From 9155ad51ff978bbc6dfd942d93f4b1cd63cf789f Mon Sep 17 00:00:00 2001 From: "Yunsam.Eo" Date: Fri, 9 Jan 2026 14:41:24 +0900 Subject: [PATCH] =?UTF-8?q?Body=EA=B0=92=EC=9D=B4=20"",=20Null,=20"{}"=20?= =?UTF-8?q?=EC=9D=BC=20=EA=B2=BD=EC=9A=B0=EC=99=80=20Method=EA=B0=80=20GET?= =?UTF-8?q?/DELETE=EC=9D=BC=20=EA=B2=BD=EC=9A=B0=20signature-body=20?= =?UTF-8?q?=EA=B2=80=EC=A6=9D=20=EC=A0=9C=EC=99=B8(by=20=EC=9D=B4=EC=83=81?= =?UTF-8?q?=EC=9A=B1D)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../filter/HmacSha256VerifyFilterKjb.java | 21 +++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/src/main/java/com/eactive/eai/adapter/http/dynamic/filter/HmacSha256VerifyFilterKjb.java b/src/main/java/com/eactive/eai/adapter/http/dynamic/filter/HmacSha256VerifyFilterKjb.java index 4cd3bcf..4d73b4e 100644 --- a/src/main/java/com/eactive/eai/adapter/http/dynamic/filter/HmacSha256VerifyFilterKjb.java +++ b/src/main/java/com/eactive/eai/adapter/http/dynamic/filter/HmacSha256VerifyFilterKjb.java @@ -15,6 +15,7 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.http.HttpStatus; import org.apache.commons.lang3.StringUtils; +import com.eactive.eai.adapter.http.HttpMethodType; import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceKey; import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceSupport; import com.eactive.eai.authserver.service.OAuth2Manager; @@ -43,8 +44,7 @@ public class HmacSha256VerifyFilterKjb implements HttpAdapterFilter { String xObpSignatureUrl = request.getHeader("x-obp-signature-url"); String xObpSignatureBody = request.getHeader("x-obp-signature-body"); if (StringUtils.isBlank(xObpPartnercode) - || StringUtils.isBlank(xObpSignatureUrl) - || StringUtils.isBlank(xObpSignatureBody)) { + || StringUtils.isBlank(xObpSignatureUrl)) { throw new JwtAuthException( String.valueOf(HttpStatus.UNAUTHORIZED.value()), "Can not find mandatory Http Header"); @@ -67,10 +67,19 @@ public class HmacSha256VerifyFilterKjb implements HttpAdapterFilter { "Signature verifying failed : x-obp-signature-url"); } - if (!StringUtils.equals(xObpSignatureBody, macBody)) { - throw new JwtAuthException( - String.valueOf(HttpStatus.UNAUTHORIZED.value()), - "Signature verifying failed : x-obp-signature-body"); + switch (HttpMethodType.getValue(request.getMethod())) { + case GET: + case DELETE: + break; + default: + if (StringUtils.isNotBlank(inboundBody) && !StringUtils.equals("{}", inboundBody)) { + if (!StringUtils.equals(xObpSignatureBody, macBody)) { + throw new JwtAuthException( + String.valueOf(HttpStatus.UNAUTHORIZED.value()), + "Signature verifying failed : x-obp-signature-body"); + } + break; + } } } catch (JwtAuthException e) {