Update StatisticsRepository.java

Fix: Tomcat WAS 취약점 조치

README-en.md

@@ -96,25 +96,25 @@ This is the training source code for the Microservices Architecture (MSA) templa
     │      │  └─ingress
     │      └─portal
     │          └─ingress
-    ├─environments
+    └─environments
-    │  ├─configmaps
+        ├─configmaps
-    │  ├─databases
+        ├─databases
-    │  │  └─mysql
+        │  └─mysql
-    │  │      └─init
+        │      └─init
-    │  ├─jenkins
+        ├─jenkins
-    │  ├─logging
+        ├─logging
-    │  │  └─elk
+        │  └─elk
-    │  │      ├─elasticsearch
+        │      ├─elasticsearch
-    │  │      ├─kibana
+        │      ├─kibana
-    │  │      │  └─ingress
-    │  │      └─logstash
-    │  ├─nfs
-    │  ├─rabbitmq
         │      │  └─ingress
-    │  ├─vagrant
+        │      └─logstash
-    │  └─zipkin
+        ├─nfs
+        ├─rabbitmq
         │  └─ingress
-    └─storage
+        ├─storage
+        ├─vagrant
+        └─zipkin
+            └─ingress
 ```
 
 ### Contents

README.md

@@ -96,25 +96,25 @@
     │      │  └─ingress
     │      └─portal
     │          └─ingress
-    ├─environments
+    └─environments
-    │  ├─configmaps
+        ├─configmaps
-    │  ├─databases
+        ├─databases
-    │  │  └─mysql
+        │  └─mysql
-    │  │      └─init
+        │      └─init
-    │  ├─jenkins
+        ├─jenkins
-    │  ├─logging
+        ├─logging
-    │  │  └─elk
+        │  └─elk
-    │  │      ├─elasticsearch
+        │      ├─elasticsearch
-    │  │      ├─kibana
+        │      ├─kibana
-    │  │      │  └─ingress
-    │  │      └─logstash
-    │  ├─nfs
-    │  ├─rabbitmq
         │      │  └─ingress
-    │  ├─vagrant
+        │      └─logstash
-    │  └─zipkin
+        ├─nfs
+        ├─rabbitmq
         │  └─ingress
-    └─storage
+        ├─storage
+        ├─vagrant
+        └─zipkin
+            └─ingress
 ```
 
 ### 디렉토리 설명

backend/config/config/application.yml

@@ -0,0 +1,38 @@
+# 2시간(7,200,000), 1일(86,400,000) jwt token
+token:
+  expiration_time: 7200000
+  refresh_time: 86400000
+  secret: 'token_secret'
+
+eureka:
+  instance:
+    instance-id: ${spring.application.name}:${spring.application.instance_id:${random.value}} # random port 사용시 eureka server에 인스턴스가 각각 표시되지 않는다
+    preferIpAddress: true # 서비스간 통신 시 hostname 보다 ip 를 우선
+  client:
+    register-with-eureka: true # eureka 서버에 등록
+    fetch-registry: true # 외부 검색 가능
+    service-url:
+      defaultZone: http://admin:admin@${eureka.instance.hostname:localhost}:8761/eureka
+
+# file attach location - messages{lang}.properties 도 이 경로에 위치한다.
+file:
+  directory: ${app.home:${user.home}}/msa-attach-volume # url 사용시에는 사용되지 않는다
+  url: http://${file.hostname:localhost}:8080 # nginx 로 파일 다운로드 처리
+messages:
+  directory: ${file.directory}/messages
+
+apigateway:
+  host: http://${apigateway.hostname:localhost}:${server.port}
+
+# rabbitmq server
+spring:
+  rabbitmq:
+    host: ${rabbitmq.hostname:localhost}
+    port: 5672
+    username: guest
+    password: guest
+  zipkin:
+    base-url: http://${zipkin.hostname:localhost}:${zipkin.port:9411}
+
+egov:
+  message: hello

