This commit is contained in:
Paulo Gustavo Veiga 2023-11-27 21:08:28 -08:00
parent ea6b2ad106
commit 079f8ac417
31 changed files with 351 additions and 442 deletions

View File

@ -67,16 +67,12 @@
<version>12.0</version> <version>12.0</version>
<scope>compile</scope> <scope>compile</scope>
</dependency> </dependency>
<!-- <dependency>--> <dependency>
<!-- <groupId>org.springframework</groupId>--> <groupId>org.apache.tomcat.embed</groupId>
<!-- <artifactId>spring-messaging</artifactId>--> <artifactId>tomcat-embed-jasper</artifactId>
<!-- <version>${org.springframework.version}</version>--> <version>10.1.9</version>
<!-- </dependency>--> <scope>provided</scope>
<!-- <dependency>--> </dependency>
<!-- <groupId>org.springframework</groupId>-->
<!-- <artifactId>spring-websocket</artifactId>-->
<!-- <version>${org.springframework.version}</version>-->
<!-- </dependency>-->
<dependency> <dependency>
<groupId>org.postgresql</groupId> <groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId> <artifactId>postgresql</artifactId>
@ -195,6 +191,12 @@
<artifactId>spring-security-config</artifactId> <artifactId>spring-security-config</artifactId>
<version>${org.springframework.addons}</version> <version>${org.springframework.addons}</version>
</dependency> </dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>RELEASE</version>
<scope>compile</scope>
</dependency>
</dependencies> </dependencies>
<profiles> <profiles>
<profile> <profile>

View File

@ -1,18 +1,35 @@
package com.wisemapping.config; package com.wisemapping.config;
import org.springframework.boot.SpringApplication; import com.wisemapping.config.mvc.MvcAppConfig;
import com.wisemapping.config.mvc.MvcSecurityConfig;
import com.wisemapping.config.mvc.ServletConfig;
import com.wisemapping.config.rest.RestAppConfig;
import org.springframework.boot.WebApplicationType;
import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.ImportResource; import org.springframework.context.annotation.ImportResource;
import org.springframework.data.jpa.repository.config.EnableJpaRepositories; import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.transaction.annotation.EnableTransactionManagement;
@EnableTransactionManagement
@SpringBootApplication @SpringBootApplication
@EnableJpaRepositories("com.wisemapping.model") @ImportResource(value = {"classpath:spring/wisemapping-service.xml"})
@ImportResource("classpath:spring/wisemapping-common.xml") @ComponentScan({"com.wisemapping.security", "com.wisemapping.service", "com.wisemapping.dao", "com.wisemapping.util"})
public class Application { public class Application {
public static void main(String[] args) { public static void main(String[] args) {
SpringApplication.run(Application.class, args);
new SpringApplicationBuilder()
.parent(Application.class, HibernateConfig.class, MethodSecurityConfig.class).web(WebApplicationType.NONE)
.child(MvcAppConfig.class, MvcSecurityConfig.class, ServletConfig.class).web(WebApplicationType.SERVLET)
.sibling(RestAppConfig.class).web(WebApplicationType.SERVLET)
.run(args);
}
@Bean
public StrictHttpFirewall httpFirewall() {
StrictHttpFirewall firewall = new StrictHttpFirewall();
firewall.setAllowSemicolon(true);
return firewall;
} }
} }

View File

@ -1,10 +1,12 @@
package com.wisemapping.config; package com.wisemapping.config;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
import org.springframework.transaction.annotation.EnableTransactionManagement; import org.springframework.transaction.annotation.EnableTransactionManagement;
@Configuration @Configuration
@EnableTransactionManagement @EnableTransactionManagement
@EnableJpaRepositories("com.wisemapping.model")
public class HibernateConfig { public class HibernateConfig {
// @Value("${database.hibernate.dialect}") // @Value("${database.hibernate.dialect}")
// private String dbDialect; // private String dbDialect;

