mirror of
https://bitbucket.org/wisemapping/wisemapping-open-source.git
synced 2024-11-25 23:44:54 +01:00
Improve security filter code.
This commit is contained in:
parent
a3b289a738
commit
50a0c340b2
@ -1,11 +1,7 @@
|
|||||||
package com.wisemapping.config;
|
package com.wisemapping;
|
||||||
|
|
||||||
import com.wisemapping.config.common.CommonConfig;
|
import com.wisemapping.config.common.CommonConfig;
|
||||||
import com.wisemapping.config.common.HibernateConfig;
|
|
||||||
import com.wisemapping.config.mvc.MvcAppConfig;
|
import com.wisemapping.config.mvc.MvcAppConfig;
|
||||||
import com.wisemapping.config.rest.InterceptorsConfig;
|
|
||||||
import com.wisemapping.config.common.SecurityConfig;
|
|
||||||
import com.wisemapping.config.rest.ServletConfig;
|
|
||||||
import com.wisemapping.config.rest.RestAppConfig;
|
import com.wisemapping.config.rest.RestAppConfig;
|
||||||
import org.springframework.boot.WebApplicationType;
|
import org.springframework.boot.WebApplicationType;
|
||||||
import org.springframework.boot.builder.SpringApplicationBuilder;
|
import org.springframework.boot.builder.SpringApplicationBuilder;
|
||||||
@ -17,8 +13,8 @@ public class Application {
|
|||||||
public static void main(String[] args) {
|
public static void main(String[] args) {
|
||||||
new SpringApplicationBuilder()
|
new SpringApplicationBuilder()
|
||||||
.parent(CommonConfig.class).web(WebApplicationType.NONE)
|
.parent(CommonConfig.class).web(WebApplicationType.NONE)
|
||||||
.child(MvcAppConfig.class).web(WebApplicationType.SERVLET)
|
.child(RestAppConfig.class).web(WebApplicationType.SERVLET)
|
||||||
.sibling(RestAppConfig.class).web(WebApplicationType.SERVLET)
|
// .sibling(MvcAppConfig.class).web(WebApplicationType.SERVLET)
|
||||||
.run(args);
|
.run(args);
|
||||||
}
|
}
|
||||||
|
|
@ -1,17 +1,17 @@
|
|||||||
package com.wisemapping.config.common;
|
package com.wisemapping.config.common;
|
||||||
|
|
||||||
import com.wisemapping.config.rest.ServletConfig;
|
|
||||||
import com.wisemapping.dao.LabelManagerImpl;
|
import com.wisemapping.dao.LabelManagerImpl;
|
||||||
import com.wisemapping.model.Mindmap;
|
|
||||||
import com.wisemapping.security.AuthenticationProvider;
|
import com.wisemapping.security.AuthenticationProvider;
|
||||||
import com.wisemapping.service.MindmapServiceImpl;
|
import com.wisemapping.service.MindmapServiceImpl;
|
||||||
import com.wisemapping.util.VelocityEngineUtils;
|
import com.wisemapping.util.VelocityEngineUtils;
|
||||||
|
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||||
import org.springframework.context.annotation.ComponentScan;
|
import org.springframework.context.annotation.ComponentScan;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Import;
|
||||||
import org.springframework.context.annotation.ImportResource;
|
import org.springframework.context.annotation.ImportResource;
|
||||||
|
|
||||||
@Configuration
|
@ComponentScan(basePackageClasses = {AuthenticationProvider.class, MindmapServiceImpl.class, LabelManagerImpl.class, VelocityEngineUtils.class})
|
||||||
|
@Import({HibernateConfig.class, SecurityConfig.class})
|
||||||
|
@EnableAutoConfiguration
|
||||||
@ImportResource(value = {"classpath:spring/wisemapping-mail.xml"})
|
@ImportResource(value = {"classpath:spring/wisemapping-mail.xml"})
|
||||||
@ComponentScan(basePackageClasses = {HibernateConfig.class, SecurityConfig.class, AuthenticationProvider.class, MindmapServiceImpl.class, LabelManagerImpl.class, VelocityEngineUtils.class})
|
|
||||||
public class CommonConfig {
|
public class CommonConfig {
|
||||||
}
|
}
|
||||||
|
@ -1,15 +1,15 @@
|
|||||||
package com.wisemapping.config.common;
|
package com.wisemapping.config.common;
|
||||||
|
|
||||||
|
import com.wisemapping.dao.MindmapManagerImpl;
|
||||||
import com.wisemapping.model.User;
|
import com.wisemapping.model.User;
|
||||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
import com.wisemapping.service.MindmapServiceImpl;
|
||||||
import org.springframework.boot.autoconfigure.domain.EntityScan;
|
import org.springframework.boot.autoconfigure.domain.EntityScan;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
|
import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
|
||||||
|
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableAutoConfiguration
|
@EnableJpaRepositories(basePackageClasses={MindmapServiceImpl.class, MindmapManagerImpl.class})
|
||||||
@EnableJpaRepositories(basePackages={"com.wisemapping.dao","com.wisemapping.service"})
|
|
||||||
@EntityScan(basePackageClasses= User.class)
|
@EntityScan(basePackageClasses= User.class)
|
||||||
public class HibernateConfig {
|
public class HibernateConfig {
|
||||||
|
|
||||||
|
@ -26,8 +26,8 @@ import org.springframework.context.annotation.Configuration;
|
|||||||
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
||||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||||
|
|
||||||
@Configuration
|
//@Configuration
|
||||||
@ComponentScan(basePackageClasses = UserLocaleInterceptor.class)
|
//@ComponentScan(basePackageClasses = UserLocaleInterceptor.class)
|
||||||
public class InterceptorsConfig implements WebMvcConfigurer {
|
public class InterceptorsConfig implements WebMvcConfigurer {
|
||||||
@Autowired
|
@Autowired
|
||||||
private UserLocaleInterceptor userLocaleInterceptor;
|
private UserLocaleInterceptor userLocaleInterceptor;
|
||||||
|
@ -1,11 +1,9 @@
|
|||||||
package com.wisemapping.config.mvc;
|
package com.wisemapping.config.mvc;
|
||||||
|
|
