Fix rest auth. Review filters.

2025-03-13 08:41:41 +01:00 · 2024-01-15 07:59:04 -08:00 · 2024-01-15 07:59:04 -08:00 · 03a6c0ef8b
commit 03a6c0ef8b
parent 2f32ef66e9
8 changed files with 74 additions and 86 deletions
--- a/wise-webapp/src/main/java/com/wisemapping/config/Application.java
+++ b/wise-webapp/src/main/java/com/wisemapping/config/Application.java
@ -2,7 +2,7 @@ package com.wisemapping.config;

 import com.wisemapping.config.mvc.MvcAppConfig;
 import com.wisemapping.config.mvc.MvcSecurityConfig;
-import com.wisemapping.config.mvc.ServletConfig;
+import com.wisemapping.config.rest.ServletConfig;
 import com.wisemapping.config.rest.RestAppConfig;
 import org.springframework.boot.WebApplicationType;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
@ -13,20 +13,15 @@ import org.springframework.context.annotation.ImportResource;
 import org.springframework.security.web.firewall.StrictHttpFirewall;

@SpringBootApplication
-@ImportResource(value = {"classpath:spring/wisemapping-service.xml"})
-@ComponentScan({"com.wisemapping.security", "com.wisemapping.service", "com.wisemapping.dao", "com.wisemapping.util", "com.wisemapping.model"})
 public class Application {

    public static void main(String[] args) {

        new SpringApplicationBuilder()
-                .parent(Application.class, MethodSecurityConfig.class, HibernateConfig.class).web(WebApplicationType.NONE)
-                .child(MvcAppConfig.class, MvcSecurityConfig.class, ServletConfig.class).web(WebApplicationType.SERVLET)
-                .sibling(RestAppConfig.class).web(WebApplicationType.SERVLET)
+                .parent(MethodSecurityConfig.class, HibernateConfig.class).web(WebApplicationType.NONE)
+//                .child(MvcAppConfig.class, MvcSecurityConfig.class).web(WebApplicationType.SERVLET)
+                .child(RestAppConfig.class, ServletConfig.class).web(WebApplicationType.SERVLET)
                .run(args);
-
-//        new SpringApplicationBuilder(Application.class, MethodSecurityConfig.class,MvcAppConfig.class, MvcSecurityConfig.class, HibernateConfig.class, ServletConfig.class).web(WebApplicationType.SERVLET).run(args);
-
    }

    @Bean
--- a/wise-webapp/src/main/java/com/wisemapping/config/MethodSecurityConfig.java
+++ b/wise-webapp/src/main/java/com/wisemapping/config/MethodSecurityConfig.java
@ -5,7 +5,9 @@ import com.wisemapping.security.ReadSecurityAdvise;
 import com.wisemapping.security.UpdateSecurityAdvise;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.ImportResource;
 import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
 import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
@ -14,6 +16,8 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
@EnableMethodSecurity(
        securedEnabled = true,
        jsr250Enabled = true)
+@ImportResource(value = {"classpath:spring/wisemapping-service.xml"})
+@ComponentScan({"com.wisemapping.security", "com.wisemapping.service", "com.wisemapping.dao", "com.wisemapping.util", "com.wisemapping.model"})
 public class MethodSecurityConfig  {

    @Autowired
--- a/wise-webapp/src/main/java/com/wisemapping/config/rest/RestAppConfig.java
+++ b/wise-webapp/src/main/java/com/wisemapping/config/rest/RestAppConfig.java
@ -4,7 +4,10 @@ import org.jetbrains.annotations.NotNull;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.ImportResource;
 import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@ -13,32 +16,43 @@ import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
 import org.springframework.web.servlet.handler.HandlerMappingIntrospector;

