From 079f8ac417a82eca28ccb9a509a0531b457bf071 Mon Sep 17 00:00:00 2001 From: Paulo Gustavo Veiga Date: Mon, 27 Nov 2023 21:08:28 -0800 Subject: [PATCH] Fix MVC --- wise-webapp/pom.xml | 22 +- .../com/wisemapping/config/Application.java | 31 ++- .../wisemapping/config/HibernateConfig.java | 2 + .../wisemapping/config/SecurityConfig.java | 159 ------------- .../{MvcConfig.java => mvc/MvcAppConfig.java} | 28 ++- .../config/mvc/MvcSecurityConfig.java | 101 ++++++++ .../wisemapping/config/mvc/ServletConfig.java | 12 + .../config/rest/RestAppConfig.java | 44 ++++ .../wisemapping/rest/AccountController.java | 7 +- .../com/wisemapping/rest/AdminController.java | 2 +- .../com/wisemapping/rest/LabelController.java | 2 +- .../wisemapping/rest/MindmapController.java | 2 +- .../wisemapping/rest/OAuth2Controller.java | 2 +- .../com/wisemapping/rest/UserController.java | 2 +- .../AuthenticationSuccessHandler.java | 60 ----- .../security/UserDetailsService.java | 3 + .../service/MindmapServiceImpl.java | 1 - .../webmvc/MvcLoginController.java | 5 +- .../webmvc/MvcMindmapController.java | 30 +-- .../webmvc/MvcUsersController.java | 10 +- .../src/main/resources/application.properties | 3 + wise-webapp/src/main/resources/log4j2.xml | 7 +- .../resources/spring/wisemapping-common.xml | 11 - .../resources/spring/wisemapping-rest.xml | 9 - .../resources/spring/wisemapping-servlet.xml | 16 +- .../views => webapp/WEB-INF/jsp}/init.jsp | 0 .../WEB-INF/jsp}/mindmapEditor.jsp | 0 .../WEB-INF/jsp}/mindmapViewonly.jsp | 0 .../WEB-INF/jsp}/pageHeaders.jsf | 0 .../WEB-INF/jsp}/reactInclude.jsp | 0 wise-webapp/src/main/webapp/WEB-INF/web.xml | 222 +++++++++--------- 31 files changed, 351 insertions(+), 442 deletions(-) delete mode 100644 wise-webapp/src/main/java/com/wisemapping/config/SecurityConfig.java rename wise-webapp/src/main/java/com/wisemapping/config/{MvcConfig.java => mvc/MvcAppConfig.java} (63%) create mode 100644 wise-webapp/src/main/java/com/wisemapping/config/mvc/MvcSecurityConfig.java create mode 100644 wise-webapp/src/main/java/com/wisemapping/config/mvc/ServletConfig.java create mode 100644 wise-webapp/src/main/java/com/wisemapping/config/rest/RestAppConfig.java delete mode 100644 wise-webapp/src/main/java/com/wisemapping/security/AuthenticationSuccessHandler.java delete mode 100644 wise-webapp/src/main/resources/spring/wisemapping-common.xml rename wise-webapp/src/main/{resources/views => webapp/WEB-INF/jsp}/init.jsp (100%) rename wise-webapp/src/main/{resources/views => webapp/WEB-INF/jsp}/mindmapEditor.jsp (100%) rename wise-webapp/src/main/{resources/views => webapp/WEB-INF/jsp}/mindmapViewonly.jsp (100%) rename wise-webapp/src/main/{resources/views => webapp/WEB-INF/jsp}/pageHeaders.jsf (100%) rename wise-webapp/src/main/{resources/views => webapp/WEB-INF/jsp}/reactInclude.jsp (100%) diff --git a/wise-webapp/pom.xml b/wise-webapp/pom.xml index 3e42f21d..7837066a 100644 --- a/wise-webapp/pom.xml +++ b/wise-webapp/pom.xml @@ -67,16 +67,12 @@ 12.0 compile - - - - - - - - - - + + org.apache.tomcat.embed + tomcat-embed-jasper + 10.1.9 + provided + org.postgresql postgresql @@ -195,6 +191,12 @@ spring-security-config ${org.springframework.addons} + + org.projectlombok + lombok + RELEASE + compile + diff --git a/wise-webapp/src/main/java/com/wisemapping/config/Application.java b/wise-webapp/src/main/java/com/wisemapping/config/Application.java index e22ae7ed..cb986831 100644 --- a/wise-webapp/src/main/java/com/wisemapping/config/Application.java +++ b/wise-webapp/src/main/java/com/wisemapping/config/Application.java @@ -1,18 +1,35 @@ package com.wisemapping.config; -import org.springframework.boot.SpringApplication; +import com.wisemapping.config.mvc.MvcAppConfig; +import com.wisemapping.config.mvc.MvcSecurityConfig; +import com.wisemapping.config.mvc.ServletConfig; +import com.wisemapping.config.rest.RestAppConfig; +import org.springframework.boot.WebApplicationType; import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.builder.SpringApplicationBuilder; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.ImportResource; -import org.springframework.data.jpa.repository.config.EnableJpaRepositories; -import org.springframework.transaction.annotation.EnableTransactionManagement; +import org.springframework.security.web.firewall.StrictHttpFirewall; -@EnableTransactionManagement @SpringBootApplication -@EnableJpaRepositories("com.wisemapping.model") -@ImportResource("classpath:spring/wisemapping-common.xml") +@ImportResource(value = {"classpath:spring/wisemapping-service.xml"}) +@ComponentScan({"com.wisemapping.security", "com.wisemapping.service", "com.wisemapping.dao", "com.wisemapping.util"}) public class Application { public static void main(String[] args) { - SpringApplication.run(Application.class, args); + + new