View File

@ -1,159 +0,0 @@
package com.wisemapping.config;
import com.wisemapping.security.AuthenticationSuccessHandler;
import com.wisemapping.security.UserDetailsService;
import com.wisemapping.service.UserService;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Autowired
UserService userService;
@Value("${admin.user}")
String adminUser;
@Bean
public StrictHttpFirewall httpFirewall() {
StrictHttpFirewall firewall = new StrictHttpFirewall();
firewall.setAllowSemicolon(true);
return firewall;
}
@Bean
@Order(1)
public SecurityFilterChain embeddedDisabledXOrigin(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
final MvcRequestMatcher.Builder mvcMatcher = new MvcRequestMatcher.Builder(introspector).servletPath("/c");
http
.securityMatchers((matchers) ->
matchers.requestMatchers(mvcMatcher.pattern(("/maps/*/embed"))))
.authorizeHttpRequests(
(auth) -> auth.requestMatchers(mvcMatcher.pattern("/maps/*/embed")).permitAll())
.headers((header -> header.frameOptions()
.disable()
))
.csrf(AbstractHttpConfigurer::disable);
return http.build();
}
@Bean
@Order(2)
SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
final MvcRequestMatcher.Builder serviceMapper = new MvcRequestMatcher.Builder(introspector).servletPath("/service");
return http
.securityMatchers((matchers) ->
matchers.requestMatchers(serviceMapper.pattern(("/**"))))
.authorizeHttpRequests(auth ->
auth
.requestMatchers(serviceMapper.pattern("/users/")).permitAll()
.requestMatchers(serviceMapper.pattern("/users/resetPassword")).permitAll()
.requestMatchers(serviceMapper.pattern("/oauth2/googlecallback")).permitAll()
.requestMatchers(serviceMapper.pattern("/oauth2/confirmaccountsync")).permitAll()
.requestMatchers(serviceMapper.pattern("/admin/**")).hasAnyRole("ADMIN")
.requestMatchers(serviceMapper.pattern("/**")).hasAnyRole("USER", "ADMIN")
)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.httpBasic(httpBasic -> {
})
.csrf(AbstractHttpConfigurer::disable)
.build();
}
@Bean
@Order(3)
public SecurityFilterChain mvcFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
final AuthenticationSuccessHandler authenticationSuccessHandler = new AuthenticationSuccessHandler();
authenticationSuccessHandler.setAlwaysUseDefaultTargetUrl(false);
authenticationSuccessHandler.setDefaultTargetUrl("/c/maps/");
final MvcRequestMatcher.Builder restfullMapper = new MvcRequestMatcher.Builder(introspector).servletPath("/c/restful");
final MvcRequestMatcher.Builder mvcMatcher = new MvcRequestMatcher.Builder(introspector).servletPath("/c");
http
.securityMatchers((matchers) ->
matchers.requestMatchers(restfullMapper.pattern(("/**"))).
requestMatchers(mvcMatcher.pattern(("/**"))))
.authorizeHttpRequests(
(auth) ->
auth
.requestMatchers(mvcMatcher.pattern("/login")).permitAll()
.requestMatchers(mvcMatcher.pattern("/logout")).permitAll()
.requestMatchers(mvcMatcher.pattern("/registration")).permitAll()
.requestMatchers(mvcMatcher.pattern("/registration-success")).permitAll()
.requestMatchers(mvcMatcher.pattern("/registration-google")).permitAll()
.requestMatchers(mvcMatcher.pattern("/forgot-password")).permitAll()
.requestMatchers(mvcMatcher.pattern("/forgot-password-success")).permitAll()
.requestMatchers(mvcMatcher.pattern("/maps/*/try")).permitAll()
.requestMatchers(mvcMatcher.pattern("/maps/*/public")).permitAll()
.requestMatchers(restfullMapper.pattern("/maps/*/document/xml-pub")).permitAll()
.requestMatchers(mvcMatcher.pattern("/**")).hasAnyRole("USER", "ADMIN")
.requestMatchers(restfullMapper.pattern("/**")).hasAnyRole("USER", "ADMIN")
.anyRequest().authenticated())
.formLogin((loginForm) ->
loginForm.loginPage("/c/login")
.loginProcessingUrl("/c/perform-login")
.defaultSuccessUrl("/c/maps/")
.failureUrl("/c/login?login_error=2"))
.logout((logout) ->
logout
.logoutUrl("/c/logout")
.logoutSuccessUrl("/c/login")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.permitAll()
).rememberMe(remember ->
remember
.tokenValiditySeconds(2419200)
.rememberMeParameter("remember-me"
).authenticationSuccessHandler(authenticationSuccessHandler)
).headers((header -> header.frameOptions()
.disable()
))
.csrf((csrf) ->
csrf.ignoringRequestMatchers(mvcMatcher.pattern("/logout")));
return http.build();
}
@Bean
@Order(4)
public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
final MvcRequestMatcher.Builder restfullMapper = new MvcRequestMatcher.Builder(introspector);
return http.authorizeHttpRequests(
(auth) ->
auth.requestMatchers(restfullMapper.pattern("/static/**")).permitAll().
requestMatchers(restfullMapper.pattern("/css/**")).permitAll().
requestMatchers(restfullMapper.pattern("/js/**")).permitAll().
requestMatchers(restfullMapper.pattern("/images/**")).permitAll().
requestMatchers(restfullMapper.pattern("/*")).permitAll()
).build();
}
@Bean
public UserDetailsService userDetailsService() {
final UserDetailsService result = new UserDetailsService();
result.setUserService(userService);
result.setAdminUser(adminUser);
return result;
}
}

