vmario
/
wisemapping-open-source
mirror of https://bitbucket.org/wisemapping/wisemapping-open-source.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merged feature/update_spring into develop 

* Migrate authentication to beans.
* Fix test execution
* Update to java 17
* Fix failing tests.
* Fix java 17 migration warnings
* Move error page to react.
* Remove Tiles !!!!
* Fix hibernate warning
* Update to jslt 3.0.1
* Bump version.
This commit is contained in:
Paulo Veiga 2023-08-01 04:32:51 +00:00
parent 1d7633b65c
commit 55c5126d95
78 changed files with 468 additions and 736 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -9,7 +9,7 @@ WiseMapping is based on the same code product supporting [http://www.wisemapping
The following products must be installed:
* OpenJDK 11 or higher
* OpenJDK 17 or higher
* Maven 3.x or higher ([http://maven.apache.org/])
* npm 6 or higher ([https://www.npmjs.com/package/npm?activeTab=versions])

7
distribution/Dockerfile
View File

@ -3,7 +3,7 @@
# Based info setup ...
#FROM --platform=$BUILDPLATFORM tomcat:9.0.71-jdk17
FROM tomcat:9.0.71-jdk17
FROM tomcat:10.1.11-jdk17
LABEL maintainer="Paulo Gustavo Veiga <pveiga@wisemapping.com>"
# Build variables ...
@ -21,7 +21,7 @@ RUN cd ${WEBAPP_TARGET_DIR} && jar -xvf /tmp/wisemapping.war
RUN rm /tmp/wisemapping.war
# Change logger to
RUN cp ${WEBAPP_TARGET_DIR}/WEB-INF/classes/log4j-stdout.properties ${WEBAPP_TARGET_DIR}/WEB-INF/classes/log4j.properties
RUN cp ${WEBAPP_TARGET_DIR}/WEB-INF/classes/log4j-stdout.xml ${WEBAPP_TARGET_DIR}/WEB-INF/classes/log4j.xml
# Add support for proxy
RUN sed -i 's|\
@ -32,9 +32,6 @@ RUN sed -i 's|\
</Host>|' \
/usr/local/tomcat/conf/server.xml
RUN sed -i 's|<Context>|<Context>\
<Loader jakartaConverter="TOMCAT" />|' \
/usr/local/tomcat/conf/context.xml
# Copy default HSQL DB for testing ...
RUN mkdir -p ${DB_BASE_DIR}/db
COPY db/ ${DB_BASE_DIR}/db

8
distribution/build-image.sh
View File

@ -4,7 +4,7 @@ set -o
set -u
mvn -f ../pom.xml clean package
#docker build --platform linux/amd64 -t wisemapping/wisemapping:latest -f ./Dockerfile ../wise-webapp/target/
docker buildx create --use --platform=linux/arm64,linux/amd64 --name multi-platform-builder
docker buildx inspect --bootstrap
docker buildx build --platform=linux/amd64,linux/arm64 --push -t wisemapping/wisemapping:latest -f ./Dockerfile ../wise-webapp/target/
docker build --platform linux/amd64 -t wisemapping/wisemapping:latest -f ./Dockerfile ../wise-webapp/target/
#docker buildx create --use --platform=linux/arm64,linux/amd64 --name multi-platform-builder
#docker buildx inspect --bootstrap
#docker buildx build --platform=linux/amd64,linux/arm64 --push -t wisemapping/wisemapping:latest -f ./Dockerfile ../wise-webapp/target/

9
pom.xml
View File

@ -4,8 +4,10 @@
http://maven.apache.org/xsd/maven-4.0.0.xsd">
<properties>
<com.wisemapping.version>5.0.21-SNAPSHOT</com.wisemapping.version>
<com.wisemapping.version>5.1.0-SNAPSHOT</com.wisemapping.version>
<superpom.dir>${project.basedir}/wise-webapps</superpom.dir>
<maven.compiler.source>17</maven.compiler.source>
<maven.compiler.target>17</maven.compiler.target>
</properties>
<scm>
@ -16,7 +18,7 @@
<groupId>org.wisemapping</groupId>
<artifactId>wisemapping</artifactId>
<name>WiseMapping Project</name>
<version>5.0.21-SNAPSHOT</version>
<version>5.1.0-SNAPSHOT</version>
<packaging>pom</packaging>
<licenses>
@ -117,10 +119,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.11.0</version>
<configuration>
<source>11</source>
<target>11</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>