+import static org.springframework.security.config.Customizer.withDefaults;
+

@SpringBootApplication
@EnableWebSecurity
-@ComponentScan("com.wisemapping.rest")
+@ImportResource(value = {"classpath:spring/wisemapping-service.xml"})
+@ComponentScan({"com.wisemapping.rest"})
 public class RestAppConfig {
    @Bean
    @Order(2)
    SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
-        final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector).servletPath("/service");
-        return http
-                .securityMatchers((matchers) ->
-                        matchers.requestMatchers(matcher.pattern(("/**"))))
-                .authorizeHttpRequests(auth ->
-                        auth
-                                .requestMatchers(matcher.pattern("/users/")).permitAll()
-                                .requestMatchers(matcher.pattern("/users/resetPassword")).permitAll()
-                                .requestMatchers(matcher.pattern("/oauth2/googlecallback")).permitAll()
-                                .requestMatchers(matcher.pattern("/oauth2/confirmaccountsync")).permitAll()
-                                .requestMatchers(matcher.pattern("/admin/**")).hasAnyRole("ADMIN")
-                                .requestMatchers(matcher.pattern("/**")).hasAnyRole("USER", "ADMIN")
-                )
-                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-                .httpBasic(httpBasic -> {
-                })
-                .csrf(AbstractHttpConfigurer::disable)
-                .build();
+//        final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector).servletPath("**");
+//        return http
+//                .securityMatchers((matchers) ->
+//                        matchers.requestMatchers(matcher.pattern(("/**"))))
+//                .authorizeHttpRequests(auth -> auth
+//                        .requestMatchers(matcher.pattern("api/restfull/users/")).permitAll()
+//                        .requestMatchers(matcher.pattern("api/restfull/users/resetPassword")).permitAll()
+//                        .requestMatchers(matcher.pattern("api/restfull/oauth2/googlecallback")).permitAll()
+//                        .requestMatchers(matcher.pattern("api/restfull/oauth2/confirmaccountsync")).permitAll()
+//                        .requestMatchers(matcher.pattern("api/restfull/admin/**")).hasAnyRole("ADMIN")
+//                        .requestMatchers(matcher.pattern("/**"))
+//                        .authenticated()
+////                        .hasAnyRole("USER", "ADMIN")
+//                )
+//                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+//                .httpBasic(withDefaults())
+//                .csrf(AbstractHttpConfigurer::disable)
+//                .build();
+
+        http.csrf().disable()
+                .authorizeHttpRequests()
+                .anyRequest()
+                .authenticated()
+                .and()
+                .httpBasic(withDefaults());
+        return http.build();
    }

 }
--- a/wise-webapp/src/main/java/com/wisemapping/config/rest/ServletConfig.java
+++ b/wise-webapp/src/main/java/com/wisemapping/config/rest/ServletConfig.java
@ -1,4 +1,4 @@
-package com.wisemapping.config.mvc;
+package com.wisemapping.config.rest;

 import org.springframework.boot.web.server.WebServerFactoryCustomizer;
 import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
--- a/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java
+++ b/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java
@ -24,6 +24,7 @@ import com.wisemapping.rest.model.*;
 import com.wisemapping.security.Utils;
 import com.wisemapping.service.*;
 import com.wisemapping.validator.MapInfoValidator;
+import jakarta.servlet.http.HttpServletResponse;
 import org.apache.commons.validator.routines.EmailValidator;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@ -34,15 +35,12 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.stereotype.Controller;
 import org.springframework.transaction.annotation.Propagation;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.validation.BeanPropertyBindingResult;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;

-import jakarta.servlet.http.HttpServletResponse;
-
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.util.*;
@ -73,7 +71,7 @@ public class MindmapController extends BaseController {


    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.GET, value = "/maps/{id}", produces = {"application/json"})
+        @RequestMapping(method = RequestMethod.GET, value = "api/restfull/maps/{id}", produces = {"application/json"})
    @ResponseBody
    public RestMindmap retrieve(@PathVariable int id) throws WiseMappingException {
        final User user = Utils.getUser();
@ -82,7 +80,7 @@ public class MindmapController extends BaseController {
    }