SpringApplicationBuilder() + .parent(Application.class, HibernateConfig.class, MethodSecurityConfig.class).web(WebApplicationType.NONE) + .child(MvcAppConfig.class, MvcSecurityConfig.class, ServletConfig.class).web(WebApplicationType.SERVLET) + .sibling(RestAppConfig.class).web(WebApplicationType.SERVLET) + .run(args); + } + + @Bean + public StrictHttpFirewall httpFirewall() { + StrictHttpFirewall firewall = new StrictHttpFirewall(); + firewall.setAllowSemicolon(true); + return firewall; } } diff --git a/wise-webapp/src/main/java/com/wisemapping/config/HibernateConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/HibernateConfig.java index 8e25e9ce..29bf47d1 100644 --- a/wise-webapp/src/main/java/com/wisemapping/config/HibernateConfig.java +++ b/wise-webapp/src/main/java/com/wisemapping/config/HibernateConfig.java @@ -1,10 +1,12 @@ package com.wisemapping.config; import org.springframework.context.annotation.Configuration; +import org.springframework.data.jpa.repository.config.EnableJpaRepositories; import org.springframework.transaction.annotation.EnableTransactionManagement; @Configuration @EnableTransactionManagement +@EnableJpaRepositories("com.wisemapping.model") public class HibernateConfig { // @Value("${database.hibernate.dialect}") // private String dbDialect; diff --git a/wise-webapp/src/main/java/com/wisemapping/config/SecurityConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/SecurityConfig.java deleted file mode 100644 index da8baa29..00000000 --- a/wise-webapp/src/main/java/com/wisemapping/config/SecurityConfig.java +++ /dev/null @@ -1,159 +0,0 @@ -package com.wisemapping.config; - -import com.wisemapping.security.AuthenticationSuccessHandler; -import com.wisemapping.security.UserDetailsService; -import com.wisemapping.service.UserService; -import org.jetbrains.annotations.NotNull; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.core.annotation.Order; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; -import org.springframework.security.config.http.SessionCreationPolicy; -import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.firewall.StrictHttpFirewall; -import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher; -import org.springframework.web.servlet.handler.HandlerMappingIntrospector; - - -@Configuration -@EnableWebSecurity -public class SecurityConfig { - @Autowired - UserService userService; - - @Value("${admin.user}") - String adminUser; - - @Bean - public StrictHttpFirewall httpFirewall() { - StrictHttpFirewall firewall = new StrictHttpFirewall(); - firewall.setAllowSemicolon(true); - return firewall; - } - @Bean - @Order(1) - public SecurityFilterChain embeddedDisabledXOrigin(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { - final MvcRequestMatcher.Builder mvcMatcher = new MvcRequestMatcher.Builder(introspector).servletPath("/c"); - http - .securityMatchers((matchers) -> - matchers.requestMatchers(mvcMatcher.pattern(("/maps/*/embed")))) - .authorizeHttpRequests( - (auth) -> auth.requestMatchers(mvcMatcher.pattern("/maps/*/embed")).permitAll()) - .headers((header -> header.frameOptions() - .disable() - )) - .csrf(AbstractHttpConfigurer::disable); - - return http.build(); - } - - @Bean - @Order(2) - SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { - final MvcRequestMatcher.Builder serviceMapper = new MvcRequestMatcher.Builder(introspector).servletPath("/service"); - return http - .securityMatchers((matchers) -> - matchers.requestMatchers(serviceMapper.pattern(("/**")))) - .authorizeHttpRequests(auth -> - auth - .requestMatchers(serviceMapper.pattern("/users/")).permitAll() - .requestMatchers(serviceMapper.pattern("/users/resetPassword")).permitAll() - .requestMatchers(serviceMapper.pattern("/oauth2/googlecallback")).permitAll() - .requestMatchers(serviceMapper.pattern("/oauth2/confirmaccountsync")).permitAll() - .requestMatchers(serviceMapper.pattern("/admin/**")).hasAnyRole("ADMIN") - .requestMatchers(serviceMapper.pattern("/**")).hasAnyRole("USER", "ADMIN") - ) - .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) - .httpBasic(httpBasic -> { - }) - .csrf(AbstractHttpConfigurer::disable) - .build(); - } - - @Bean - @Order(3) - public SecurityFilterChain mvcFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { - final AuthenticationSuccessHandler authenticationSuccessHandler = new AuthenticationSuccessHandler(); - authenticationSuccessHandler.setAlwaysUseDefaultTargetUrl(false); - authenticationSuccessHandler.setDefaultTargetUrl("/c/maps/"); - - final MvcRequestMatcher.Builder restfullMapper = new MvcRequestMatcher.Builder(introspector).servletPath("/c/restful"); - final MvcRequestMatcher.Builder mvcMatcher = new MvcRequestMatcher.Builder(introspector).servletPath("/c"); - - http - .securityMatchers((matchers) -> - matchers.requestMatchers(restfullMapper.pattern(("/**"))). - requestMatchers(mvcMatcher.pattern(("/**")))) - .authorizeHttpRequests( - (auth) -> - auth - .requestMatchers(mvcMatcher.pattern("/login")).permitAll() - .requestMatchers(mvcMatcher.pattern("/logout")).permitAll() - - .requestMatchers(mvcMatcher.pattern("/registration")).permitAll() - .requestMatchers(mvcMatcher.pattern("/registration-success")).permitAll() - .requestMatchers(mvcMatcher.pattern("/registration-google")).permitAll() - - .requestMatchers(mvcMatcher.pattern("/forgot-password")).permitAll() - .requestMatchers(mvcMatcher.pattern("/forgot-password-success")).permitAll() - .requestMatchers(mvcMatcher.pattern("/maps/*/try")).permitAll() - .requestMatchers(mvcMatcher.pattern("/maps/*/public")).permitAll() - .requestMatchers(restfullMapper.pattern("/maps/*/document/xml-pub")).permitAll() - .requestMatchers(mvcMatcher.pattern("/**")).hasAnyRole("USER", "ADMIN") - .requestMatchers(restfullMapper.pattern("/**")).hasAnyRole("USER", "ADMIN") - .anyRequest().authenticated()) - .formLogin((loginForm) -> - loginForm.loginPage("/c/login") - .loginProcessingUrl("/c/perform-login") - .defaultSuccessUrl("/c/maps/") - .failureUrl("/c/login?login_error=2")) - .logout((logout) -> - logout - .logoutUrl("/c/logout") - .logoutSuccessUrl("/c/login") - .invalidateHttpSession(true) - .deleteCookies("JSESSIONID") - .permitAll() - ).rememberMe(remember -> - remember - .tokenValiditySeconds(2419200) - .rememberMeParameter("remember-me" - ).authenticationSuccessHandler(authenticationSuccessHandler) - ).headers((header -> header.frameOptions() - .disable() - )) - .csrf((csrf) -> - csrf.ignoringRequestMatchers(mvcMatcher.pattern("/logout"))); - - return http.build(); - } - - @Bean - @Order(4) - public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { - final MvcRequestMatcher.Builder restfullMapper = new MvcRequestMatcher.Builder(introspector); - - return http.authorizeHttpRequests( - (auth) -> - auth.requestMatchers(restfullMapper.pattern("/static/**")).permitAll(). - requestMatchers(restfullMapper.pattern("/css/**")).permitAll(). - requestMatchers(restfullMapper.pattern("/js/**")).permitAll(). - requestMatchers(restfullMapper.pattern("/images/**")).permitAll(). - requestMatchers(restfullMapper.pattern("/*")).permitAll() - ).build(); - } - - - - @Bean - public UserDetailsService userDetailsService() { - final UserDetailsService result = new UserDetailsService(); - result.setUserService(userService); - result.setAdminUser(adminUser); - return result; - } -} diff --git a/wise-webapp/src/main/java/com/wisemapping/config/MvcConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/mvc/MvcAppConfig.java similarity index 63% rename from wise-webapp/src/main/java/com/wisemapping/config/MvcConfig.java rename to wise-webapp/src/main/java/com/wisemapping/config/mvc/MvcAppConfig.java index 7c86002c..1e923311 100644 --- a/wise-webapp/src/main/java/com/wisemapping/config/MvcConfig.java +++ b/wise-webapp/src/main/java/com/wisemapping/config/mvc/MvcAppConfig.java @@ -1,30 +1,34 @@ -package com.wisemapping.config; +package com.wisemapping.config.mvc; +import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.ComponentScan; +import org.springframework.context.annotation.ImportResource; import org.springframework.web.servlet.HandlerExceptionResolver; import org.springframework.web.servlet.ViewResolver; import org.springframework.web.servlet.config.annotation.EnableWebMvc; -import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver; import org.springframework.web.servlet.view.InternalResourceViewResolver; import org.springframework.web.servlet.view.JstlView; -@Configuration + +@SpringBootApplication @EnableWebMvc -public class MvcConfig implements WebMvcConfigurer { - @Override - public void addResourceHandlers(ResourceHandlerRegistry registry) { - registry - .addResourceHandler("/**") - .addResourceLocations("classpath:/public/"); - } +@ImportResource(value = {"classpath:spring/wisemapping-servlet.xml"}) +@ComponentScan("com.wisemapping.webmvc") +public class MvcAppConfig implements WebMvcConfigurer { +// @Override +// public void addResourceHandlers(ResourceHandlerRegistry registry) { +// registry +// .addResourceHandler("/**") +// .addResourceLocations("classpath:/public/"); +// } @Bean public ViewResolver viewResolver() { InternalResourceViewResolver resolver = new InternalResourceViewResolver(); - resolver.setPrefix("/views/"); + resolver.setPrefix("/WEB-INF/jsp/"); resolver.setSuffix(".jsp"); resolver.setViewClass(JstlView.class); return resolver; diff --git a/wise-webapp/src/main/java/com/wisemapping/config/mvc/MvcSecurityConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/mvc/MvcSecurityConfig.java new file mode 100644 index 00000000..d90cbdd1 --- /dev/null +++ b/wise-webapp/src/main/java/com/wisemapping/config/mvc/MvcSecurityConfig.java @@ -0,0 +1,101 @@ +package com.wisemapping.config.mvc; + +import