CRSF(Cross Site Request Forgery)
ํฌ๋ก์ค ์ฌ์ดํธ ์์ฒญ ์ฌ๊ธฐ
์๋ ์ฌ์ดํธ์์ ๋ฐ์์ค์ง ์์ ์กฐ์ํ ์นํ์ด์ง๋ฅผ ์ฌ์ฉํ์ฌ ์์ฒญ
์์
์์ฒญ url์ ์๊ณ ์๋ชป๋ ์์ฒญ์ ๋ณด๋ด๋ ค ํ ์ ์๋ค.
CsrfTestConrtroller.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
@RequestMapping("csrf")
public class CsrfTestController
{
@GetMapping("/")
@ResponseBody
public String index()
{
return "CSRF TEST";
}
@GetMapping("/score")
public String score(Model model)
{
//int score = svc.getScore();
model.addAttribute("score", 75); //DB์์ ๊ฐ์ ธ์จ ์ ์๋ฅผ ๋ณด์ฌ์ค๋ค
return "thymeleaf/csrf/show_score";
}
@GetMapping("/save_score")
@ResponseBody
public String saveScore(@RequestParam("score") int score)
{
// DB์ ์ ์๋ฅผ ์ ์ฅํ๋ค
// svc.saveScore(score);
return "์ ์(" + score + ")๋ฅผ ์ ์ฅํ์ต๋๋ค";
}
}
|
cs |
show_score.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title></title>
<style type="text/css">
#score_panel { width:100px; border:3px double red; text-align: center;}
main{border:1px solid black; width:fit-content; padding:1em;}
</style>
<script src="https://code.jquery.com/jquery-3.6.3.min.js"
integrity="sha256-pvPw+upLPUjgMXY0G+8O0xUf+/Im1MZjXxxgOcBQBXU=" crossorigin="anonymous">
</script>
<script type="text/javascript">
var score = [[${score}]];
alert('ํ๋ํ ์ ์๋ '+ score +'์ ์
๋๋ค');
$(function(){ $('#score_panel').text(score+''); });
function add_score()
{
score += 1;
$('#score_panel').text(score+'');
}
function save_score()
{
location.href="/csrf/save_score?score="+score;
}
</script>
</head>
<body>
<h1>์ ์ ์ฌ๋ฆฌ๊ธฐ</h1>
<h3>์ ์๋ฅผ ์ฌ๋ฆฌ๋ ค๋ฉด ์๋์ ๋ฒํผ์ ๋๋ฌ ์ฃผ์ธ์</h3>
<main>
<p id="score_panel"></p>
<button type="button" onclick="add_score();">์ ์ ์ฌ๋ฆฌ๊ธฐ</button>
<p>
</main>
<p>
<button type="button" onclick="save_score();">ํ๋ํ ์ ์ ์ ์ฅํ๊ธฐ</button>
</body>
</html>
|
cs |
์คํ๊ฒฐ๊ณผ :
์๋ชป๋ ์์ฒญ์ ๋ณด๋ด๊ธฐ ์ํด ๋ง๋ html
csrf.html
์ ๊ฐ์ ์ฌ๊ธฐ ์์ฒญ์ ๋ง๊ธฐ ์ํด์ ์์ฒญ์ ํ ๋ ํ ํฐ์ ํจ๊ป ์ฃผ์ด ํ ํฐ์ด ์๋ ์์ฒญ์ ๋ฐ์์ค๊ณ
pom.xml ๋ณ๊ฒฝ
controller : post ๋ฐฉ์์ผ๋ก ๋ณ๊ฒฝ
show_score.html ์ ํ ๊ทผ ์ ์ก ๋ก์ง ์ถ๊ฐ
๋๊ธ