    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.GET, value = "/maps/", produces = {"application/json"})
+    @RequestMapping(method = RequestMethod.GET, value = "api/restfull/maps/", produces = {"application/json"})
    public RestMindmapList retrieveList(@RequestParam(required = false) String q) {
        final User user = Utils.getUser();

@ -96,7 +94,7 @@ public class MindmapController extends BaseController {
    }

    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.GET, value = "/maps/{id}/history/", produces = {"application/json"})
+    @RequestMapping(method = RequestMethod.GET, value = "api/restfull/maps/{id}/history/", produces = {"application/json"})
    public RestMindmapHistoryList fetchHistory(@PathVariable int id) {
        final List<MindMapHistory> histories = mindmapService.findMindmapHistory(id);
        final RestMindmapHistoryList result = new RestMindmapHistoryList();
@ -106,7 +104,7 @@ public class MindmapController extends BaseController {
        return result;
    }

-    @RequestMapping(method = RequestMethod.PUT, value = "/maps/{id}/document", consumes = {"application/json"}, produces = {"application/json"})
+    @RequestMapping(method = RequestMethod.PUT, value = "api/restfull/maps/{id}/document", consumes = {"application/json"}, produces = {"application/json"})
    @ResponseStatus(value = HttpStatus.NO_CONTENT)
    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")

@ -138,7 +136,7 @@ public class MindmapController extends BaseController {
    }

    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(value = "/maps/{id}/history/{hid}", method = RequestMethod.POST)
+    @RequestMapping(value = "api/restfull/maps/{id}/history/{hid}", method = RequestMethod.POST)
    @ResponseStatus(value = HttpStatus.NO_CONTENT)
    public void updateRevertMindmap(@PathVariable int id, @PathVariable String hid) throws WiseMappingException, IOException {
        final Mindmap mindmap = findMindmapById(id);
@ -158,7 +156,7 @@ public class MindmapController extends BaseController {
    }

    @PreAuthorize("permitAll()")
-    @RequestMapping(method = RequestMethod.GET, value = {"/maps/{id}/document/xml", "/maps/{id}/document/xml-pub"}, consumes = {"text/plain"}, produces = {"application/xml; charset=UTF-8"})
+    @RequestMapping(method = RequestMethod.GET, value = {"api/restfull/maps/{id}/document/xml", "api/restfull/maps/{id}/document/xml-pub"}, consumes = {"text/plain"}, produces = {"application/xml; charset=UTF-8"})
    @ResponseBody
    public byte[] retrieveDocument(@PathVariable int id, @NotNull HttpServletResponse response) throws WiseMappingException, IOException {
        final Mindmap mindmap = findMindmapById(id);
@ -168,7 +166,7 @@ public class MindmapController extends BaseController {
    }

    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.PUT, value = {"/maps/{id}/document/xml"}, consumes = {"text/plain"})
+    @RequestMapping(method = RequestMethod.PUT, value = {"api/restfull/maps/{id}/document/xml"}, consumes = {"text/plain"})
    @ResponseBody
    public void updateDocument(@PathVariable int id, @RequestBody String xmlDoc) throws WiseMappingException, IOException {
        final Mindmap mindmap = findMindmapById(id);
@ -180,7 +178,7 @@ public class MindmapController extends BaseController {