View File

@ -1,30 +1,34 @@
package com.wisemapping.config; package com.wisemapping.config.mvc;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.ImportResource;
import org.springframework.web.servlet.HandlerExceptionResolver; import org.springframework.web.servlet.HandlerExceptionResolver;
import org.springframework.web.servlet.ViewResolver; import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver; import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver;
import org.springframework.web.servlet.view.InternalResourceViewResolver; import org.springframework.web.servlet.view.InternalResourceViewResolver;
import org.springframework.web.servlet.view.JstlView; import org.springframework.web.servlet.view.JstlView;
@Configuration
@SpringBootApplication
@EnableWebMvc @EnableWebMvc
public class MvcConfig implements WebMvcConfigurer { @ImportResource(value = {"classpath:spring/wisemapping-servlet.xml"})
@Override @ComponentScan("com.wisemapping.webmvc")
public void addResourceHandlers(ResourceHandlerRegistry registry) { public class MvcAppConfig implements WebMvcConfigurer {
registry // @Override
.addResourceHandler("/**") // public void addResourceHandlers(ResourceHandlerRegistry registry) {
.addResourceLocations("classpath:/public/"); // registry
} // .addResourceHandler("/**")
// .addResourceLocations("classpath:/public/");
// }
@Bean @Bean
public ViewResolver viewResolver() { public ViewResolver viewResolver() {
InternalResourceViewResolver resolver = new InternalResourceViewResolver(); InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("/views/"); resolver.setPrefix("/WEB-INF/jsp/");
resolver.setSuffix(".jsp"); resolver.setSuffix(".jsp");
resolver.setViewClass(JstlView.class); resolver.setViewClass(JstlView.class);
return resolver; return resolver;

View File

@ -0,0 +1,101 @@
package com.wisemapping.config.mvc;
import org.jetbrains.annotations.NotNull;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
@Configuration
@EnableWebSecurity
public class MvcSecurityConfig {
@Bean
@Order(1)
public SecurityFilterChain embeddedDisabledXOrigin(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector);
http
.securityMatchers((matchers) ->
matchers.requestMatchers(matcher.pattern("c/maps/*/embed")))
.authorizeHttpRequests(
(auth) -> auth.requestMatchers(matcher.pattern(("c/maps/*/embed"))).permitAll())
.headers((header -> header.frameOptions()
.disable()
))
.csrf(AbstractHttpConfigurer::disable);
return http.build();
}
@Bean
@Order(2)
public SecurityFilterChain mvcFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector);
http
.securityMatchers((matchers) ->
matchers.requestMatchers(matcher.pattern("/c/**")))
.authorizeHttpRequests(
(auth) ->
auth
.requestMatchers(matcher.pattern("/c/login")).permitAll()
.requestMatchers(matcher.pattern("/c/logout")).permitAll()
.requestMatchers(matcher.pattern("/c/registration")).permitAll()
.requestMatchers(matcher.pattern("/c/registration-success")).permitAll()
.requestMatchers(matcher.pattern("/c/registration-google")).permitAll()
.requestMatchers(matcher.pattern("/c/forgot-password")).permitAll()
.requestMatchers(matcher.pattern("/c/forgot-password-success")).permitAll()
.requestMatchers(matcher.pattern("/c/maps/*/try")).permitAll()
.requestMatchers(matcher.pattern("/c/maps/*/public")).permitAll()
.requestMatchers(matcher.pattern("/c/**")).hasAnyRole("USER", "ADMIN")
.anyRequest().authenticated())
.formLogin((loginForm) ->
loginForm.loginPage("/c/login")
.loginProcessingUrl("/c/perform-login")
.defaultSuccessUrl("/c/maps/")
.failureUrl("/c/login?login_error=2"))
.logout((logout) ->
logout
.logoutUrl("/c/logout")
.logoutSuccessUrl("/c/login")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.permitAll()
).rememberMe(remember ->
remember
.tokenValiditySeconds(2419200)
.rememberMeParameter("remember-me"
)
).headers((header -> header.frameOptions()
.disable()
))
.csrf((csrf) ->
csrf.ignoringRequestMatchers(matcher.pattern("/c/logout")));
return http.build();
}
@Bean
@Order(3)
public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector);
return http.authorizeHttpRequests(
(auth) ->
auth.requestMatchers(matcher.pattern("/static/**")).permitAll().
requestMatchers(matcher.pattern("/css/**")).permitAll().
requestMatchers(matcher.pattern("/js/**")).permitAll().
// @todo: Wht this is required ...
requestMatchers(matcher.pattern("/WEB-INF/jsp/*.jsp")).permitAll().
requestMatchers(matcher.pattern("/images/**")).permitAll().
requestMatchers(matcher.pattern("/*")).permitAll()
).build();
}
}

