arahansa/XSSaop.java

## XSSaop.java
@Aspect
public class LucyAspect4BoardArticle{
	private static final Logger LOGGER = LoggerFactory.getLogger(LucyAspect4BoardArticle.class);

	//TODO 이 부분은 좀 더 세련되게 바꿔야한다.
	//@Pointcut("execution(* com.example.service.BoardArticleService.create(..))")
	private void profileTarget() {
		LOGGER.debug("컨트롤러 프로필 설정");
	}

	//@Around("profileTarget()")
	public Object aroundTargetMethod(ProceedingJoinPoint joinPoint) throws Throwable {
        Object object = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        LOGGER.debug("시큐리티홀더에서 얻은 유저 정보 {}" , object);
        if(!object.toString().equals("anonymousUser")){
            try{
                ExampleUserDetails details = (ExampleUserDetails)object;
                if (details.getUsername().equals("arahansa@naver.com")){
                    LOGGER.debug("관리자이므로 그냥 진행");
                    return getRetVal(joinPoint, true);
                }
            }catch(Exception e){
                return getRetVal(joinPoint, false);
            }
        }
		return getRetVal(joinPoint, false);
	}
    private Object getRetVal(ProceedingJoinPoint joinPoint, boolean isAdmin) throws Throwable {
        Object[] objects = joinPoint.getArgs();
        BoardArticle article = (BoardArticle) objects[0];
        String articleContent = article.getContent();
        if(!isAdmin){
            LOGGER.debug("루시 필터링 적용");
            XssFilter filter = XssFilter.getInstance("lucy-xss-superset.xml");
            article.setTitle(filter.doFilter(article.getTitle()));
            article.setContent(filter.doFilter(articleContent));
        }

        Document doc = Jsoup.parse(articleContent);
        LOGGER.debug("파싱 내용 :{}", doc.text());
        doc.select("iframe").remove();
        doc.select("script").remove();
        String docText = doc.text();
        LOGGER.debug("샘플 내용 :{}", doc.text());
        if (docText.length() >= 200){
            article.setSampleContent(docText.substring(0, 200));
        }else{
            article.setSampleContent(docText);
        }
        LOGGER.debug("샘플 내용 :{}", article.getSampleContent());
        Object retVal = joinPoint.proceed();
        return retVal;
    }


}
	@Aspect
	public class LucyAspect4BoardArticle{
	private static final Logger LOGGER = LoggerFactory.getLogger(LucyAspect4BoardArticle.class);

	//TODO 이 부분은 좀 더 세련되게 바꿔야한다.
	//@Pointcut("execution(* com.example.service.BoardArticleService.create(..))")
	private void profileTarget() {
	LOGGER.debug("컨트롤러 프로필 설정");
	}

	//@Around("profileTarget()")
	public Object aroundTargetMethod(ProceedingJoinPoint joinPoint) throws Throwable {
	Object object = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
	LOGGER.debug("시큐리티홀더에서 얻은 유저 정보 {}" , object);
	if(!object.toString().equals("anonymousUser")){
	try{
	ExampleUserDetails details = (ExampleUserDetails)object;
	if (details.getUsername().equals("arahansa@naver.com")){
	LOGGER.debug("관리자이므로 그냥 진행");
	return getRetVal(joinPoint, true);
	}
	}catch(Exception e){
	return getRetVal(joinPoint, false);
	}
	}
	return getRetVal(joinPoint, false);
	}
	private Object getRetVal(ProceedingJoinPoint joinPoint, boolean isAdmin) throws Throwable {
	Object[] objects = joinPoint.getArgs();
	BoardArticle article = (BoardArticle) objects[0];
	String articleContent = article.getContent();
	if(!isAdmin){
	LOGGER.debug("루시 필터링 적용");
	XssFilter filter = XssFilter.getInstance("lucy-xss-superset.xml");
	article.setTitle(filter.doFilter(article.getTitle()));
	article.setContent(filter.doFilter(articleContent));
	}

	Document doc = Jsoup.parse(articleContent);
	LOGGER.debug("파싱 내용 :{}", doc.text());
	doc.select("iframe").remove();
	doc.select("script").remove();
	String docText = doc.text();
	LOGGER.debug("샘플 내용 :{}", doc.text());
	if (docText.length() >= 200){
	article.setSampleContent(docText.substring(0, 200));
	}else{
	article.setSampleContent(docText);
	}
	LOGGER.debug("샘플 내용 :{}", article.getSampleContent());
	Object retVal = joinPoint.proceed();
	return retVal;
	}


	}