backend/config/config/board-service-test.yml

@@ -0,0 +1,46 @@
+spring:
+  application:
+    name: board-service
+
+  datasource:
+    url: jdbc:h2:mem:testdb;MODE=MYSQL;DB_CLOSE_DELAY=-1;DATABASE_TO_UPPER=false
+    username: sa
+    password: 
+    driver-class-name: org.h2.Driver
+  jpa:
+#    database-platform: org.hibernate.dialect.MySQL5InnoDBDialect
+    hibernate:
+      generate-ddl: true
+      ddl-auto: create-drop
+#      dialect: org.hibernate.dialect.MySQL5InnoDBDialect
+    properties:
+      hibernate:
+        format_sql: true
+        default_batch_fetch_size: 1000 # 1:N 관계를 해결하기 위해 필요
+    show-sql: true
+  h2:
+    console:
+      enabled: true
+      path: /h2
+
+  logging.level:
+    org.hibernate.SQL: debug
+
+file:
+  directory: ${user.home}/msa-attach-volume
+messages:
+  directory: ${file.directory}/messages
+
+# jwt token
+token:
+  secret: egovframe_user_token
+
+# ftp server
+ftp:
+  enabled: false # ftp 사용 여부, FTP 서버에 최상위 디렉토리 자동 생성 및 구현체를 결정하게 된다.
+
+# eureka 가 포함되면 eureka server 도 등록되므로 해제한다.
+eureka:
+  client:
+    register-with-eureka: false
+    fetch-registry: false

backend/config/config/board-service.yml

@@ -0,0 +1,15 @@
+database:
+  url: jdbc:mysql://${mysql.hostname:localhost}:3306/msaportal
+
+spring:
+  datasource:
+    url: ${database.url}?serverTimezone=Asia/Seoul
+    username: msaportal
+    password: msaportal
+    driver-class-name: com.mysql.cj.jdbc.Driver
+  cloud:
+    stream:
+      bindings:
+        attachmentEntity-out-0: # 첨부파일 entity 정보 업데이트 하기 위한 이벤트
+          destination: attachment-entity.topic # queue name
+          group: attachment

backend/config/config/portal-service-test.yml

@@ -0,0 +1,44 @@
+spring:
+  application:
+    name: portal-service
+
+  datasource:
+    url: jdbc:h2:mem:testdb;MODE=MYSQL;DB_CLOSE_DELAY=-1;DATABASE_TO_UPPER=false
+    username: sa
+    password: 
+    driver-class-name: org.h2.Driver
+  jpa:
+    hibernate:
+      generate-ddl: true
+      ddl-auto: create-drop
+    properties:
+      hibernate:
+        format_sql: true
+        default_batch_fetch_size: 1000 # 1:N 관계를 해결하기 위해 필요
+    show-sql: true
+  h2:
+    console:
+      enabled: true
+      path: /h2
+
+  logging.level:
+    org.hibernate.SQL: debug
+
+file:
+  directory: ${user.home}/msa-attach-volume
+messages:
+  directory: ${file.directory}/messages
+
+# jwt token
+token:
+  secret: egovframe_user_token
+
+# ftp server
+ftp:
+  enabled: false # ftp 사용 여부, FTP 서버에 최상위 디렉토리 자동 생성 및 구현체를 결정하게 된다.
+
+# eureka 가 포함되면 eureka server 도 등록되므로 해제한다.
+eureka:
+  client:
+    register-with-eureka: false
+    fetch-registry: false

backend/config/config/portal-service.yml

@@ -0,0 +1,33 @@
+database:
+  url: jdbc:mysql://${mysql.hostname:localhost}:3306/msaportal
+
+spring:
+  datasource:
+    url: ${database.url}?serverTimezone=Asia/Seoul
+    username: msaportal
+    password: msaportal
+    driver-class-name: com.mysql.cj.jdbc.Driver
+  cloud:
+    bus:
+      destination: springCloudBus
+    stream:
+      function:
+        definition: attachmentEntity;busConsumer # 첨부파일 entity 정보 업데이트 하기 위한 이벤트에 대한 consumer function & springcloudbus consumer function
+      bindings:
+        busConsumer-in-0:
+          destination: ${spring.cloud.bus.destination}
+        attachmentEntity-in-0: # 첨부파일 entity 정보 업데이트 하기 위한 이벤트
+          destination: attachment-entity.topic # queue name
+          group: attachment
+        attachmentEntity-out-0: # 첨부파일 entity 정보 업데이트 하기 위한 이벤트
+          destination: attachment-entity.topic # queue name
+          group: attachment
+
+# ftp server
+ftp:
+  hostname: 'ftp_server_hostname'
+  username: 'ftp_server_username'
+  password: 'ftp_server_password'
+  port: 21
+  directory: /mnt
+  enabled: false # ftp 사용 여부, FTP 서버에 최상위 디렉토리 자동 생성 및 구현체를 결정하게 된다.