14
wise-ui/pom.xml
View File

@ -12,7 +12,7 @@
<groupId>org.wisemapping</groupId>
<artifactId>wisemapping</artifactId>
<relativePath>../pom.xml</relativePath>
<version>5.0.21-SNAPSHOT</version>
<version>5.1.0-SNAPSHOT</version>
</parent>
<build>
@ -24,16 +24,16 @@
<id>generate-sources</id>
<phase>generate-sources</phase>
<configuration>
<tasks>
<target>
<!-- Download and unzip mindplot npm package -->
<mkdir dir="target/wisemapping-mindplot"/>
<exec executable="npm" dir="target" failonerror="true">
<arg value="pack"/>
<arg value="@wisemapping/mindplot@5.0.22"/>
<arg value="@wisemapping/mindplot@5.1.1"/>
</exec>
<exec executable="tar" dir="target" failonerror="true">
<arg value="-xvzf"/>
<arg value="wisemapping-mindplot-5.0.22.tgz"/>
<arg value="wisemapping-mindplot-5.1.1.tgz"/>
<arg value="-C"/>
<arg value="wisemapping-mindplot"/>
</exec>
@ -42,15 +42,15 @@
<mkdir dir="target/wisemapping-webapp"/>
<exec executable="npm" dir="target" failonerror="true">
<arg value="pack"/>
<arg value="@wisemapping/webapp@5.0.21"/>
<arg value="@wisemapping/webapp@5.1.1"/>
</exec>
<exec executable="tar" dir="target" failonerror="true">
<arg value="-xvzf"/>
<arg value="wisemapping-webapp-5.0.21.tgz"/>
<arg value="wisemapping-webapp-5.1.1.tgz"/>
<arg value="-C"/>
<arg value="wisemapping-webapp"/>
</exec>
</tasks>
</target>
</configuration>
<goals>
<goal>run</goal>

2
wise-webapp/doc/REST Services.md
View File

@ -37,6 +37,6 @@ Template Path: /service/admin/users/{userId}/password
Creating a new user:
* Template Path: /service/admin/users/
* Method: Post
* curl "http://{host.name}:{host.port}/{context.path}/service/admin/users" --request POST --basic -u "admin@wisemapping.org:test" -H "Content-Type:application/json" --data '{"email": "te2@mydomain.de", "lastname": "lastname", "firstname":"myfirstname","password":"password"}'
* curl "http://{host.name}:{host.port}/{context.path}/service/admin/users/" --request POST --basic -u "admin@wisemapping.org:test" -H "Content-Type:application/json" --data '{"email": "te2@mydomain.de", "lastname": "lastname", "firstname":"myfirstname","password":"password"}'