    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.GET, value = {"/maps/{id}/{hid}/document/xml"}, consumes = {"text/plain"}, produces = {"application/xml; charset=UTF-8"})
+    @RequestMapping(method = RequestMethod.GET, value = {"api/restfull/maps/{id}/{hid}/document/xml"}, consumes = {"text/plain"}, produces = {"application/xml; charset=UTF-8"})
    @ResponseBody
    public byte[] retrieveDocument(@PathVariable int id, @PathVariable int hid, @NotNull HttpServletResponse response) throws WiseMappingException, IOException {
        final MindMapHistory mindmapHistory = mindmapService.findMindmapHistory(id, hid);
@ -192,7 +190,7 @@ public class MindmapController extends BaseController {
     * The intention of this method is the update of several properties at once ...
     */
    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.PUT, value = "/maps/{id}", consumes = {"application/json"}, produces = {"application/json"})
+    @RequestMapping(method = RequestMethod.PUT, value = "api/restfull/maps/{id}", consumes = {"application/json"}, produces = {"application/json"})
    @ResponseStatus(value = HttpStatus.NO_CONTENT)
    public void updateProperties(@RequestBody RestMindmap restMindmap, @PathVariable int id, @RequestParam(required = false) boolean minor) throws IOException, WiseMappingException {

@ -247,7 +245,7 @@ public class MindmapController extends BaseController {
    }

    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.PUT, value = "/maps/{id}/title", consumes = {"text/plain"}, produces = {"application/json"})
+    @RequestMapping(method = RequestMethod.PUT, value = "api/restfull/maps/{id}/title", consumes = {"text/plain"}, produces = {"application/json"})
    @ResponseStatus(value = HttpStatus.NO_CONTENT)
    public void updateTitle(@RequestBody String title, @PathVariable int id) throws WiseMappingException {

@ -266,7 +264,7 @@ public class MindmapController extends BaseController {
    }

    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.POST, value = "/maps/{id}/collabs/", consumes = {"application/json"}, produces = {"application/json"})
+    @RequestMapping(method = RequestMethod.POST, value = "api/restfull/maps/{id}/collabs/", consumes = {"application/json"}, produces = {"application/json"})
    @ResponseStatus(value = HttpStatus.NO_CONTENT)
    public void updateCollabs(@PathVariable int id, @NotNull @RequestBody RestCollaborationList restCollabs) throws CollaborationException, MapCouldNotFoundException, AccessDeniedSecurityException, InvalidEmailException, TooManyInactiveAccountsExceptions {
        final Mindmap mindMap = findMindmapById(id);
@ -316,7 +314,7 @@ public class MindmapController extends BaseController {
    }

    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.PUT, value = "/maps/{id}/collabs/", consumes = {"application/json"}, produces = {"application/json"})
+    @RequestMapping(method = RequestMethod.PUT, value = "api/restfull/maps/{id}/collabs/", consumes = {"application/json"}, produces = {"application/json"})
    @ResponseStatus(value = HttpStatus.NO_CONTENT)
    public void addCollab(@PathVariable int id, @NotNull @RequestBody RestCollaborationList restCollabs) throws CollaborationException, MapCouldNotFoundException, AccessDeniedSecurityException, InvalidEmailException, TooManyInactiveAccountsExceptions, OwnerCannotChangeException {
        final Mindmap mindMap = findMindmapById(id);
@ -384,7 +382,7 @@ public class MindmapController extends BaseController {


    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.GET, value = "/maps/{id}/collabs", produces = {"application/json"})
+    @RequestMapping(method = RequestMethod.GET, value = "api/restfull/maps/{id}/collabs", produces = {"application/json"})
    public RestCollaborationList retrieveList(@PathVariable int id) throws MapCouldNotFoundException, AccessDeniedSecurityException {
        final Mindmap mindMap = findMindmapById(id);

@ -401,7 +399,7 @@ public class MindmapController extends BaseController {
    }

    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.PUT, value = "/maps/{id}/description", consumes = {"text/plain"}, produces = {"application/json"})
+    @RequestMapping(method = RequestMethod.PUT, value = "api/restfull/maps/{id}/description", consumes = {"text/plain"}, produces = {"application/json"})
    @ResponseStatus(value = HttpStatus.NO_CONTENT)
    public void updateDescription(@RequestBody String description, @PathVariable int id) throws WiseMappingException {
        final Mindmap mindmap = findMindmapById(id);
@ -410,7 +408,7 @@ public class MindmapController extends BaseController {
    }