View File

@ -0,0 +1,12 @@
package com.wisemapping.config.mvc;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
import org.springframework.context.annotation.Configuration;
@Configuration
public class ServletConfig implements WebServerFactoryCustomizer<ConfigurableServletWebServerFactory> {
public void customize(ConfigurableServletWebServerFactory factory){
factory.setPort(8081);
}
}

View File

@ -0,0 +1,44 @@
package com.wisemapping.config.rest;
import org.jetbrains.annotations.NotNull;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
@SpringBootApplication
@EnableWebSecurity
@ComponentScan("com.wisemapping.rest")
public class RestAppConfig {
@Bean
@Order(2)
SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector).servletPath("/service");
return http
.securityMatchers((matchers) ->
matchers.requestMatchers(matcher.pattern(("/**"))))
.authorizeHttpRequests(auth ->
auth
.requestMatchers(matcher.pattern("/users/")).permitAll()
.requestMatchers(matcher.pattern("/users/resetPassword")).permitAll()
.requestMatchers(matcher.pattern("/oauth2/googlecallback")).permitAll()
.requestMatchers(matcher.pattern("/oauth2/confirmaccountsync")).permitAll()
.requestMatchers(matcher.pattern("/admin/**")).hasAnyRole("ADMIN")
.requestMatchers(matcher.pattern("/**")).hasAnyRole("USER", "ADMIN")
)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.httpBasic(httpBasic -> {
})
.csrf(AbstractHttpConfigurer::disable)
.build();
}
}

View File

@ -34,14 +34,11 @@ import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.*;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseStatus;
import java.util.List; import java.util.List;
@Controller @RestController
@PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')") @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
public class AccountController extends BaseController { public class AccountController extends BaseController {
@Qualifier("userService") @Qualifier("userService")

View File

@ -38,7 +38,7 @@ import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
import java.util.List; import java.util.List;
@Controller @RestController
@PreAuthorize("isAuthenticated() and hasRole('ROLE_ADMIN')") @PreAuthorize("isAuthenticated() and hasRole('ROLE_ADMIN')")
public class AdminController extends BaseController { public class AdminController extends BaseController {
@Qualifier("userService") @Qualifier("userService")

View File

@ -40,7 +40,7 @@ import org.springframework.web.bind.annotation.*;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import java.util.List; import java.util.List;
@Controller @RestController
@PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')") @PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
public class LabelController extends BaseController { public class LabelController extends BaseController {

View File

@ -49,7 +49,7 @@ import java.util.*;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@Controller @RestController
@Transactional(propagation = Propagation.REQUIRED) @Transactional(propagation = Propagation.REQUIRED)
public class MindmapController extends BaseController { public class MindmapController extends BaseController {
private final Logger logger = LogManager.getLogger(); private final Logger logger = LogManager.getLogger();

View File

@ -38,7 +38,7 @@ import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession; import jakarta.servlet.http.HttpSession;
@Controller @RestController
@CrossOrigin @CrossOrigin
public class OAuth2Controller extends BaseController { public class OAuth2Controller extends BaseController {
@Qualifier("userService") @Qualifier("userService")

View File

@ -47,7 +47,7 @@ import jakarta.servlet.http.HttpServletResponse;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
@Controller @RestController
@CrossOrigin @CrossOrigin
public class UserController extends BaseController { public class UserController extends BaseController {

View File

@ -1,60 +0,0 @@
/*
* Copyright [2022] [wisemapping]
*
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
* It is basically the Apache License, Version 2.0 (the "License") plus the
* "powered by wisemapping" text requirement on every single page;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the license at
*
* http://www.wisemapping.org/license
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.wisemapping.security;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
public class AuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
private final RequestCache cache;
public AuthenticationSuccessHandler() {
cache = new HttpSessionRequestCache();
this.setRequestCache(cache);
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException {
SavedRequest savedRequest = cache.getRequest(request, response);
if (savedRequest != null && savedRequest.getRedirectUrl().contains("c/restful")) {
cache.removeRequest(request, response);
}
super.onAuthenticationSuccess(request, response, authentication);
}
@Override
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
String url = super.determineTargetUrl(request, response);
// Prevent redirecting to rest services on login ...
if (url.contains("c/restful")) {
url = this.getDefaultTargetUrl();
}
return url;
}
}

View File

@ -24,6 +24,7 @@ import com.wisemapping.service.UserService;
import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable; import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.dao.DataAccessException; import org.springframework.dao.DataAccessException;
import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
@ -34,6 +35,8 @@ public class UserDetailsService
implements org.springframework.security.core.userdetails.UserDetailsService { implements org.springframework.security.core.userdetails.UserDetailsService {
@Autowired @Autowired
private UserService userService; private UserService userService;
@Value("${admin.user}")
private String adminUser; private String adminUser;
@Override @Override

