From 50a0c340b2381480dfd6f59109abad2647e649b0 Mon Sep 17 00:00:00 2001 From: Paulo Gustavo Veiga Date: Sun, 21 Jan 2024 15:18:07 -0800 Subject: [PATCH] Improve security filter code. --- .../wisemapping/{config => }/Application.java | 10 +++------- .../wisemapping/config/common/CommonConfig.java | 10 +++++----- .../config/common/HibernateConfig.java | 6 +++--- .../config/mvc/InterceptorsConfig.java | 4 ++-- .../wisemapping/config/mvc/MvcAppConfig.java | 9 ++++----- .../config/rest/InterceptorsConfig.java | 1 - .../wisemapping/config/rest/RestAppConfig.java | 13 ++++++++----- .../wisemapping/config/rest/ServletConfig.java | 17 +++++++++++++++++ 8 files changed, 42 insertions(+), 28 deletions(-) rename wise-webapp/src/main/java/com/wisemapping/{config => }/Application.java (66%) diff --git a/wise-webapp/src/main/java/com/wisemapping/config/Application.java b/wise-webapp/src/main/java/com/wisemapping/Application.java similarity index 66% rename from wise-webapp/src/main/java/com/wisemapping/config/Application.java rename to wise-webapp/src/main/java/com/wisemapping/Application.java index e129bf45..5ac5f722 100644 --- a/wise-webapp/src/main/java/com/wisemapping/config/Application.java +++ b/wise-webapp/src/main/java/com/wisemapping/Application.java @@ -1,11 +1,7 @@ -package com.wisemapping.config; +package com.wisemapping; import com.wisemapping.config.common.CommonConfig; -import com.wisemapping.config.common.HibernateConfig; import com.wisemapping.config.mvc.MvcAppConfig; -import com.wisemapping.config.rest.InterceptorsConfig; -import com.wisemapping.config.common.SecurityConfig; -import com.wisemapping.config.rest.ServletConfig; import com.wisemapping.config.rest.RestAppConfig; import org.springframework.boot.WebApplicationType; import org.springframework.boot.builder.SpringApplicationBuilder; @@ -17,8 +13,8 @@ public class Application { public static void main(String[] args) { new SpringApplicationBuilder() .parent(CommonConfig.class).web(WebApplicationType.NONE) - .child(MvcAppConfig.class).web(WebApplicationType.SERVLET) - .sibling(RestAppConfig.class).web(WebApplicationType.SERVLET) + .child(RestAppConfig.class).web(WebApplicationType.SERVLET) +// .sibling(MvcAppConfig.class).web(WebApplicationType.SERVLET) .run(args); } diff --git a/wise-webapp/src/main/java/com/wisemapping/config/common/CommonConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/common/CommonConfig.java index 42f4266b..e3070009 100644 --- a/wise-webapp/src/main/java/com/wisemapping/config/common/CommonConfig.java +++ b/wise-webapp/src/main/java/com/wisemapping/config/common/CommonConfig.java @@ -1,17 +1,17 @@ package com.wisemapping.config.common; -import com.wisemapping.config.rest.ServletConfig; import com.wisemapping.dao.LabelManagerImpl; -import com.wisemapping.model.Mindmap; import com.wisemapping.security.AuthenticationProvider; import com.wisemapping.service.MindmapServiceImpl; import com.wisemapping.util.VelocityEngineUtils; +import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.context.annotation.ComponentScan; -import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Import; import org.springframework.context.annotation.ImportResource; -@Configuration +@ComponentScan(basePackageClasses = {AuthenticationProvider.class, MindmapServiceImpl.class, LabelManagerImpl.class, VelocityEngineUtils.class}) +@Import({HibernateConfig.class, SecurityConfig.class}) +@EnableAutoConfiguration @ImportResource(value = {"classpath:spring/wisemapping-mail.xml"}) -@ComponentScan(basePackageClasses = {HibernateConfig.class, SecurityConfig.class, AuthenticationProvider.class, MindmapServiceImpl.class, LabelManagerImpl.class, VelocityEngineUtils.class}) public class CommonConfig { } diff --git a/wise-webapp/src/main/java/com/wisemapping/config/common/HibernateConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/common/HibernateConfig.java index 56a4a281..98a15eb3 100644 --- a/wise-webapp/src/main/java/com/wisemapping/config/common/HibernateConfig.java +++ b/wise-webapp/src/main/java/com/wisemapping/config/common/HibernateConfig.java @@ -1,15 +1,15 @@ package com.wisemapping.config.common; +import com.wisemapping.dao.MindmapManagerImpl; import com.wisemapping.model.User; -import org.springframework.boot.autoconfigure.EnableAutoConfiguration; +import com.wisemapping.service.MindmapServiceImpl; import org.springframework.boot.autoconfigure.domain.EntityScan; import org.springframework.context.annotation.Configuration; import org.springframework.data.jpa.repository.config.EnableJpaRepositories; @Configuration -@EnableAutoConfiguration -@EnableJpaRepositories(basePackages={"com.wisemapping.dao","com.wisemapping.service"}) +@EnableJpaRepositories(basePackageClasses={MindmapServiceImpl.class, MindmapManagerImpl.class}) @EntityScan(basePackageClasses= User.class) public class HibernateConfig { diff --git a/wise-webapp/src/main/java/com/wisemapping/config/mvc/InterceptorsConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/mvc/InterceptorsConfig.java index 8504a163..400a68e5 100644 --- a/wise-webapp/src/main/java/com/wisemapping/config/mvc/InterceptorsConfig.java +++ b/wise-webapp/src/main/java/com/wisemapping/config/mvc/InterceptorsConfig.java @@ -26,8 +26,8 @@ import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; -@Configuration -@ComponentScan(basePackageClasses = UserLocaleInterceptor.class) +//@Configuration +//@ComponentScan(basePackageClasses = UserLocaleInterceptor.class) public class InterceptorsConfig implements WebMvcConfigurer { @Autowired private UserLocaleInterceptor userLocaleInterceptor; diff --git a/wise-webapp/src/main/java/com/wisemapping/config/mvc/MvcAppConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/mvc/MvcAppConfig.java index b9ec21fe..c17f0b51 100644 --- a/wise-webapp/src/main/java/com/wisemapping/config/mvc/MvcAppConfig.java +++ b/wise-webapp/src/main/java/com/wisemapping/config/mvc/MvcAppConfig.java @@ -1,11 +1,9 @@ package com.wisemapping.config.mvc; import com.wisemapping.webmvc.MvcMindmapController; -import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.ComponentScan; -import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Import; import org.springframework.web.servlet.HandlerExceptionResolver; import org.springframework.web.servlet.ViewResolver; import org.springframework.web.servlet.config.annotation.EnableWebMvc; @@ -16,8 +14,9 @@ import org.springframework.web.servlet.view.InternalResourceViewResolver; import org.springframework.web.servlet.view.JstlView; -@SpringBootApplication(scanBasePackageClasses = {MvcMindmapController.class, MvcSecurityConfig.class}) -@EnableWebMvc +//@SpringBootApplication +//@Import({MvcMindmapController.class, MvcSecurityConfig.class}) +//@EnableWebMvc public class MvcAppConfig implements WebMvcConfigurer { @Override public void addResourceHandlers(ResourceHandlerRegistry registry) { diff --git a/wise-webapp/src/main/java/com/wisemapping/config/rest/InterceptorsConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/rest/InterceptorsConfig.java index e5baf5d5..ac1c9784 100644 --- a/wise-webapp/src/main/java/com/wisemapping/config/rest/InterceptorsConfig.java +++ b/wise-webapp/src/main/java/com/wisemapping/config/rest/InterceptorsConfig.java @@ -23,7 +23,6 @@ import org.jetbrains.annotations.NotNull; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; -import org.springframework.stereotype.Component; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; diff --git a/wise-webapp/src/main/java/com/wisemapping/config/rest/RestAppConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/rest/RestAppConfig.java index 52b2db4d..015a3535 100644 --- a/wise-webapp/src/main/java/com/wisemapping/config/rest/RestAppConfig.java +++ b/wise-webapp/src/main/java/com/wisemapping/config/rest/RestAppConfig.java @@ -2,22 +2,24 @@ package com.wisemapping.config.rest; import com.wisemapping.rest.MindmapController; import org.jetbrains.annotations.NotNull; -import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.ComponentScan; -import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Import; import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.handler.HandlerMappingIntrospector; import static org.springframework.security.config.Customizer.withDefaults; -@SpringBootApplication(scanBasePackageClasses = {MindmapController.class, ServletConfig.class}) +@SpringBootApplication +@Import({MindmapController.class, ServletConfig.class}) +@EnableWebSecurity public class RestAppConfig { @Bean MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) { @@ -27,7 +29,6 @@ public class RestAppConfig { @Bean SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final MvcRequestMatcher.Builder mvc) throws Exception { return http - .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests(auth -> auth .requestMatchers(mvc.pattern("/api/restfull/users/")).permitAll() .requestMatchers(mvc.pattern("/api/restfull/users/resetPassword")).permitAll() @@ -37,6 +38,8 @@ public class RestAppConfig { .requestMatchers(mvc.pattern("/**")).hasAnyRole("USER", "ADMIN") .anyRequest().authenticated() ) + + .csrf(AbstractHttpConfigurer::disable) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .httpBasic(withDefaults()) .build(); diff --git a/wise-webapp/src/main/java/com/wisemapping/config/rest/ServletConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/rest/ServletConfig.java index 1b6d58b6..bd2cccb1 100644 --- a/wise-webapp/src/main/java/com/wisemapping/config/rest/ServletConfig.java +++ b/wise-webapp/src/main/java/com/wisemapping/config/rest/ServletConfig.java @@ -1,3 +1,20 @@ +/* + * Copyright [2022] [wisemapping] + * + * Licensed under WiseMapping Public License, Version 1.0 (the "License"). + * It is basically the Apache License, Version 2.0 (the "License") plus the + * "powered by wisemapping" text requirement on every single page; + * you may not use this file except in compliance with the License. + * You may obtain a copy of the license at + * + * http://www.wisemapping.org/license + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.wisemapping.config.rest; import org.springframework.boot.web.server.WebServerFactoryCustomizer;