    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.PUT, value = "/maps/{id}/publish", consumes = {"text/plain"}, produces = {"application/json"})
+    @RequestMapping(method = RequestMethod.PUT, value = "api/restfull/maps/{id}/publish", consumes = {"text/plain"}, produces = {"application/json"})
    @ResponseStatus(value = HttpStatus.NO_CONTENT)
    public void updatePublishState(@RequestBody String value, @PathVariable int id) throws WiseMappingException {

@ -428,7 +426,7 @@ public class MindmapController extends BaseController {
    }

    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.DELETE, value = "/maps/{id}")
+    @RequestMapping(method = RequestMethod.DELETE, value = "api/restfull/maps/{id}")
    @ResponseStatus(value = HttpStatus.NO_CONTENT)
    public void deleteMapById(@PathVariable int id) throws IOException, WiseMappingException {
        final User user = Utils.getUser();
@ -437,7 +435,7 @@ public class MindmapController extends BaseController {
    }

    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.DELETE, value = "/maps/{id}/collabs")
+    @RequestMapping(method = RequestMethod.DELETE, value = "api/restfull/maps/{id}/collabs")
    @ResponseStatus(value = HttpStatus.NO_CONTENT)
    public void deleteCollabByEmail(@PathVariable int id, @RequestParam(required = false) String email) throws IOException, WiseMappingException {
        logger.debug("Deleting permission for email:" + email);
@ -469,7 +467,7 @@ public class MindmapController extends BaseController {
    }

    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.PUT, value = "/maps/{id}/starred", consumes = {"text/plain"}, produces = {"application/json"})
+    @RequestMapping(method = RequestMethod.PUT, value = "api/restfull/maps/{id}/starred", consumes = {"text/plain"}, produces = {"application/json"})
    @ResponseStatus(value = HttpStatus.NO_CONTENT)
    public void updateStarredState(@RequestBody String value, @PathVariable int id) throws WiseMappingException {

@ -488,7 +486,7 @@ public class MindmapController extends BaseController {
    }

    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.GET, value = "/maps/{id}/starred", produces = {"text/plain"})
+    @RequestMapping(method = RequestMethod.GET, value = "api/restfull/maps/{id}/starred", produces = {"text/plain"})
    @ResponseBody
    public String fetchStarred(@PathVariable int id) throws WiseMappingException {
        final Mindmap mindmap = findMindmapById(id);
@ -503,7 +501,7 @@ public class MindmapController extends BaseController {
    }

    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.DELETE, value = "/maps/batch")
+    @RequestMapping(method = RequestMethod.DELETE, value = "api/restfull/maps/batch")
    @ResponseStatus(value = HttpStatus.NO_CONTENT)
    public void batchDelete(@RequestParam() String ids) throws IOException, WiseMappingException {
        final User user = Utils.getUser();
@ -552,12 +550,12 @@ public class MindmapController extends BaseController {
        mindmapService.addMindmap(mindmap, user);

        // Return the new created map ...
-        response.setHeader("Location", "/service/maps/" + mindmap.getId());
+        response.setHeader("Location", "/serviceapi/restfull/maps/" + mindmap.getId());
        response.setHeader("ResourceId", Integer.toString(mindmap.getId()));
    }

    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.POST, value = "/maps/{id}", consumes = {"application/json"}, produces = {"application/json", "text/plain"})
+    @RequestMapping(method = RequestMethod.POST, value = "api/restfull/maps/{id}", consumes = {"application/json"}, produces = {"application/json", "text/plain"})
    @ResponseStatus(value = HttpStatus.CREATED)
    public void createDuplicate(@RequestBody RestMindmapInfo restMindmap, @PathVariable int id, @NotNull HttpServletResponse response) throws IOException, WiseMappingException {
        // Validate ...
@ -580,13 +578,13 @@ public class MindmapController extends BaseController {
        mindmapService.addMindmap(clonedMap, user);