org.jetbrains.annotations.NotNull; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.core.annotation.Order; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher; +import org.springframework.web.servlet.handler.HandlerMappingIntrospector; + + +@Configuration +@EnableWebSecurity +public class MvcSecurityConfig { + + @Bean + @Order(1) + public SecurityFilterChain embeddedDisabledXOrigin(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { + final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector); + + http + .securityMatchers((matchers) -> + matchers.requestMatchers(matcher.pattern("c/maps/*/embed"))) + .authorizeHttpRequests( + (auth) -> auth.requestMatchers(matcher.pattern(("c/maps/*/embed"))).permitAll()) + .headers((header -> header.frameOptions() + .disable() + )) + .csrf(AbstractHttpConfigurer::disable); + + return http.build(); + } + + @Bean + @Order(2) + public SecurityFilterChain mvcFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { + final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector); + http + .securityMatchers((matchers) -> + matchers.requestMatchers(matcher.pattern("/c/**"))) + .authorizeHttpRequests( + (auth) -> + auth + .requestMatchers(matcher.pattern("/c/login")).permitAll() + .requestMatchers(matcher.pattern("/c/logout")).permitAll() + .requestMatchers(matcher.pattern("/c/registration")).permitAll() + .requestMatchers(matcher.pattern("/c/registration-success")).permitAll() + .requestMatchers(matcher.pattern("/c/registration-google")).permitAll() + + .requestMatchers(matcher.pattern("/c/forgot-password")).permitAll() + .requestMatchers(matcher.pattern("/c/forgot-password-success")).permitAll() + .requestMatchers(matcher.pattern("/c/maps/*/try")).permitAll() + .requestMatchers(matcher.pattern("/c/maps/*/public")).permitAll() + .requestMatchers(matcher.pattern("/c/**")).hasAnyRole("USER", "ADMIN") + .anyRequest().authenticated()) + .formLogin((loginForm) -> + loginForm.loginPage("/c/login") + .loginProcessingUrl("/c/perform-login") + .defaultSuccessUrl("/c/maps/") + .failureUrl("/c/login?login_error=2")) + .logout((logout) -> + logout + .logoutUrl("/c/logout") + .logoutSuccessUrl("/c/login") + .invalidateHttpSession(true) + .deleteCookies("JSESSIONID") + .permitAll() + ).rememberMe(remember -> + remember + .tokenValiditySeconds(2419200) + .rememberMeParameter("remember-me" + ) + ).headers((header -> header.frameOptions() + .disable() + )) + .csrf((csrf) -> + csrf.ignoringRequestMatchers(matcher.pattern("/c/logout"))); + + return http.build(); + } + + @Bean + @Order(3) + public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { + final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector); + + return http.authorizeHttpRequests( + (auth) -> + auth.requestMatchers(matcher.pattern("/static/**")).permitAll(). + requestMatchers(matcher.pattern("/css/**")).permitAll(). + requestMatchers(matcher.pattern("/js/**")).permitAll(). + // @todo: Wht this is required ... + requestMatchers(matcher.pattern("/WEB-INF/jsp/*.jsp")).permitAll(). + requestMatchers(matcher.pattern("/images/**")).permitAll(). + requestMatchers(matcher.pattern("/*")).permitAll() + ).build(); + } +} diff --git a/wise-webapp/src/main/java/com/wisemapping/config/mvc/ServletConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/mvc/ServletConfig.java new file mode 100644 index 00000000..9bad0c5c --- /dev/null +++ b/wise-webapp/src/main/java/com/wisemapping/config/mvc/ServletConfig.java @@ -0,0 +1,12 @@ +package com.wisemapping.config.mvc; + +import org.springframework.boot.web.server.WebServerFactoryCustomizer; +import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory; +import org.springframework.context.annotation.Configuration; + +@Configuration +public class ServletConfig implements WebServerFactoryCustomizer { + public void customize(ConfigurableServletWebServerFactory factory){ + factory.setPort(8081); + } +} \ No newline at end of file diff --git a/wise-webapp/src/main/java/com/wisemapping/config/rest/RestAppConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/rest/RestAppConfig.java new file mode 100644 index 00000000..d97f3aed --- /dev/null +++ b/wise-webapp/src/main/java/com/wisemapping/config/rest/RestAppConfig.java @@ -0,0 +1,44 @@ +package com.wisemapping.config.rest; + +import org.jetbrains.annotations.NotNull; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.ComponentScan; +import org.springframework.core.annotation.Order; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher; +import org.springframework.web.servlet.handler.HandlerMappingIntrospector; + + +@SpringBootApplication +@EnableWebSecurity +@ComponentScan("com.wisemapping.rest") +public class RestAppConfig { + @Bean + @Order(2) + SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { + final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector).servletPath("/service"); + return http + .securityMatchers((matchers) -> + matchers.requestMatchers(matcher.pattern(("/**")))) + .authorizeHttpRequests(auth -> + auth + .requestMatchers(matcher.pattern("/users/")).permitAll() + .requestMatchers(matcher.pattern("/users/resetPassword")).permitAll() + .requestMatchers(matcher.pattern("/oauth2/googlecallback")).permitAll() + .requestMatchers(matcher.pattern("/oauth2/confirmaccountsync")).permitAll() + .requestMatchers(matcher.pattern("/admin/**")).hasAnyRole("ADMIN") + .requestMatchers(matcher.pattern("/**")).hasAnyRole("USER", "ADMIN") + ) + .