View File

@ -54,7 +54,6 @@ public class MindmapServiceImpl
@Autowired @Autowired
private NotificationService notificationService; private NotificationService notificationService;
@Value("${admin.user}") @Value("${admin.user}")
private String adminUser; private String adminUser;
final private LockManager lockManager; final private LockManager lockManager;

View File

@ -31,10 +31,8 @@ import org.springframework.web.servlet.ModelAndView;
@PreAuthorize("permitAll()") @PreAuthorize("permitAll()")
public class MvcLoginController { public class MvcLoginController {
// @Value("${database.driver}")
private String driver;
@RequestMapping(value = "login", method = RequestMethod.GET) @RequestMapping(value = "c/login", method = RequestMethod.GET)
protected ModelAndView showLoginPage() { protected ModelAndView showLoginPage() {
final User user = Utils.getUser(false); final User user = Utils.getUser(false);
ModelAndView result; ModelAndView result;
@ -42,7 +40,6 @@ public class MvcLoginController {
result = new ModelAndView("forward:/c/maps/"); result = new ModelAndView("forward:/c/maps/");
} else { } else {
result = new ModelAndView("reactInclude"); result = new ModelAndView("reactInclude");
result.addObject("isHsql", driver.contains("hsql"));
} }
return result; return result;
} }

View File

@ -55,7 +55,7 @@ public class MvcMindmapController {
@Autowired @Autowired
private MindmapService mindmapService; private MindmapService mindmapService;
@RequestMapping(value = "maps/{id}/print") @RequestMapping(value = "c/maps/{id}/print")
public String showPrintPage(@PathVariable int id, @NotNull Model model) throws MapCouldNotFoundException, AccessDeniedSecurityException { public String showPrintPage(@PathVariable int id, @NotNull Model model) throws MapCouldNotFoundException, AccessDeniedSecurityException {
final MindMapBean mindmap = findMindmapBean(id); final MindMapBean mindmap = findMindmapBean(id);
@ -67,12 +67,12 @@ public class MvcMindmapController {
return "mindmapViewonly"; return "mindmapViewonly";
} }
@RequestMapping(value = "maps/") @RequestMapping(value = "c/maps/")
public String showListPage(@NotNull Model model) { public String showListPage(@NotNull Model model) {
return "reactInclude"; return "reactInclude";
} }
@RequestMapping(value = "maps/{id}/edit", method = RequestMethod.GET) @RequestMapping(value = "c/maps/{id}/edit", method = RequestMethod.GET)
public String showMindmapEditorPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException { public String showMindmapEditorPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException {
return showEditorPage(id, model, true); return showEditorPage(id, model, true);
} }
@ -104,26 +104,26 @@ public class MvcMindmapController {
return "mindmapEditor"; return "mindmapEditor";
} }
@RequestMapping(value = "maps/{id}/view", method = RequestMethod.GET) @RequestMapping(value = "c/maps/{id}/view", method = RequestMethod.GET)
public String showMindmapViewerPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException { public String showMindmapViewerPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException {
final String result = showPrintPage(id, model); final String result = showPrintPage(id, model);
return result; return result;
} }
@RequestMapping(value = "maps/{id}/try", method = RequestMethod.GET) @RequestMapping(value = "c/maps/{id}/try", method = RequestMethod.GET)
@PreAuthorize("permitAll()") @PreAuthorize("permitAll()")
public String showMindmapTryPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException { public String showMindmapTryPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException {
return showEditorPage(id, model, false); return showEditorPage(id, model, false);
} }
@RequestMapping(value = "maps/{id}/{hid}/view", method = RequestMethod.GET) @RequestMapping(value = "c/maps/{id}/{hid}/view", method = RequestMethod.GET)
public String showMindmapViewerRevPage(@PathVariable int id, @PathVariable int hid, @NotNull Model model) throws WiseMappingException { public String showMindmapViewerRevPage(@PathVariable int id, @PathVariable int hid, @NotNull Model model) throws WiseMappingException {
final String result = showPrintPage(id, model); final String result = showPrintPage(id, model);
model.addAttribute("hid", String.valueOf(hid)); model.addAttribute("hid", String.valueOf(hid));
return result; return result;
} }
@RequestMapping(value = "maps/{id}/embed") @RequestMapping(value = "c/maps/{id}/embed")
@PreAuthorize("permitAll()") @PreAuthorize("permitAll()")
public ModelAndView showEmbeddedPage(@PathVariable int id, @RequestParam(required = false) Float zoom) throws MapCouldNotFoundException, MapNotPublicSecurityException, AccessDeniedSecurityException { public ModelAndView showEmbeddedPage(@PathVariable int id, @RequestParam(required = false) Float zoom) throws MapCouldNotFoundException, MapNotPublicSecurityException, AccessDeniedSecurityException {
if (!mindmapService.isMindmapPublic(id)) { if (!mindmapService.isMindmapPublic(id)) {
@ -138,7 +138,7 @@ public class MvcMindmapController {
return view; return view;
} }
@RequestMapping(value = "maps/{id}/public", method = RequestMethod.GET) @RequestMapping(value = "c/maps/{id}/public", method = RequestMethod.GET)
@PreAuthorize("permitAll()") @PreAuthorize("permitAll()")
public String showPublicViewPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException { public String showPublicViewPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException {
if (!mindmapService.isMindmapPublic(id)) { if (!mindmapService.isMindmapPublic(id)) {
@ -147,20 +147,6 @@ public class MvcMindmapController {
return this.showPrintPage(id, model); return this.showPrintPage(id, model);
} }
@Deprecated
@RequestMapping(value = "publicView", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public String showPublicViewPageLegacy(@RequestParam(required = true) int mapId) {
return "redirect:maps/" + mapId + "/public";
}
@Deprecated
@RequestMapping(value = "embeddedView", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public String showPublicViewLegacyPage(@RequestParam(required = true) int mapId, @RequestParam(required = false) int zoom) {
return "redirect:maps/" + mapId + "/embed?zoom=" + zoom;
}
@NotNull @NotNull
private Mindmap findMindmap(int mapId) throws MapCouldNotFoundException { private Mindmap findMindmap(int mapId) throws MapCouldNotFoundException {
final Mindmap result = mindmapService.findMindmapById(mapId); final Mindmap result = mindmapService.findMindmapById(mapId);