231
wise-webapp/pom.xml
View File

@ -9,15 +9,15 @@
<groupId>org.wisemapping</groupId>
<artifactId>wisemapping</artifactId>
<relativePath>../pom.xml</relativePath>
<version>5.0.21-SNAPSHOT</version>
<version>5.1.0-SNAPSHOT</version>
</parent>
<properties>
<org.springframework.version>5.3.28</org.springframework.version>
<org.springframework.addons>5.8.4</org.springframework.addons>
<hibernate.version>5.6.15.Final</hibernate.version>
<org.springframework.version>6.0.10</org.springframework.version>
<org.springframework.addons>6.1.1</org.springframework.addons>
<hibernate.version>6.2.6.Final</hibernate.version>
<hibernate-validator.version>6.0.21.Final</hibernate-validator.version>
<spring-security-taglibs.version>5.6.1</spring-security-taglibs.version>
<spring-security-taglibs.version>6.0.2</spring-security-taglibs.version>
</properties>
<dependencies>
@ -56,12 +56,6 @@
<artifactId>postgresql</artifactId>
<version>42.5.4</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>${org.springframework.addons}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
@ -82,16 +76,17 @@
<!-- Hibernate -->
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>${hibernate.version}</version>
<artifactId>hibernate-core-jakarta</artifactId>
<version>5.6.15.Final</version>
</dependency>
<!-- Hibernate Validator -->
<dependency>
<groupId>org.hibernate.validator</groupId>
<artifactId>hibernate-validator</artifactId>
<version>${hibernate-validator.version}</version>
<version>8.0.1.Final</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
@ -104,12 +99,6 @@
<version>${org.springframework.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.25</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
@ -139,24 +128,7 @@
<version>5.3.15</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>antlr</groupId>
<artifactId>antlr</artifactId>
<version>2.7.6</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.apache.tiles</groupId>
<artifactId>tiles-jsp</artifactId>
<version>3.0.8</version>
<scope>runtime</scope>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
@ -175,12 +147,6 @@
<version>${org.springframework.addons}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${org.springframework.addons}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
@ -194,9 +160,9 @@
<scope>compile</scope>
</dependency>
<dependency>
<groupId>com.sun.mail</groupId>
<artifactId>javax.mail</artifactId>
<version>1.6.2</version>
<groupId>jakarta.mail</groupId>
<artifactId>jakarta.mail-api</artifactId>
<version>2.1.2</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
@ -209,21 +175,16 @@
<artifactId>commons-dbcp2</artifactId>
<version>2.9.0</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-ehcache</artifactId>
<version>${hibernate.version}</version>
</dependency>
<dependency>
<groupId>javax.cache</groupId>
<artifactId>cache-api</artifactId>
<version>1.1.1</version>
</dependency>
<dependency>
<groupId>org.ehcache</groupId>
<artifactId>ehcache</artifactId>
<version>3.9.9</version>
</dependency>
<!-- <dependency>-->
<!-- <groupId>org.hibernate</groupId>-->
<!-- <artifactId>hibernate-ehcache</artifactId>-->
<!-- <version>5.6.15.Final</version>-->
<!-- </dependency>-->
<!-- <dependency>-->
<!-- <groupId>javax.cache</groupId>-->
<!-- <artifactId>cache-api</artifactId>-->
<!-- <version>1.1.1</version>-->
<!-- </dependency>-->
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
@ -235,6 +196,7 @@
<artifactId>commons-validator</artifactId>
<version>1.7</version>
</dependency>
<!-- Only for test purposes -->
<dependency>
<groupId>org.hsqldb</groupId>
@ -242,29 +204,36 @@
<version>2.7.1</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.14.2</version>
<version>2.15.1</version>
</dependency>
<dependency>
<!-- This is required in case of Tomcat, do not remove -->
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
<groupId>jakarta.transaction</groupId>
<artifactId>jakarta.transaction-api</artifactId>
<version>2.0.1</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>2.0.5</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<version>6.0.0</version>
<scope>provided</scope>
</dependency>
<!-- JSLT implementation -->
<dependency>
<groupId>jakarta.servlet.jsp.jstl</groupId>
<artifactId>jakarta.servlet.jsp.jstl-api</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>org.glassfish.web</groupId>
<artifactId>jakarta.servlet.jsp.jstl</artifactId>