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .httpBasic(httpBasic -> { + }) + .csrf(AbstractHttpConfigurer::disable) + .build(); + } + +} diff --git a/wise-webapp/src/main/java/com/wisemapping/rest/AccountController.java b/wise-webapp/src/main/java/com/wisemapping/rest/AccountController.java index 571d96e2..e8c8dfb3 100644 --- a/wise-webapp/src/main/java/com/wisemapping/rest/AccountController.java +++ b/wise-webapp/src/main/java/com/wisemapping/rest/AccountController.java @@ -34,14 +34,11 @@ import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.ResponseStatus; +import org.springframework.web.bind.annotation.*; import java.util.List; -@Controller +@RestController @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')") public class AccountController extends BaseController { @Qualifier("userService") diff --git a/wise-webapp/src/main/java/com/wisemapping/rest/AdminController.java b/wise-webapp/src/main/java/com/wisemapping/rest/AdminController.java index 71cf2700..e849c4f1 100644 --- a/wise-webapp/src/main/java/com/wisemapping/rest/AdminController.java +++ b/wise-webapp/src/main/java/com/wisemapping/rest/AdminController.java @@ -38,7 +38,7 @@ import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.List; -@Controller +@RestController @PreAuthorize("isAuthenticated() and hasRole('ROLE_ADMIN')") public class AdminController extends BaseController { @Qualifier("userService") diff --git a/wise-webapp/src/main/java/com/wisemapping/rest/LabelController.java b/wise-webapp/src/main/java/com/wisemapping/rest/LabelController.java index 9a8078c1..284d90c5 100644 --- a/wise-webapp/src/main/java/com/wisemapping/rest/LabelController.java +++ b/wise-webapp/src/main/java/com/wisemapping/rest/LabelController.java @@ -40,7 +40,7 @@ import org.springframework.web.bind.annotation.*; import jakarta.servlet.http.HttpServletResponse; import java.util.List; -@Controller +@RestController @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')") public class LabelController extends BaseController { diff --git a/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java b/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java index a3aea80e..cdb69ffb 100644 --- a/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java +++ b/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java @@ -49,7 +49,7 @@ import java.util.*; import java.util.stream.Collectors; -@Controller +@RestController @Transactional(propagation = Propagation.REQUIRED) public class MindmapController extends BaseController { private final Logger logger = LogManager.getLogger(); diff --git a/wise-webapp/src/main/java/com/wisemapping/rest/OAuth2Controller.java b/wise-webapp/src/main/java/com/wisemapping/rest/OAuth2Controller.java index 9130a4b5..7427070d 100644 --- a/wise-webapp/src/main/java/com/wisemapping/rest/OAuth2Controller.java +++ b/wise-webapp/src/main/java/com/wisemapping/rest/OAuth2Controller.java @@ -38,7 +38,7 @@ import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpSession; -@Controller +@RestController @CrossOrigin public class OAuth2Controller extends BaseController { @Qualifier("userService") diff --git a/wise-webapp/src/main/java/com/wisemapping/rest/UserController.java b/wise-webapp/src/main/java/com/wisemapping/rest/UserController.java index 5791fed8..6208e365 100644 --- a/wise-webapp/src/main/java/com/wisemapping/rest/UserController.java +++ b/wise-webapp/src/main/java/com/wisemapping/rest/UserController.java @@ -47,7 +47,7 @@ import jakarta.servlet.http.HttpServletResponse; import java.util.Arrays; import java.util.List; -@Controller +@RestController @CrossOrigin public class UserController extends BaseController { diff --git a/wise-webapp/src/main/java/com/wisemapping/security/AuthenticationSuccessHandler.java b/wise-webapp/src/main/java/com/wisemapping/security/AuthenticationSuccessHandler.java deleted file mode 100644 index 2e3945b6..00000000 --- a/wise-webapp/src/main/java/com/wisemapping/security/AuthenticationSuccessHandler.