View File

@ -35,31 +35,31 @@ public class MvcUsersController {
@Autowired @Autowired
private UserService userService; private UserService userService;
@RequestMapping(value = "forgot-password", method = RequestMethod.GET) @RequestMapping(value = "c/forgot-password", method = RequestMethod.GET)
@PreAuthorize("permitAll()") @PreAuthorize("permitAll()")
public ModelAndView showResetPasswordPage() { public ModelAndView showResetPasswordPage() {
return new ModelAndView("reactInclude"); return new ModelAndView("reactInclude");
} }
@RequestMapping(value = "registration-google", method = RequestMethod.GET) @RequestMapping(value = "c/registration-google", method = RequestMethod.GET)
@PreAuthorize("permitAll()") @PreAuthorize("permitAll()")
public ModelAndView processGoogleCallback() { public ModelAndView processGoogleCallback() {
return new ModelAndView("reactInclude"); return new ModelAndView("reactInclude");
} }
@RequestMapping(value = "registration", method = RequestMethod.GET) @RequestMapping(value = "c/registration", method = RequestMethod.GET)
@PreAuthorize("permitAll()") @PreAuthorize("permitAll()")
public ModelAndView showRegistrationPage() { public ModelAndView showRegistrationPage() {
return new ModelAndView("reactInclude"); return new ModelAndView("reactInclude");
} }
@RequestMapping(value = "registration-success", method = RequestMethod.GET) @RequestMapping(value = "c/registration-success", method = RequestMethod.GET)
@PreAuthorize("permitAll()") @PreAuthorize("permitAll()")
public ModelAndView showRegistrationSuccess() { public ModelAndView showRegistrationSuccess() {
return new ModelAndView("reactInclude"); return new ModelAndView("reactInclude");
} }
@RequestMapping(value = "forgot-password-success", method = RequestMethod.GET) @RequestMapping(value = "c/forgot-password-success", method = RequestMethod.GET)
@PreAuthorize("permitAll()") @PreAuthorize("permitAll()")
public ModelAndView showResetPasswordSuccess() { public ModelAndView showResetPasswordSuccess() {
return new ModelAndView("reactInclude"); return new ModelAndView("reactInclude");

View File

@ -179,3 +179,6 @@ spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.HSQLDialect
spring.jpa.open-in-view=true spring.jpa.open-in-view=true
spring.h2.console.enabled=true spring.h2.console.enabled=true
spring.h2.console.path=/h2-ui spring.h2.console.path=/h2-ui
logging.level.root=TRACE

View File

@ -1,14 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<Configuration status="DEBUG"> <Configuration status="TRACE">
<Appenders> <Appenders>
<Console name="LogToConsole" target="SYSTEM_OUT"> <Console name="LogToConsole" target="SYSTEM_OUT">
<PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n"/> <PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n"/>
</Console> </Console>
<File name="LogToFile" fileName="/var/log/wisemapping.log">
<PatternLayout>
<Pattern>%d %p %c{1.} [%t] %m%n</Pattern>
</PatternLayout>
</File>
</Appenders> </Appenders>
<Loggers> <Loggers>
<Logger name="com.wisemapping" level="trace"> <Logger name="com.wisemapping" level="trace">