<version>3.0.0</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
@ -275,6 +244,11 @@
<artifactId>fluent-hc</artifactId>
<version>4.5.14</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${org.springframework.addons}</version>
</dependency>
</dependencies>
<profiles>
<profile>
@ -374,27 +348,27 @@
</profiles>
<build>
<plugins>
<plugin>
<groupId>org.hibernate.orm.tooling</groupId>
<artifactId>hibernate-enhance-maven-plugin</artifactId>
<version>${hibernate.version}</version>
<executions>
<execution>
<phase>compile</phase>
<configuration>
<failOnError>true</failOnError>
<enableLazyInitialization>true</enableLazyInitialization>
<enableDirtyTracking>true</enableDirtyTracking>
<enableAssociationManagement>true</enableAssociationManagement>
<enableExtendedEnhancement>false</enableExtendedEnhancement>
<enableExtendedEnhancement>false</enableExtendedEnhancement>
</configuration>
<goals>
<goal>enhance</goal>
</goals>
</execution>
</executions>
</plugin>
<!-- <plugin>-->
<!-- <groupId>org.hibernate.orm.tooling</groupId>-->
<!-- <artifactId>hibernate-enhance-maven-plugin</artifactId>-->
<!-- <version>${hibernate.version}</version>-->
<!-- <executions>-->
<!-- <execution>-->
<!-- <phase>compile</phase>-->
<!-- <configuration>-->
<!-- <failOnError>true</failOnError>-->
<!-- <enableLazyInitialization>true</enableLazyInitialization>-->
<!-- <enableDirtyTracking>true</enableDirtyTracking>-->
<!-- <enableAssociationManagement>true</enableAssociationManagement>-->
<!-- <enableExtendedEnhancement>false</enableExtendedEnhancement>-->
<!-- <enableExtendedEnhancement>false</enableExtendedEnhancement>-->
<!-- </configuration>-->
<!-- <goals>-->
<!-- <goal>enhance</goal>-->
<!-- </goals>-->
<!-- </execution>-->
<!-- </executions>-->
<!-- </plugin>-->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
@ -420,6 +394,9 @@
</overlay>
</overlays>
<archiveClasses>true</archiveClasses>
<packagingExcludes>
WEB-INF/lib/commons-logging-*.jar,
</packagingExcludes>
<webResources>
<resource>
<directory>src/main/resources</directory>
@ -436,25 +413,10 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.0</version>
<configuration>
<path>/wisemapping</path>
<warFile>${project.build.directory}/wisemapping.war</warFile>
<mode>war</mode>
<update>true</update>
<systemProperties>
<database.base.url>${project.build.directory}</database.base.url>
</systemProperties>
</configuration>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.8</version>
<version>0.8.10</version>
<executions>
<execution>
<id>default-prepare-agent</id>
@ -497,14 +459,6 @@
</rules>
</configuration>
</execution>
<!-- Confirm why there is a NPE -->
<!-- <execution>-->
<!-- <id>default-report-integration</id>-->
<!-- <phase>verify</phase>-->
<!-- <goals>-->
<!-- <goal>report-integration</goal>-->
<!-- </goals>-->
<!-- </execution>-->
<execution>
<id>default-report</id>
<phase>verify</phase>
@ -518,48 +472,29 @@
<plugin>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-maven-plugin</artifactId>
<version>9.4.34.v20201102</version>
<version>11.0.15</version>
<configuration>
<stopKey>foo</stopKey>
<httpConnector>
<port>8080</port>
</httpConnector>
<jvmArgs>-Ddatabase.base.url=${project.build.directory} -Djetty.port=8080</jvmArgs>
<stopPort>9999</stopPort>
<war>${project.build.directory}/wisemapping.war</war>
<reload>automatic</reload>
<webAppConfig>
<deployMode>FORK</deployMode>
<stopKey>foo</stopKey>
<webApp>
<war>${project.build.directory}/wisemapping.war</war>
<overrideDescriptor>${project.basedir}/webdefault.xml</overrideDescriptor>
</webAppConfig>
<systemProperties>
<systemProperty>
<name>org.mortbay.util.FileResource.checkAliases</name>
<value>false</value>
</systemProperty>
<systemProperty>
<name>org.mortbay.util.FileResource.checkAliases</name>
<value>false</value>
</systemProperty>
<systemProperty>
<name>database.base.url</name>
<value>${project.build.directory}</value>
</systemProperty>
</systemProperties>
</webApp>
</configuration>
<executions>
<execution>
<id>run-forked</id>
<phase>pre-integration-test</phase>
<goals>
<goal>run-forked</goal>
<goal>start-war</goal>
</goals>
<configuration>
<useTestClasspath>true</useTestClasspath>
<useTestScope>true</useTestScope>
<scanIntervalSeconds>0</scanIntervalSeconds>
<waitForChild>false</waitForChild>
<maxStartupLines>200</maxStartupLines>
<jvmArgs>-Ddatabase.base.url=${project.build.directory} -Djetty.port=8080
</jvmArgs>
</configuration>
</execution>
<execution>