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright [2022] [wisemapping] - * - * Licensed under WiseMapping Public License, Version 1.0 (the "License"). - * It is basically the Apache License, Version 2.0 (the "License") plus the - * "powered by wisemapping" text requirement on every single page; - * you may not use this file except in compliance with the License. - * You may obtain a copy of the license at - * - * http://www.wisemapping.org/license - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.wisemapping.security; - -import org.springframework.security.core.Authentication; -import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; -import org.springframework.security.web.savedrequest.HttpSessionRequestCache; -import org.springframework.security.web.savedrequest.RequestCache; -import org.springframework.security.web.savedrequest.SavedRequest; - -import jakarta.servlet.ServletException; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; -import java.io.IOException; - - -public class AuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler { - private final RequestCache cache; - - public AuthenticationSuccessHandler() { - cache = new HttpSessionRequestCache(); - this.setRequestCache(cache); - } - - @Override - public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException { - - SavedRequest savedRequest = cache.getRequest(request, response); - if (savedRequest != null && savedRequest.getRedirectUrl().contains("c/restful")) { - cache.removeRequest(request, response); - } - super.onAuthenticationSuccess(request, response, authentication); - } - - @Override - protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) { - String url = super.determineTargetUrl(request, response); - // Prevent redirecting to rest services on login ... - if (url.contains("c/restful")) { - url = this.getDefaultTargetUrl(); - } - return url; - } - -} \ No newline at end of file diff --git a/wise-webapp/src/main/java/com/wisemapping/security/UserDetailsService.java b/wise-webapp/src/main/java/com/wisemapping/security/UserDetailsService.java index 42725a89..e6d04030 100644 --- a/wise-webapp/src/main/java/com/wisemapping/security/UserDetailsService.java +++ b/wise-webapp/src/main/java/com/wisemapping/security/UserDetailsService.java @@ -24,6 +24,7 @@ import com.wisemapping.service.UserService; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.dao.DataAccessException; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; @@ -34,6 +35,8 @@ public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService { @Autowired private UserService userService; + + @Value("${admin.user}") private String adminUser; @Override diff --git a/wise-webapp/src/main/java/com/wisemapping/service/MindmapServiceImpl.java b/wise-webapp/src/main/java/com/wisemapping/service/MindmapServiceImpl.java index 41e20091..e7729265 100755 --- a/wise-webapp/src/main/java/com/wisemapping/service/MindmapServiceImpl.java +++ b/wise-webapp/src/main/java/com/wisemapping/service/MindmapServiceImpl.java @@ -54,7 +54,6 @@ public class MindmapServiceImpl @Autowired private NotificationService notificationService; - @Value("${admin.user}") private String adminUser; final private LockManager lockManager; diff --git a/wise-webapp/src/main/java/com/wisemapping/webmvc/MvcLoginController.java b/wise-webapp/src/main/java/com/wisemapping/webmvc/MvcLoginController.java index b21c279c..6f12760d 100644 --- a/wise-webapp/src/main/java/com/wisemapping/webmvc/MvcLoginController.java +++ b/wise-webapp/src/main/java/com/wisemapping/webmvc/MvcLoginController.java @@ -31,10 +31,8 @@ import org.springframework.web.servlet.ModelAndView; @PreAuthorize("permitAll()") public class MvcLoginController { -// @Value("${database.driver}") - private String driver; - @RequestMapping(value = "login", method = RequestMethod.GET) + @RequestMapping(value = "c/login", method = RequestMethod.GET) protected ModelAndView showLoginPage() { final User user = Utils.getUser(false); ModelAndView result; @@ -42,7 +40,6 @@ public class MvcLoginController { result = new ModelAndView("forward:/c/maps/"); } else { result = new ModelAndView("reactInclude"); - result.addObject("isHsql", driver.contains("hsql")); } return result; } diff --git a/wise-webapp/src/main/java/com/wisemapping/webmvc/MvcMindmapController.java b/wise-webapp/src/main/java/com/wisemapping/webmvc/MvcMindmapController.java index bfca1266..0d650692 100644 --- a/wise-webapp/src/main/java/com/wisemapping/webmvc/MvcMindmapController.java +++ b/wise-webapp/src/main/java/com/wisemapping/webmvc/MvcMindmapController.java @@ -55,7 +55,7 @@ public class MvcMindmapController { @Autowired private MindmapService mindmapService; - @RequestMapping(value = "maps/{id}/print") + @RequestMapping(value = "c/maps/{id}/print") public String showPrintPage(@PathVariable int id, @NotNull Model model) throws MapCouldNotFoundException, AccessDeniedSecurityException { final MindMapBean mindmap = findMindmapBean(id); @@ -67,12 +67,12 @@ public class MvcMindmapController { return "mindmapViewonly"; } - @RequestMapping(value = "maps/") + @RequestMapping(value = "c/maps/") public String showListPage(@NotNull Model