View File

@ -1,11 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<!-- <context:property-placeholder location="/WEB-INF/app.properties" ignore-unresolvable="true"/>-->
<import resource="wisemapping-service.xml"/>
<import resource="wisemapping-servlet.xml"/>
</beans>

View File

@ -49,13 +49,4 @@
</list> </list>
</property> </property>
</bean> </bean>
<!-- <bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">-->
<!-- <property name="defaultEncoding" value="UTF-8"/>-->
<!-- <property name="basenames">-->
<!-- <list>-->
<!-- <value>messages</value>-->
<!-- </list>-->
<!-- </property>-->
<!-- </bean>-->
</beans> </beans>

View File

@ -1,18 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" <beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation=" xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd"> http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<context:component-scan base-package="com.wisemapping"/>
<!-- Interceptors Registration --> <!-- Interceptors Registration -->
<mvc:interceptors> <mvc:interceptors>
<bean id="userLocaleInterceptor" class="com.wisemapping.filter.UserLocaleInterceptor"/> <bean id="userLocaleInterceptor" class="com.wisemapping.filter.UserLocaleInterceptor"/>
@ -23,12 +17,4 @@
<!-- class="org.springframework.web.servlet.i18n.SessionLocaleResolver">--> <!-- class="org.springframework.web.servlet.i18n.SessionLocaleResolver">-->
<!-- </bean>--> <!-- </bean>-->
<!-- <bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">-->
<!-- <property name="defaultEncoding" value="UTF-8"/>-->
<!-- <property name="basenames">-->
<!-- <list>-->
<!-- <value>messages</value>-->
<!-- </list>-->
<!-- </property>-->
<!-- </bean>-->
</beans> </beans>