||||||
import com.wisemapping.webmvc.MvcMindmapController;
|
import com.wisemapping.webmvc.MvcMindmapController;
|
||||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
|
||||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.ComponentScan;
|
import org.springframework.context.annotation.Import;
|
||||||
import org.springframework.context.annotation.Configuration;
|
|
||||||
import org.springframework.web.servlet.HandlerExceptionResolver;
|
import org.springframework.web.servlet.HandlerExceptionResolver;
|
||||||
import org.springframework.web.servlet.ViewResolver;
|
import org.springframework.web.servlet.ViewResolver;
|
||||||
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
|
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
|
||||||
@ -16,8 +14,9 @@ import org.springframework.web.servlet.view.InternalResourceViewResolver;
|
|||||||
import org.springframework.web.servlet.view.JstlView;
|
import org.springframework.web.servlet.view.JstlView;
|
||||||
|
|
||||||
|
|
||||||
@SpringBootApplication(scanBasePackageClasses = {MvcMindmapController.class, MvcSecurityConfig.class})
|
//@SpringBootApplication
|
||||||
@EnableWebMvc
|
//@Import({MvcMindmapController.class, MvcSecurityConfig.class})
|
||||||
|
//@EnableWebMvc
|
||||||
public class MvcAppConfig implements WebMvcConfigurer {
|
public class MvcAppConfig implements WebMvcConfigurer {
|
||||||
@Override
|
@Override
|
||||||
public void addResourceHandlers(ResourceHandlerRegistry registry) {
|
public void addResourceHandlers(ResourceHandlerRegistry registry) {
|
||||||
|
@ -23,7 +23,6 @@ import org.jetbrains.annotations.NotNull;
|
|||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.context.annotation.ComponentScan;
|
import org.springframework.context.annotation.ComponentScan;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.stereotype.Component;
|
|
||||||
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
||||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||||
|
|
||||||
|
@ -2,22 +2,24 @@ package com.wisemapping.config.rest;
|
|||||||
|
|
||||||
import com.wisemapping.rest.MindmapController;
|
import com.wisemapping.rest.MindmapController;
|
||||||
import org.jetbrains.annotations.NotNull;
|
import org.jetbrains.annotations.NotNull;
|
||||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
|
||||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.ComponentScan;
|
import org.springframework.context.annotation.Import;
|
||||||
import org.springframework.context.annotation.Configuration;
|
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
|
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
|
||||||
|
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||||
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
|
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
|
||||||
|
|
||||||
import static org.springframework.security.config.Customizer.withDefaults;
|
import static org.springframework.security.config.Customizer.withDefaults;
|
||||||
|
|
||||||
|
|
||||||
@SpringBootApplication(scanBasePackageClasses = {MindmapController.class, ServletConfig.class})
|
@SpringBootApplication
|
||||||
|
@Import({MindmapController.class, ServletConfig.class})
|
||||||
|
@EnableWebSecurity
|
||||||
public class RestAppConfig {
|
public class RestAppConfig {
|
||||||
@Bean
|
@Bean
|
||||||
MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
|
MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
|
||||||
@ -27,7 +29,6 @@ public class RestAppConfig {
|
|||||||
@Bean
|
@Bean
|
||||||
SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final MvcRequestMatcher.Builder mvc) throws Exception {
|
SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final MvcRequestMatcher.Builder mvc) throws Exception {
|
||||||
return http
|
return http
|
||||||
.csrf(AbstractHttpConfigurer::disable)
|
|
||||||
.authorizeHttpRequests(auth -> auth
|
.authorizeHttpRequests(auth -> auth
|
||||||
.requestMatchers(mvc.pattern("/api/restfull/users/")).permitAll()
|
.requestMatchers(mvc.pattern("/api/restfull/users/")).permitAll()
|
||||||
.requestMatchers(mvc.pattern("/api/restfull/users/resetPassword")).permitAll()
|
.requestMatchers(mvc.pattern("/api/restfull/users/resetPassword")).permitAll()
|
||||||
@ -37,6 +38,8 @@ public class RestAppConfig {
|
|||||||
.requestMatchers(mvc.pattern("/**")).hasAnyRole("USER", "ADMIN")
|
.requestMatchers(mvc.pattern("/**")).hasAnyRole("USER", "ADMIN")
|
||||||
.anyRequest().authenticated()
|
.anyRequest().authenticated()
|
||||||
)
|
)
|
||||||
|
|
||||||
|
.csrf(AbstractHttpConfigurer::disable)
|
||||||
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
|
||||||
.httpBasic(withDefaults())
|
.httpBasic(withDefaults())
|
||||||
.build();
|
.build();
|
||||||
|
@ -1,3 +1,20 @@
|
|||||||
|
/*
|
||||||
|
* Copyright [2022] [wisemapping]
|
||||||
|
*
|
||||||
|
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
|
||||||
|
* It is basically the Apache License, Version 2.0 (the "License") plus the
|
||||||
|
* "powered by wisemapping" text requirement on every single page;
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the license at
|
||||||
|
*
|
||||||
|
* http://www.wisemapping.org/license
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
package com.wisemapping.config.rest;
|
package com.wisemapping.config.rest;
|
||||||
|
|
||||||
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
|
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
|
||||||
|
Loading…
Reference in New Issue
Block a user