model) { return "reactInclude"; } - @RequestMapping(value = "maps/{id}/edit", method = RequestMethod.GET) + @RequestMapping(value = "c/maps/{id}/edit", method = RequestMethod.GET) public String showMindmapEditorPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException { return showEditorPage(id, model, true); } @@ -104,26 +104,26 @@ public class MvcMindmapController { return "mindmapEditor"; } - @RequestMapping(value = "maps/{id}/view", method = RequestMethod.GET) + @RequestMapping(value = "c/maps/{id}/view", method = RequestMethod.GET) public String showMindmapViewerPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException { final String result = showPrintPage(id, model); return result; } - @RequestMapping(value = "maps/{id}/try", method = RequestMethod.GET) + @RequestMapping(value = "c/maps/{id}/try", method = RequestMethod.GET) @PreAuthorize("permitAll()") public String showMindmapTryPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException { return showEditorPage(id, model, false); } - @RequestMapping(value = "maps/{id}/{hid}/view", method = RequestMethod.GET) + @RequestMapping(value = "c/maps/{id}/{hid}/view", method = RequestMethod.GET) public String showMindmapViewerRevPage(@PathVariable int id, @PathVariable int hid, @NotNull Model model) throws WiseMappingException { final String result = showPrintPage(id, model); model.addAttribute("hid", String.valueOf(hid)); return result; } - @RequestMapping(value = "maps/{id}/embed") + @RequestMapping(value = "c/maps/{id}/embed") @PreAuthorize("permitAll()") public ModelAndView showEmbeddedPage(@PathVariable int id, @RequestParam(required = false) Float zoom) throws MapCouldNotFoundException, MapNotPublicSecurityException, AccessDeniedSecurityException { if (!mindmapService.isMindmapPublic(id)) { @@ -138,7 +138,7 @@ public class MvcMindmapController { return view; } - @RequestMapping(value = "maps/{id}/public", method = RequestMethod.GET) + @RequestMapping(value = "c/maps/{id}/public", method = RequestMethod.GET) @PreAuthorize("permitAll()") public String showPublicViewPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException { if (!mindmapService.isMindmapPublic(id)) { @@ -147,20 +147,6 @@ public class MvcMindmapController { return this.showPrintPage(id, model); } - @Deprecated - @RequestMapping(value = "publicView", method = RequestMethod.GET) - @PreAuthorize("permitAll()") - public String showPublicViewPageLegacy(@RequestParam(required = true) int mapId) { - return "redirect:maps/" + mapId + "/public"; - } - - @Deprecated - @RequestMapping(value = "embeddedView", method = RequestMethod.GET) - @PreAuthorize("permitAll()") - public String showPublicViewLegacyPage(@RequestParam(required = true) int mapId, @RequestParam(required = false) int zoom) { - return "redirect:maps/" + mapId + "/embed?zoom=" + zoom; - } - @NotNull private Mindmap findMindmap(int mapId) throws MapCouldNotFoundException { final Mindmap result = mindmapService.findMindmapById(mapId); diff --git a/wise-webapp/src/main/java/com/wisemapping/webmvc/MvcUsersController.java b/wise-webapp/src/main/java/com/wisemapping/webmvc/MvcUsersController.java index 17d4215d..d626c20d 100644 --- a/wise-webapp/src/main/java/com/wisemapping/webmvc/MvcUsersController.java +++ b/wise-webapp/src/main/java/com/wisemapping/webmvc/MvcUsersController.java @@ -35,31 +35,31 @@ public class MvcUsersController { @Autowired private UserService userService; - @RequestMapping(value = "forgot-password", method = RequestMethod.GET) + @RequestMapping(value = "c/forgot-password", method = RequestMethod.GET) @PreAuthorize("permitAll()") public ModelAndView showResetPasswordPage() { return new ModelAndView("reactInclude"); } - @RequestMapping(value = "registration-google", method = RequestMethod.GET) + @RequestMapping(value = "c/registration-google", method = RequestMethod.GET) @PreAuthorize("permitAll()") public ModelAndView processGoogleCallback() { return new ModelAndView("reactInclude"); } - @RequestMapping(value = "registration", method = RequestMethod.GET) + @RequestMapping(value = "c/registration", method = RequestMethod.GET) @PreAuthorize("permitAll()") public ModelAndView showRegistrationPage() { return new ModelAndView("reactInclude"); } - @RequestMapping(value = "registration-success", method = RequestMethod.GET) + @RequestMapping(value = "c/registration-success", method = RequestMethod.GET) @PreAuthorize("permitAll()") public ModelAndView showRegistrationSuccess() { return new ModelAndView("reactInclude"); } - @RequestMapping(value = "forgot-password-success", method = RequestMethod.GET) + @RequestMapping(value = "c/forgot-password-success", method = RequestMethod.GET) @PreAuthorize("permitAll()") public ModelAndView showResetPasswordSuccess() { return new ModelAndView("reactInclude"); diff --git a/wise-webapp/src/main/resources/application.properties b/wise-webapp/src/main/resources/application.properties index fbd8c1f9..be2684c2 100755 --- a/wise-webapp/src/main/resources/application.properties +++ b/wise-webapp/src/main/resources/application.properties @@ -179,3 +179,6 @@ spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.HSQLDialect spring.jpa.open-in-view=true spring.h2.console.enabled=true spring.h2.console.path=/h2-ui + + +logging.level.root=TRACE diff --git a/wise-webapp/src/main/resources/log4j2.xml b/wise-webapp/src/main/resources/log4j2.xml index ca024d64..41d209d6 100644 --- a/wise-webapp/src/main/resources/log4j2.xml +++ b/wise-webapp/src/main/resources/log4j2.xml @@ -1,14 +1,9 @@ - + - - - %d %p %c{1.