Improve security filter code.

wise-webapp/src/main/java/com/wisemapping/Application.java

@@ -1,11 +1,7 @@
-package com.wisemapping.config;
+package com.wisemapping;
 
 import com.wisemapping.config.common.CommonConfig;
-import com.wisemapping.config.common.HibernateConfig;
 import com.wisemapping.config.mvc.MvcAppConfig;
-import com.wisemapping.config.rest.InterceptorsConfig;
-import com.wisemapping.config.common.SecurityConfig;
-import com.wisemapping.config.rest.ServletConfig;
 import com.wisemapping.config.rest.RestAppConfig;
 import org.springframework.boot.WebApplicationType;
 import org.springframework.boot.builder.SpringApplicationBuilder;
@@ -17,8 +13,8 @@ public class Application {
     public static void main(String[] args) {
         new SpringApplicationBuilder()
                 .parent(CommonConfig.class).web(WebApplicationType.NONE)
-                .child(MvcAppConfig.class).web(WebApplicationType.SERVLET)
+                .child(RestAppConfig.class).web(WebApplicationType.SERVLET)
-                .sibling(RestAppConfig.class).web(WebApplicationType.SERVLET)
+//                .sibling(MvcAppConfig.class).web(WebApplicationType.SERVLET)
                 .run(args);
     }
 

wise-webapp/src/main/java/com/wisemapping/config/common/CommonConfig.java

@@ -1,17 +1,17 @@
 package com.wisemapping.config.common;
 
-import com.wisemapping.config.rest.ServletConfig;
 import com.wisemapping.dao.LabelManagerImpl;
-import com.wisemapping.model.Mindmap;
 import com.wisemapping.security.AuthenticationProvider;
 import com.wisemapping.service.MindmapServiceImpl;
 import com.wisemapping.util.VelocityEngineUtils;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
 import org.springframework.context.annotation.ImportResource;
 
-@Configuration
+@ComponentScan(basePackageClasses = {AuthenticationProvider.class, MindmapServiceImpl.class, LabelManagerImpl.class, VelocityEngineUtils.class})
+@Import({HibernateConfig.class, SecurityConfig.class})
+@EnableAutoConfiguration
 @ImportResource(value = {"classpath:spring/wisemapping-mail.xml"})
-@ComponentScan(basePackageClasses = {HibernateConfig.class, SecurityConfig.class, AuthenticationProvider.class, MindmapServiceImpl.class, LabelManagerImpl.class, VelocityEngineUtils.class})
 public class CommonConfig {
 }

wise-webapp/src/main/java/com/wisemapping/config/common/HibernateConfig.java

@@ -1,15 +1,15 @@
 package com.wisemapping.config.common;
 
+import com.wisemapping.dao.MindmapManagerImpl;
 import com.wisemapping.model.User;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import com.wisemapping.service.MindmapServiceImpl;
 import org.springframework.boot.autoconfigure.domain.EntityScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
 
 
 @Configuration
-@EnableAutoConfiguration
+@EnableJpaRepositories(basePackageClasses={MindmapServiceImpl.class, MindmapManagerImpl.class})
-@EnableJpaRepositories(basePackages={"com.wisemapping.dao","com.wisemapping.service"})
 @EntityScan(basePackageClasses= User.class)
 public class HibernateConfig {
 

wise-webapp/src/main/java/com/wisemapping/config/mvc/InterceptorsConfig.java

@@ -26,8 +26,8 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
-@Configuration
+//@Configuration
-@ComponentScan(basePackageClasses = UserLocaleInterceptor.class)
+//@ComponentScan(basePackageClasses = UserLocaleInterceptor.class)
 public class InterceptorsConfig implements WebMvcConfigurer {
     @Autowired
     private UserLocaleInterceptor userLocaleInterceptor;

wise-webapp/src/main/java/com/wisemapping/config/mvc/MvcAppConfig.java

@@ -1,11 +1,9 @@
 package com.wisemapping.config.mvc;
 
 import com.wisemapping.webmvc.MvcMindmapController;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Import;
-import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.HandlerExceptionResolver;
 import org.springframework.web.servlet.ViewResolver;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
@@ -16,8 +14,9 @@ import org.springframework.web.servlet.view.InternalResourceViewResolver;
 import org.springframework.web.servlet.view.JstlView;
 
 
-@SpringBootApplication(scanBasePackageClasses = {MvcMindmapController.class, MvcSecurityConfig.class})
+//@SpringBootApplication
-@EnableWebMvc
+//@Import({MvcMindmapController.class, MvcSecurityConfig.class})
+//@EnableWebMvc
 public class MvcAppConfig implements WebMvcConfigurer {
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {

wise-webapp/src/main/java/com/wisemapping/config/rest/InterceptorsConfig.java

@@ -23,7 +23,6 @@ import org.jetbrains.annotations.NotNull;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 

wise-webapp/src/main/java/com/wisemapping/config/rest/RestAppConfig.java

@@ -2,22 +2,24 @@ package com.wisemapping.config.rest;
 
 import com.wisemapping.rest.MindmapController;
 import org.jetbrains.annotations.NotNull;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Import;
-import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
 
 import static org.springframework.security.config.Customizer.withDefaults;
 
 
-@SpringBootApplication(scanBasePackageClasses = {MindmapController.class, ServletConfig.class})
+@SpringBootApplication
+@Import({MindmapController.class, ServletConfig.class})
+@EnableWebSecurity
 public class RestAppConfig {
     @Bean
     MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
@@ -27,7 +29,6 @@ public class RestAppConfig {
     @Bean
     SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final MvcRequestMatcher.Builder mvc) throws Exception {
         return http
-                .csrf(AbstractHttpConfigurer::disable)
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers(mvc.pattern("/api/restfull/users/")).permitAll()
                         .requestMatchers(mvc.pattern("/api/restfull/users/resetPassword")).permitAll()
@@ -37,6 +38,8 @@ public class RestAppConfig {
                         .requestMatchers(mvc.pattern("/**")).hasAnyRole("USER", "ADMIN")
                         .anyRequest().authenticated()
                 )
+
+                .csrf(AbstractHttpConfigurer::disable)
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .httpBasic(withDefaults())
                 .build();

wise-webapp/src/main/java/com/wisemapping/config/rest/ServletConfig.java

@@ -1,3 +1,20 @@
+/*
+ *    Copyright [2022] [wisemapping]
+ *
+ *   Licensed under WiseMapping Public License, Version 1.0 (the "License").
+ *   It is basically the Apache License, Version 2.0 (the "License") plus the
+ *   "powered by wisemapping" text requirement on every single page;
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the license at
+ *
+ *       http://www.wisemapping.org/license
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ */
 package com.wisemapping.config.rest;
 
 import org.springframework.boot.web.server.WebServerFactoryCustomizer;