        // Return the new created map ...
-        response.setHeader("Location", "/service/maps/" + clonedMap.getId());
+        response.setHeader("Location", "/serviceapi/restfull/maps/" + clonedMap.getId());
        response.setHeader("ResourceId", Integer.toString(clonedMap.getId()));
    }


    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.DELETE, value = "/maps/{id}/labels/{lid}")
+    @RequestMapping(method = RequestMethod.DELETE, value = "api/restfull/maps/{id}/labels/{lid}")
    @ResponseStatus(value = HttpStatus.NO_CONTENT)
    public void removeLabelFromMap(@PathVariable int id, @PathVariable int lid) throws WiseMappingException {
        final User user = Utils.getUser();
@ -602,7 +600,7 @@ public class MindmapController extends BaseController {
    }

    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.POST, value = "/maps/{id}/labels", consumes = {"application/json"})
+    @RequestMapping(method = RequestMethod.POST, value = "api/restfull/maps/{id}/labels", consumes = {"application/json"})
    @ResponseStatus(value = HttpStatus.OK)
    public void updateLabel(@PathVariable int id, @RequestBody int lid) throws WiseMappingException {
        final User user = Utils.getUser();
@ -617,7 +615,7 @@ public class MindmapController extends BaseController {
    }

    @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
-    @RequestMapping(method = RequestMethod.PUT, value = "/maps/{id}/lock", consumes = {"text/plain"}, produces = {"application/json"})
+    @RequestMapping(method = RequestMethod.PUT, value = "api/restfull/maps/{id}/lock", consumes = {"text/plain"}, produces = {"application/json"})
    public ResponseEntity<RestLockInfo> lockMindmap(@RequestBody String value, @PathVariable int id) throws WiseMappingException {
        final User user = Utils.getUser();
        final LockManager lockManager = mindmapService.getLockManager();
--- a/wise-webapp/src/main/java/com/wisemapping/webmvc/MvcMindmapController.java
+++ b/wise-webapp/src/main/java/com/wisemapping/webmvc/MvcMindmapController.java
@ -39,10 +39,7 @@ import org.springframework.stereotype.Controller;
 import org.springframework.transaction.annotation.Propagation;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.ui.Model;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.*;
 import org.springframework.web.servlet.ModelAndView;

 import java.util.Locale;
--- a/wise-webapp/src/main/resources/application.properties
+++ b/wise-webapp/src/main/resources/application.properties
@ -1,7 +1,8 @@
 ##################################################################################
-Springboot Common
+SpringBoot Common
 ##################################################################################

+# JPA
 spring.datasource.initialize=true
 spring.main.allow-circular-references=true

@ -10,11 +11,9 @@ spring.jpa.properties.hibernate.current_session_context_class=thread
 spring.jpa.properties.hibernate.format_sql=true
 spring.sql.init.mode=always

-##################################################################################
-Log Level 
-##################################################################################
+# LOG

-logging.level.root=INFO
+logging.level.root=TRACE
 logging.level.org.apache.tomcat=INFO

 ##################################################################################
--- a/wise-webapp/src/main/resources/log4j2.xml
+++ b/wise-webapp/src/main/resources/log4j2.xml
@ -1,19 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Configuration status="TRACE">
-    <Appenders>
-        <Console name="LogToConsole" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n"/>
-        </Console>
-    </Appenders>
-    <Loggers>
-        <Logger name="com.wisemapping" level="trace">
-            <AppenderRef ref="LogToConsole"/>
-        </Logger>
-        <Logger name="org.springframework" level="trace">
-            <AppenderRef ref="LogToConsole"/>
-        </Logger>
-        <Root level="trace">
-            <AppenderRef ref="LogToConsole"/>
-        </Root>
-    </Loggers>
-</Configuration>