backend/config/config/reserve-check-service-test.yml

@@ -0,0 +1,46 @@
+spring:
+  application:
+    name: reserve-check-service
+
+  datasource:
+    url: jdbc:h2:mem:testdb;MODE=MYSQL;DB_CLOSE_DELAY=-1;DATABASE_TO_UPPER=false
+    username: sa
+    password: 
+    driver-class-name: org.h2.Driver
+  jpa:
+#    database-platform: org.hibernate.dialect.MySQL5InnoDBDialect
+    hibernate:
+      generate-ddl: true
+      ddl-auto: create-drop
+#      dialect: org.hibernate.dialect.MySQL5InnoDBDialect
+    properties:
+      hibernate:
+        format_sql: true
+        default_batch_fetch_size: 1000 # 1:N 관계를 해결하기 위해 필요
+    show-sql: true
+  h2:
+    console:
+      enabled: true
+      path: /h2
+
+  logging.level:
+    org.hibernate.SQL: debug
+
+file:
+  directory: ${user.home}/msa-attach-volume
+messages:
+  directory: ${file.directory}/messages
+
+# jwt token
+token:
+  secret: egovframe_user_token
+
+# ftp server
+ftp:
+  enabled: false # ftp 사용 여부, FTP 서버에 최상위 디렉토리 자동 생성 및 구현체를 결정하게 된다.
+
+# eureka 가 포함되면 eureka server 도 등록되므로 해제한다.
+eureka:
+  client:
+    register-with-eureka: false
+    fetch-registry: false

backend/config/config/reserve-check-service.yml

@@ -0,0 +1,11 @@
+spring:
+  r2dbc:
+    url: r2dbc:mysql://${mysql.hostname:localhost}:3306/reservation?serverTimezone=Asia/Seoul
+    username: msaportal
+    password: msaportal
+  cloud:
+    stream:
+      bindings:
+        attachmentEntity-out-0: # 첨부파일 entity 정보 업데이트 하기 위한 이벤트
+          destination: attachment-entity.topic # queue name
+          group: attachment

backend/config/config/reserve-item-service-test.yml

@@ -0,0 +1,46 @@
+spring:
+  application:
+    name: reserve-item-service
+
+  datasource:
+    url: jdbc:h2:mem:testdb;MODE=MYSQL;DB_CLOSE_DELAY=-1;DATABASE_TO_UPPER=false
+    username: sa
+    password: 
+    driver-class-name: org.h2.Driver
+  jpa:
+#    database-platform: org.hibernate.dialect.MySQL5InnoDBDialect
+    hibernate:
+      generate-ddl: true
+      ddl-auto: create-drop
+#      dialect: org.hibernate.dialect.MySQL5InnoDBDialect
+    properties:
+      hibernate:
+        format_sql: true
+        default_batch_fetch_size: 1000 # 1:N 관계를 해결하기 위해 필요
+    show-sql: true
+  h2:
+    console:
+      enabled: true
+      path: /h2
+
+  logging.level:
+    org.hibernate.SQL: debug
+
+file:
+  directory: ${user.home}/msa-attach-volume
+messages:
+  directory: ${file.directory}/messages
+
+# jwt token
+token:
+  secret: egovframe_user_token
+
+# ftp server
+ftp:
+  enabled: false # ftp 사용 여부, FTP 서버에 최상위 디렉토리 자동 생성 및 구현체를 결정하게 된다.
+
+# eureka 가 포함되면 eureka server 도 등록되므로 해제한다.
+eureka:
+  client:
+    register-with-eureka: false
+    fetch-registry: false