View File

@ -1,131 +1,131 @@
<?xml version="1.0" encoding="UTF-8"?> <!--<?xml version="1.0" encoding="UTF-8"?>-->
<web-app version="5.0" <!--<web-app version="5.0"-->
xmlns="https://jakarta.ee/xml/ns/jakartaee" <!-- xmlns="https://jakarta.ee/xml/ns/jakartaee"-->
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" <!-- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"-->
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_5_0.xsd"> <!-- xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_5_0.xsd">-->
<filter> <!-- <filter>-->
<filter-name>charsetFilter</filter-name> <!-- <filter-name>charsetFilter</filter-name>-->
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <!-- <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>-->
<init-param> <!-- <init-param>-->
<param-name>encoding</param-name> <!-- <param-name>encoding</param-name>-->
<param-value>UTF-8</param-value> <!-- <param-value>UTF-8</param-value>-->
</init-param> <!-- </init-param>-->
</filter> <!-- </filter>-->
<distributable/> <!-- <distributable/>-->
<context-param> <!-- <context-param>-->
<param-name>jakarta.servlet.jsp.jstl.fmt.localizationContext</param-name> <!-- <param-name>jakarta.servlet.jsp.jstl.fmt.localizationContext</param-name>-->
<param-value>messages</param-value> <!-- <param-value>messages</param-value>-->
</context-param> <!-- </context-param>-->
<context-param> <!-- <context-param>-->
<param-name>contextConfigLocation</param-name> <!-- <param-name>contextConfigLocation</param-name>-->
<param-value> <!-- <param-value>-->
classpath:spring/wisemapping-common.xml <!-- classpath:spring/wisemapping-common.xml-->
</param-value> <!-- </param-value>-->
</context-param> <!-- </context-param>-->
<context-param> <!-- <context-param>-->
<param-name>contextInitializerClasses</param-name> <!-- <param-name>contextInitializerClasses</param-name>-->
<param-value>com.wisemapping.webmvc.ApplicationContextInitializer</param-value> <!-- <param-value>com.wisemapping.webmvc.ApplicationContextInitializer</param-value>-->
</context-param> <!-- </context-param>-->
<!-- -->
<!-- &lt;!&ndash;-->
<!-- - Loads the root application context of this web app at startup.-->
<!-- - The application context is then available via-->
<!-- - WebApplicationContextUtils.getWebApplicationContext(servletContext).-->
<!-- &ndash;&gt;-->
<!-- <!-- <listener>-->
- Loads the root application context of this web app at startup. <!-- <listener-class>com.wisemapping.listener.UnlockOnExpireListener</listener-class>-->
- The application context is then available via <!-- </listener>-->
- WebApplicationContextUtils.getWebApplicationContext(servletContext).
-->
<listener> <!-- <filter>-->
<listener-class>com.wisemapping.listener.UnlockOnExpireListener</listener-class> <!-- <filter-name>hibernate</filter-name>-->
</listener> <!-- <filter-class>org.springframework.orm.hibernate5.support.OpenSessionInViewFilter</filter-class>-->
<!-- <init-param>-->
<!-- <param-name>singleSession</param-name>-->
<!-- <param-value>true</param-value>-->
<!-- </init-param>-->
<!-- <init-param>-->
<!-- <param-name>sessionFactoryBeanName</param-name>-->
<!-- <param-value>sessionFactory</param-value>-->
<!-- </init-param>-->
<!-- </filter>-->
<filter> <!-- <filter>-->
<filter-name>hibernate</filter-name> <!-- <filter-name>springSecurityFilterChain</filter-name>-->
<filter-class>org.springframework.orm.hibernate5.support.OpenSessionInViewFilter</filter-class> <!-- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>-->
<init-param> <!-- </filter>-->
<param-name>singleSession</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>sessionFactoryBeanName</param-name>
<param-value>sessionFactory</param-value>
</init-param>
</filter>
<filter> <!-- <filter-mapping>-->
<filter-name>springSecurityFilterChain</filter-name> <!-- <filter-name>springSecurityFilterChain</filter-name>-->
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <!-- <url-pattern>/*</url-pattern>-->
</filter> <!-- </filter-mapping>-->
<filter-mapping> <!-- <filter-mapping>-->
<filter-name>springSecurityFilterChain</filter-name> <!-- <filter-name>hibernate</filter-name>-->
<url-pattern>/*</url-pattern> <!-- <url-pattern>/*</url-pattern>-->
</filter-mapping> <!-- </filter-mapping>-->
<filter-mapping> <!-- <filter-mapping>-->
<filter-name>hibernate</filter-name> <!-- <filter-name>charsetFilter</filter-name>-->
<url-pattern>/*</url-pattern> <!-- <url-pattern>/*</url-pattern>-->
</filter-mapping> <!-- </filter-mapping>-->
<filter-mapping>
<filter-name>charsetFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener> <!-- <listener>-->
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> <!-- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>-->
</listener> <!-- </listener>-->
<servlet> <!-- <servlet>-->
<servlet-name>mvc-servlet</servlet-name> <!-- <servlet-name>mvc-servlet</servlet-name>-->
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <!-- <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>-->
<init-param> <!-- <init-param>-->
<param-name>contextConfigLocation</param-name> <!-- <param-name>contextConfigLocation</param-name>-->
<param-value> <!-- <param-value>-->
classpath:spring/wisemapping-servlet.xml <!-- classpath:spring/wisemapping-servlet.xml-->
</param-value> <!-- </param-value>-->
</init-param> <!-- </init-param>-->
<load-on-startup>1</load-on-startup> <!-- <load-on-startup>1</load-on-startup>-->
</servlet> <!-- </servlet>-->
<servlet> <!-- <servlet>-->
<servlet-name>mvc-rest</servlet-name> <!-- <servlet-name>mvc-rest</servlet-name>-->
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <!-- <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>-->
<init-param> <!-- <init-param>-->
<param-name>contextConfigLocation</param-name> <!-- <param-name>contextConfigLocation</param-name>-->
<param-value> <!-- <param-value>-->
classpath:spring/wisemapping-rest.xml <!-- classpath:spring/wisemapping-rest.xml-->
</param-value> <!-- </param-value>-->
</init-param> <!-- </init-param>-->
<load-on-startup>1</load-on-startup> <!-- <load-on-startup>1</load-on-startup>-->
</servlet> <!-- </servlet>-->
<servlet-mapping> <!-- <servlet-mapping>-->
<servlet-name>mvc-servlet</servlet-name> <!-- <servlet-name>mvc-servlet</servlet-name>-->
<url-pattern>/c/*</url-pattern> <!-- <url-pattern>/c/*</url-pattern>-->
</servlet-mapping> <!-- </servlet-mapping>-->
<servlet-mapping> <!-- <servlet-mapping>-->
<servlet-name>mvc-rest</servlet-name> <!-- <servlet-name>mvc-rest</servlet-name>-->
<url-pattern>/service/*</url-pattern> <!-- <url-pattern>/service/*</url-pattern>-->
</servlet-mapping> <!-- </servlet-mapping>-->
<servlet-mapping> <!-- <servlet-mapping>-->
<servlet-name>mvc-rest</servlet-name> <!-- <servlet-name>mvc-rest</servlet-name>-->
<url-pattern>/c/restful/*</url-pattern> <!-- <url-pattern>/c/restful/*</url-pattern>-->
</servlet-mapping> <!-- </servlet-mapping>-->
<welcome-file-list> <!-- <welcome-file-list>-->
<welcome-file> <!-- <welcome-file>-->
index.jsp <!-- index.jsp-->
</welcome-file> <!-- </welcome-file>-->
</welcome-file-list> <!-- </welcome-file-list>-->
<session-config> <!-- <session-config>-->
<session-timeout>1440</session-timeout> <!-- <session-timeout>1440</session-timeout>-->
</session-config> <!-- </session-config>-->
</web-app> <!--</web-app>-->