxml.jackson.core.io.CharacterEscapes;
import com.fasterxml.jackson.core.io.SerializedString;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;

public class HtmlEscapingObjectMapperFactory implements FactoryBean<ObjectMapper> {

	private final ObjectMapper objectMapper;

	public HtmlEscapingObjectMapperFactory() {
		objectMapper = new ObjectMapper();
		objectMapper.getFactory().setCharacterEscapes(new HTMLCharacterEscapes());
		objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
	}

	@Override
	public ObjectMapper getObject() throws Exception {
		return objectMapper;
	}

	@Override
	public Class<?> getObjectType() {
		return ObjectMapper.class;
	}

	@Override
	public boolean isSingleton() {
		return true;
	}

	public static class HTMLCharacterEscapes extends CharacterEscapes {

		private static final long serialVersionUID = 1L;
		private final int[] asciiEscapes;

		public HTMLCharacterEscapes() {
			// start with set of characters known to require escaping (double-quote,
			// backslash etc)
			asciiEscapes = CharacterEscapes.standardAsciiEscapesForJSON();
			// and force escaping of a few others:
			asciiEscapes['<'] = CharacterEscapes.ESCAPE_CUSTOM;
			asciiEscapes['>'] = CharacterEscapes.ESCAPE_CUSTOM;
			asciiEscapes['&'] = CharacterEscapes.ESCAPE_CUSTOM;
			asciiEscapes['"'] = CharacterEscapes.ESCAPE_CUSTOM;
			asciiEscapes['\''] = CharacterEscapes.ESCAPE_CUSTOM;
		}

		@Override
		public int[] getEscapeCodesForAscii() {
			return asciiEscapes;
		}

		// and this for others; we don't need anything special here
		@Override
		public SerializableString getEscapeSequence(int ch) {
			return new SerializedString(StringEscapeUtils.escapeHtml4(Character.toString((char) ch)));
		}
	}
}

dispatcher-servlet.xml 에 bean 추가

<bean id="htmlEscapingObjectMapper" class="com.abc.cmmn.web.HtmlEscapingObjectMapperFactory" />
	<mvc:annotation-driven>
		<mvc:message-converters>
			<bean
				class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
				<property name="objectMapper"
					ref="htmlEscapingObjectMapper"></property>
			</bean>
		</mvc:message-converters>
	</mvc:annotation-driven>

저작자표시

'개발자 > spring' 카테고리의 다른 글

[spring boot] SchedulerLock - 톰캣 스케줄러 중복 동작 방지 (0)	2021.08.26
spring lucy XSS 적용하기 (0)	2021.06.16

spring lucy XSS 적용하기

2021. 6. 16. 14:42

pom.xml

		<dependency>
			<groupId>com.navercorp.lucy</groupId>
			<artifactId>lucy-xss-servlet</artifactId>
			<version>2.0.0</version>
		</dependency>

/resources 하위에 lucy-xss-servlet-filter-rule.xml 생성

<?xml version="1.0" encoding="UTF-8"?>
<config xmlns="http://www.navercorp.com/lucy-xss-servlet">
   <defenders>
       <!-- XssPreventer 등록 -->
       <defender>
           <name>xssPreventerDefender</name>
           <class>com.navercorp.lucy.security.xss.servletfilter.defender.XssPreventerDefender</class>
       </defender>
 
       <!-- XssSaxFilter 등록 -->
       <defender>
           <name>xssSaxFilterDefender</name>
           <class>com.navercorp.lucy.security.xss.servletfilter.defender.XssSaxFilterDefender</class>
           <init-param>
               <param-value>lucy-xss-sax.xml</param-value>   <!-- lucy-xss-filter의 sax용 설정파일 -->
               <param-value>false</param-value>        <!-- 필터링된 코멘트를 남길지 여부, 성능 효율상 false 추천 -->
           </init-param>
       </defender>
 
       <!-- XssFilter 등록 -->
       <defender>
           <name>xssFilterDefender</name>
           <class>com.navercorp.lucy.security.xss.servletfilter.defender.XssFilterDefender</class>
           <init-param>
               <param-value>lucy-xss.xml</param-value>    <!-- lucy-xss-filter의 dom용 설정파일 -->
               <param-value>false</param-value>         <!-- 필터링된 코멘트를 남길지 여부, 성능 효율상 false 추천 -->
           </init-param>
       </defender>
   </defenders>
 
    <!-- default defender 선언, 별다른 defender 선언이 없으면 default defender를 사용해 필터링 한다. -->
    <default>
        <defender>xssPreventerDefender</defender>
    </default>
 
    <!-- global 필터링 룰 선언 -->
    <global>
        <!-- 모든 url에서 들어오는 globalParameter 파라메터는 필터링 되지 않으며 
                또한 globalPrefixParameter로 시작하는 파라메터도 필터링 되지 않는다. -->
        <params>
            <param name="globalParameter" useDefender="false" />
            <param name="globalPrefixParameter" usePrefix="true" useDefender="false" />
        </params>
    </global>
 
    <!-- url 별 필터링 룰 선언 -->
    <url-rule-set>
       
       <!-- url disable이 true이면 지정한 url 내의 모든 파라메터는 필터링 되지 않는다. -->
       <url-rule>
           <url disable="true">/disableUrl1.do</url>
       </url-rule>
       
        <!-- url1 내의 url1Parameter는 필터링 되지 않으며 또한 url1PrefixParameter로 시작하는 파라메터도 필터링 되지 않는다. -->
        <!-- <url-rule>
            <url>[처리하는 url].do</url>
            <params>
                <param name="[파라미터명]" useDefender="false" />
            </params>
        </url-rule> -->
        
    </url-rule-set>
</config>

web.xml 에 encodingFilter 항목을 찾아서

 <filter-mapping> 
    <filter-name>encodingFilter</filter-name> 
    <url-pattern>*.do</url-pattern> 
  </filter-mapping>

다음에 추가해줌.

    <filter>
		<filter-name>multipartFilter</filter-name>
		<filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>multipartFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<filter> 
		<filter-name>xssEscapeServletFilter</filter-name> 
		<filter-class>com.navercorp.lucy.security.xss.servletfilter.XssEscapeServletFilter</filter-class> 
	</filter> 
	<filter-mapping> 
		<filter-name>xssEscapeServletFilter</filter-name> 
		<url-pattern>/*</url-pattern> 
	</filter-mapping>
  <filter>

tomcat 서버에서 server.xml 에 allowCasualMultipartParsing="true" 를 추가해줌.

 <Context docBase="ProjectName" path="/" allowCasualMultipartParsing="true" reloadable="true" source="org.eclipse.jst.jee.server:ProjectName"/></Host>

tomcat 서버 context.xml 에 추가하는 방식도 있다고 함.

<Context allowCasualMultipartParsing="true">

<Context allowCasualMultipartParsing="true" path="/">
    <WatchedResource>WEB-INF/web.xml</WatchedResource>			
    <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>	
</Context>

서버 재시작.

잘 안되서 프로젝트 클린 - 톰캣 클린 - 이클립스 재시작 하니까 됐다.

저작자표시

'개발자 > spring' 카테고리의 다른 글

[spring boot] SchedulerLock - 톰캣 스케줄러 중복 동작 방지 (0)	2021.08.26
XSS JSON (0)	2021.06.16

PREV 1 NEXT

힐쏘; 작은 분열