backend/config/config/reserve-item-service.yml

@@ -0,0 +1,20 @@
+spring:
+  r2dbc:
+    url: r2dbc:mysql://${mysql.hostname:localhost}:3306/msaportal?serverTimezone=Asia/Seoul
+    username: msaportal
+    password: msaportal
+  cloud:
+    bus:
+      destination: springCloudBus
+    stream:
+      function:
+        definition: reserveRequest;busConsumer # 예약 요청후 물품 재고업데이트 이벤트에 대한 consumer function & springcloudbus consumer function
+      bindings:
+        busConsumer-in-0:
+          destination: ${spring.cloud.bus.destination}
+        reserveRequest-in-0: # 예약 요청후 물품 재고업데이트 이벤트에 대한 consumer binding
+          destination: reserve-request.topic # queue name
+          group: reserved
+        inventoryUpdated-out-0: # 예약 요청후 물품 재고업데이트 결과에 이벤트에 대한 supplier binding
+          destination: inventory-updated.topic # queue name
+          group: reserved

backend/config/config/reserve-request-service-test.yml

@@ -0,0 +1,46 @@
+spring:
+  application:
+    name: reserve-request-service
+
+  datasource:
+    url: jdbc:h2:mem:testdb;MODE=MYSQL;DB_CLOSE_DELAY=-1;DATABASE_TO_UPPER=false
+    username: sa
+    password: 
+    driver-class-name: org.h2.Driver
+  jpa:
+#    database-platform: org.hibernate.dialect.MySQL5InnoDBDialect
+    hibernate:
+      generate-ddl: true
+      ddl-auto: create-drop
+#      dialect: org.hibernate.dialect.MySQL5InnoDBDialect
+    properties:
+      hibernate:
+        format_sql: true
+        default_batch_fetch_size: 1000 # 1:N 관계를 해결하기 위해 필요
+    show-sql: true
+  h2:
+    console:
+      enabled: true
+      path: /h2
+
+  logging.level:
+    org.hibernate.SQL: debug
+
+file:
+  directory: ${user.home}/msa-attach-volume
+messages:
+  directory: ${file.directory}/messages
+
+# jwt token
+token:
+  secret: egovframe_user_token
+
+# ftp server
+ftp:
+  enabled: false # ftp 사용 여부, FTP 서버에 최상위 디렉토리 자동 생성 및 구현체를 결정하게 된다.
+
+# eureka 가 포함되면 eureka server 도 등록되므로 해제한다.
+eureka:
+  client:
+    register-with-eureka: false
+    fetch-registry: false

backend/config/config/reserve-request-service.yml

@@ -0,0 +1,20 @@
+spring:
+  r2dbc:
+    url: r2dbc:mysql://${mysql.hostname:localhost}:3306/reservation?serverTimezone=Asia/Seoul
+    username: msaportal
+    password: msaportal
+  cloud:
+    bus:
+      destination: springCloudBus
+    stream:
+      function:
+        definition: inventoryUpdated;busConsumer # 예약 요청후 물품 재고업데이트 결과에 이벤트에 대한 consumer function & springcloudbus consumer function
+      bindings:
+        busConsumer-in-0:
+          destination: ${spring.cloud.bus.destination}
+        reserveRequest-out-0: # 예약 요청후 물품 재고업데이트 이벤트에 대한 supplier binding
+          destination: reserve-request.topic # queue name
+          group: reserved
+        inventoryUpdated-in-0: # 예약 요청후 물품 재고업데이트 결과에 이벤트에 대한 consumer binding
+          destination: inventory-updated.topic # queue name
+          group: reserved