41
wise-webapp/src/main/java/com/wisemapping/config/AppConfig.java Normal file
View File

@ -0,0 +1,41 @@
package com.wisemapping.config;
import com.wisemapping.exceptions.AccessDeniedSecurityException;
import com.wisemapping.exceptions.MapNotPublicSecurityException;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.HandlerExceptionResolver;
import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
import org.springframework.web.servlet.view.JstlView;
import java.util.Properties;
@EnableWebMvc
@Configuration
public class AppConfig {
@Bean
HandlerExceptionResolver errorHandler() {
final SimpleMappingExceptionResolver result = new SimpleMappingExceptionResolver();
//mapping status code with view response.
result.addStatusCode("reactInclude", 403);
//setting default error view
result.setDefaultErrorView("reactInclude");
result.setDefaultStatusCode(500);
return result;
}
@Bean
public ViewResolver viewResolver(){
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("/WEB-INF/views/");
resolver.setSuffix(".jsp");
resolver.setViewClass(JstlView.class);
return resolver;
}
}

126
wise-webapp/src/main/java/com/wisemapping/config/SecurityConfig.java Normal file
View File

@ -0,0 +1,126 @@
package com.wisemapping.config;
import com.wisemapping.security.AuthenticationSuccessHandler;
import com.wisemapping.security.UserDetailsService;
import com.wisemapping.service.UserService;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Autowired
UserService userService;
@Value("${admin.user}")
String adminUser;
@Bean
public StrictHttpFirewall httpFirewall() {
StrictHttpFirewall firewall = new StrictHttpFirewall();
firewall.setAllowSemicolon(true);
return firewall;
}
@Bean
@Order(2)
SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
final MvcRequestMatcher.Builder serviceMapper = new MvcRequestMatcher.Builder(introspector).servletPath("/service");
return http
.securityMatchers((matchers) ->
matchers.requestMatchers(serviceMapper.pattern(("/**"))))
.authorizeHttpRequests(auth ->
auth
.requestMatchers("/users/").permitAll()
.requestMatchers("/users/resetPassword").permitAll()
.requestMatchers("/oauth2/googlecallback").permitAll()
.requestMatchers("/oauth2/confirmaccountsync").permitAll()
.requestMatchers("/admin/**").hasAnyRole("ADMIN")
.requestMatchers("/**").hasAnyRole("USER", "ADMIN")
)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.httpBasic(httpBasic -> {
})
.csrf(AbstractHttpConfigurer::disable)
.build();
}
@Bean
@Order(1)
public SecurityFilterChain mvcFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
final AuthenticationSuccessHandler authenticationSuccessHandler = new AuthenticationSuccessHandler();
authenticationSuccessHandler.setAlwaysUseDefaultTargetUrl(false);
authenticationSuccessHandler.setDefaultTargetUrl("/c/maps/");
final MvcRequestMatcher.Builder restfullMapper = new MvcRequestMatcher.Builder(introspector).servletPath("/c/restful");
final MvcRequestMatcher.Builder mvcMatcher = new MvcRequestMatcher.Builder(introspector).servletPath("/c");
http
.securityMatchers((matchers) ->
matchers.requestMatchers(restfullMapper.pattern(("/**"))).
requestMatchers(mvcMatcher.pattern(("/**"))))
.authorizeHttpRequests(
(auth) ->
auth
.requestMatchers("/login", "logout").permitAll()
.requestMatchers("/registration", "registration-success", "/registration-google").permitAll()
.requestMatchers("/forgot-password", "/forgot-password-success").permitAll()
.requestMatchers("/maps/*/embed", "/maps/*/try", "/maps/*/public").permitAll()
.requestMatchers("/restful/maps/*/document/xml-pub").permitAll()
.requestMatchers("/**").hasAnyRole("USER", "ADMIN")
.anyRequest().authenticated())
.formLogin((loginForm) ->
loginForm.loginPage("/c/login")
.loginProcessingUrl("/c/perform-login")
.defaultSuccessUrl("/c/maps/")
.failureUrl("/c/login?login_error=2"))
.logout((logout) ->
logout
.logoutUrl("/c/logout")
.logoutSuccessUrl("/c/login")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.permitAll()
).rememberMe(remember ->
remember
.tokenValiditySeconds(2419200)
.rememberMeParameter("remember-me"
).authenticationSuccessHandler(authenticationSuccessHandler)
)
.csrf((csrf) ->
csrf.ignoringRequestMatchers("/logout"));
return http.build();
}
@Bean
@Order(3)
public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
return http.authorizeHttpRequests(
(auth) ->
auth.requestMatchers("/static/**", "/css/**", "/js/**", "/images/**", "/").permitAll()
).build();
}
@Bean
public UserDetailsService userDetailsService() {
final UserDetailsService result = new UserDetailsService();
result.setUserService(userService);
result.setAdminUser(adminUser);
return result;
}
}

2
wise-webapp/src/main/java/com/wisemapping/dao/MindmapManagerImpl.java
View File

@ -20,6 +20,7 @@ package com.wisemapping.dao;
import com.wisemapping.model.*;
import com.wisemapping.util.ZipUtils;
import jakarta.persistence.Query;
import org.hibernate.Criteria;
import org.hibernate.criterion.Junction;
import org.hibernate.criterion.Order;
@ -30,7 +31,6 @@ import org.jetbrains.annotations.Nullable;
import org.springframework.orm.hibernate5.HibernateTemplate;
import org.springframework.orm.hibernate5.support.HibernateDaoSupport;
import javax.persistence.Query;
import java.io.IOException;
import java.util.Calendar;
import java.util.List;

2
wise-webapp/src/main/java/com/wisemapping/exceptions/InvalidEmailException.java
View File