} [%t] %m%n - - diff --git a/wise-webapp/src/main/resources/spring/wisemapping-common.xml b/wise-webapp/src/main/resources/spring/wisemapping-common.xml deleted file mode 100644 index c7c41d44..00000000 --- a/wise-webapp/src/main/resources/spring/wisemapping-common.xml +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - - diff --git a/wise-webapp/src/main/resources/spring/wisemapping-rest.xml b/wise-webapp/src/main/resources/spring/wisemapping-rest.xml index fa3b1967..8ee1830c 100644 --- a/wise-webapp/src/main/resources/spring/wisemapping-rest.xml +++ b/wise-webapp/src/main/resources/spring/wisemapping-rest.xml @@ -49,13 +49,4 @@ - - - - - - - - - \ No newline at end of file diff --git a/wise-webapp/src/main/resources/spring/wisemapping-servlet.xml b/wise-webapp/src/main/resources/spring/wisemapping-servlet.xml index 1c93d70d..136df01d 100644 --- a/wise-webapp/src/main/resources/spring/wisemapping-servlet.xml +++ b/wise-webapp/src/main/resources/spring/wisemapping-servlet.xml @@ -1,18 +1,12 @@ - - @@ -23,12 +17,4 @@ - - - - - - - - diff --git a/wise-webapp/src/main/resources/views/init.jsp b/wise-webapp/src/main/webapp/WEB-INF/jsp/init.jsp similarity index 100% rename from wise-webapp/src/main/resources/views/init.jsp rename to wise-webapp/src/main/webapp/WEB-INF/jsp/init.jsp diff --git a/wise-webapp/src/main/resources/views/mindmapEditor.jsp b/wise-webapp/src/main/webapp/WEB-INF/jsp/mindmapEditor.jsp similarity index 100% rename from wise-webapp/src/main/resources/views/mindmapEditor.jsp rename to wise-webapp/src/main/webapp/WEB-INF/jsp/mindmapEditor.jsp diff --git a/wise-webapp/src/main/resources/views/mindmapViewonly.jsp b/wise-webapp/src/main/webapp/WEB-INF/jsp/mindmapViewonly.jsp similarity index 100% rename from wise-webapp/src/main/resources/views/mindmapViewonly.jsp rename to wise-webapp/src/main/webapp/WEB-INF/jsp/mindmapViewonly.jsp diff --git a/wise-webapp/src/main/resources/views/pageHeaders.jsf b/wise-webapp/src/main/webapp/WEB-INF/jsp/pageHeaders.jsf similarity index 100% rename from wise-webapp/src/main/resources/views/pageHeaders.jsf rename to wise-webapp/src/main/webapp/WEB-INF/jsp/pageHeaders.jsf diff --git a/wise-webapp/src/main/resources/views/reactInclude.jsp b/wise-webapp/src/main/webapp/WEB-INF/jsp/reactInclude.jsp similarity index 100% rename from wise-webapp/src/main/resources/views/reactInclude.jsp rename to wise-webapp/src/main/webapp/WEB-INF/jsp/reactInclude.jsp diff --git a/wise-webapp/src/main/webapp/WEB-INF/web.xml b/wise-webapp/src/main/webapp/WEB-INF/web.xml index 921ab35f..42ab6c1b 100644 --- a/wise-webapp/src/main/webapp/WEB-INF/web.xml +++ b/wise-webapp/src/main/webapp/WEB-INF/web.xml @@ -1,131 +1,131 @@ - + - + + + + - - charsetFilter - org.springframework.web.filter.CharacterEncodingFilter - - encoding - UTF-8 - - + + + + + + + + - + - - jakarta.servlet.jsp.jstl.fmt.localizationContext - messages - + + + + - - contextConfigLocation - - classpath:spring/wisemapping-common.xml - - + + + + + + - - contextInitializerClasses - com.wisemapping.webmvc.ApplicationContextInitializer - - - + + + + + + + + + + - - com.wisemapping.listener.UnlockOnExpireListener - + + + - - hibernate - org.springframework.orm.hibernate5.support.OpenSessionInViewFilter - - singleSession - true - - - sessionFactoryBeanName - sessionFactory - - + + + + + + + + + + + + - - springSecurityFilterChain - org.springframework.web.filter.DelegatingFilterProxy - + + + + - - springSecurityFilterChain - /* - + + + + - - hibernate - /* - + + + + - - charsetFilter - /* - + + + + - - org.springframework.web.context.ContextLoaderListener - + + + - - mvc-servlet - org.springframework.web.servlet.DispatcherServlet - - contextConfigLocation - - classpath:spring/wisemapping-servlet.xml - - - 1 - + + + + + + + + + + + - - mvc-rest - org.springframework.web.servlet.DispatcherServlet - - contextConfigLocation - - classpath:spring/wisemapping-rest.xml - - - 1 - + + + + + + + + + + + - - mvc-servlet - /c/* - + + + + - - mvc-rest - /service/* - + + + + - - mvc-rest - /c/restful/* - + + + + - - - index.jsp - - - - 1440 - - \ No newline at end of file + + + + + + + + + \ No newline at end of file