backend/config/config/user-service-test.yml

@@ -0,0 +1,107 @@
+spring:
+  application:
+    name: user-service
+
+  datasource:
+    url: jdbc:h2:mem:testdb;MODE=MYSQL;DB_CLOSE_DELAY=-1;DATABASE_TO_UPPER=false
+    username: sa
+    password: 
+    driver-class-name: org.h2.Driver
+    initialization-mode: always
+#    schema: classpath:h2/schema.sql
+    data: classpath:h2/data.sql
+  jpa:
+    hibernate:
+      generate-ddl: true
+      ddl-auto: create-drop
+      dialect: org.hibernate.dialect.MySQL5Dialect
+    properties:
+      hibernate:
+        format_sql: true
+        default_batch_fetch_size: 1000 # 1:N 관계를 해결하기 위해 필요
+    show-sql: true
+  h2:
+    console:
+      enabled: true
+      path: /h2
+  cache:
+    jcache:
+      config: classpath:ehcache.xml
+  mail: # 비밀번호 변경 이메일 발송
+    host: smtp.gmail.com # smtp host
+    port: 587 # smtp port
+    username: email_username # 계정
+    password: 'email_password' # 비밀번호 - 구글 보안 2단계 인증 해제, 보안 수준이 낮은 앱의 액세스 허용(https://myaccount.google.com/lesssecureapps)
+    properties:
+      mail:
+        smtp:
+          auth: true
+          starttls:
+            enable: true
+            required: true
+  security:
+    # oauth2 를 사용하려면 아래 google, naver, kakao 의 client-id, client-secret 을 발급받아야 한다.
+    oauth2:
+      client:
+        registration:
+          # /oauth2/authorization/google
+          google:
+            client-id: google_client_id # TODO
+            client-secret: google_client_secret # TODO
+            scope: profile,email
+          # 네이버는 Spring Security를 공식 지원하지 않기 때문에 CommonOAuth2Provider 에서 해주는 값들을 수동으로 입력한다.
+          # /oauth2/authorization/naver
+          naver:
+            client-id: naver_client_id # TODO
+            client-secret: naver_client_secret # TODO
+            redirect_uri: "{baseUrl}/{action}/oauth2/code/{registrationId}"
+            authorization_grant_type: authorization_code
+            scope: name,email,profile_image
+            client-name: Naver
+          # /oauth2/authorization/kakao
+          kakao:
+            client-id: kakao_client_id # TODO
+            client-secret: kakao_client_secret # TODO
+            redirect-uri: "{baseUrl}/{action}/oauth2/code/{registrationId}"
+            client-authentication-method: POST
+            authorization-grant-type: authorization_code
+            scope: profile_nickname, account_email
+            client-name: Kakao
+        provider:
+          naver:
+            authorization_uri: https://nid.naver.com/oauth2.0/authorize
+            token_uri: https://nid.naver.com/oauth2.0/token
+            user-info-uri: https://openapi.naver.com/v1/nid/me
+            # 기준이 되는 user_name 의 이름을 네이버에서는 response로 지정해야한다. (네이버 회원 조회시 반환되는 JSON 형태 때문이다)
+            # response를 user_name으로 지정하고 이후 자바 코드로 response의 id를 user_name으로 지정한다. (스프링 시큐리티에서 하위 필드를 명시할 수 없기 때문)
+            user_name_attribute: response
+          kakao:
+            authorization_uri: https://kauth.kakao.com/oauth/authorize
+            token_uri: https://kauth.kakao.com/oauth/token
+            user-info-uri: https://kapi.kakao.com/v2/user/me
+            user_name_attribute: id
+
+  logging.level:
+    org.hibernate.SQL: debug
+    org.hibernate.type: trace
+
+file:
+  directory: ${user.home}/msa-attach-volume
+messages:
+  directory: ${file.directory}/messages
+
+# jwt token
+token:
+  expiration_time: 7200000
+  refresh_time: 86400000
+  secret: egovframe_token_secret
+
+# ftp server
+ftp:
+  enabled: false # ftp 사용 여부, FTP 서버에 최상위 디렉토리 자동 생성 및 구현체를 결정하게 된다.
+
+# eureka 가 포함되면 eureka server 도 등록되므로 해제한다.
+eureka:
+  client:
+    register-with-eureka: false
+    fetch-registry: false

backend/config/config/user-service.yml

@@ -0,0 +1,21 @@
+database:
+  url: jdbc:mysql://${mysql.hostname:localhost}:3306/msaportal
+
+spring:
+  datasource:
+    url: ${database.url}?serverTimezone=Asia/Seoul
+    username: msaportal
+    password: msaportal
+    driver-class-name: com.mysql.cj.jdbc.Driver
+  mail: # 비밀번호 변경 이메일 발송
+    host: smtp.gmail.com # smtp host
+    port: 587 # smtp port
+    username: email_username # 계정
+    password: 'email_password' # 비밀번호 - 구글 보안 2단계 인증 해제, 보안 수준이 낮은 앱의 액세스 허용(https://myaccount.google.com/lesssecureapps)
+    properties:
+      mail:
+        smtp:
+          auth: true
+          starttls:
+            enable: true
+            required: true

k8s/environments/storage/pvc-egovcp.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: backend-pvc
+  labels:
+    env: production
+    tier: backend
+    app: pvc
+    name: backend-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: cinder

k8s/environments/storage/pvc-nfs.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: backend-pvc
+  labels:
+    env: production
+    tier: backend
+    app: pvc
+    name: backend-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: nfs