@ -21,7 +21,7 @@ package com.wisemapping.exceptions;
import org.springframework.lang.Nullable;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class InvalidEmailException
extends ClientException {

2
wise-webapp/src/main/java/com/wisemapping/exceptions/InvalidMindmapException.java
View File

@ -21,7 +21,7 @@ package com.wisemapping.exceptions;
import org.springframework.lang.Nullable;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class InvalidMindmapException
extends ClientException {

2
wise-webapp/src/main/java/com/wisemapping/exceptions/MapCouldNotFoundException.java
View File

@ -19,7 +19,7 @@
package com.wisemapping.exceptions;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class MapCouldNotFoundException
extends ClientException

4
wise-webapp/src/main/java/com/wisemapping/exceptions/MapNonPublicException.java → wise-webapp/src/main/java/com/wisemapping/exceptions/MapNotPublicSecurityException.java
View File

@ -20,11 +20,11 @@ package com.wisemapping.exceptions;
import org.jetbrains.annotations.NotNull;
public class MapNonPublicException
public class MapNotPublicSecurityException
extends ClientException {
public static final String MSG_KEY = "ACCESS_HAS_BEEN_REVOKED";
public MapNonPublicException(@NotNull String msg) {
public MapNotPublicSecurityException(@NotNull String msg) {
super(msg, Severity.FATAL);
}

2
wise-webapp/src/main/java/com/wisemapping/exceptions/OAuthAuthenticationException.java
View File

@ -3,7 +3,7 @@ package com.wisemapping.exceptions;
import com.wisemapping.service.google.http.HttpInvokerException;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class OAuthAuthenticationException extends WiseMappingException {

2
wise-webapp/src/main/java/com/wisemapping/exceptions/PasswordTooLongException.java
View File

@ -19,7 +19,7 @@
package com.wisemapping.exceptions;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class PasswordTooLongException
extends ClientException {

2
wise-webapp/src/main/java/com/wisemapping/exceptions/TooManyInactiveAccountsExceptions.java
View File

@ -19,7 +19,7 @@
package com.wisemapping.exceptions;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class TooManyInactiveAccountsExceptions
extends ClientException {

2
wise-webapp/src/main/java/com/wisemapping/rest/ValidationException.java → wise-webapp/src/main/java/com/wisemapping/exceptions/ValidationException.java
View File

@ -16,7 +16,7 @@
* limitations under the License.
*/
package com.wisemapping.rest;
package com.wisemapping.exceptions;
import com.wisemapping.exceptions.WiseMappingException;

14
wise-webapp/src/main/java/com/wisemapping/filter/CorsFilter.java
View File

@ -20,13 +20,13 @@ package com.wisemapping.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletResponse;
/**
*

4
wise-webapp/src/main/java/com/wisemapping/filter/RequestPropertiesInterceptor.java
View File

@ -22,8 +22,8 @@ import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
public class RequestPropertiesInterceptor implements HandlerInterceptor {

7
wise-webapp/src/main/java/com/wisemapping/filter/UserLocaleInterceptor.java
View File

@ -22,12 +22,11 @@ import com.wisemapping.model.User;
import com.wisemapping.security.Utils;
import org.jetbrains.annotations.NotNull;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.web.servlet.i18n.SessionLocaleResolver;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.util.Locale;
public class UserLocaleInterceptor implements HandlerInterceptor {

6
wise-webapp/src/main/java/com/wisemapping/listener/UnlockOnExpireListener.java
View File

@ -31,9 +31,9 @@ import org.apache.logging.log4j.Logger;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import jakarta.servlet.ServletContext;
import jakarta.servlet.http.HttpSessionEvent;
import jakarta.servlet.http.HttpSessionListener;
public class UnlockOnExpireListener implements HttpSessionListener {
private static final Logger logger = LogManager.getLogger();

2
wise-webapp/src/main/java/com/wisemapping/mail/Mailer.java
View File

@ -21,11 +21,11 @@ package com.wisemapping.mail;
import com.wisemapping.util.VelocityEngineUtils;
import com.wisemapping.util.VelocityEngineWrapper;
import org.jetbrains.annotations.NotNull;
import org.springframework.mail.javamail.JavaMailSender;
import org.springframework.mail.javamail.MimeMessageHelper;
import org.springframework.mail.javamail.MimeMessagePreparator;
import jakarta.validation.constraints.NotNull;
import java.nio.charset.StandardCharsets;
import java.util.Map;

2
wise-webapp/src/main/java/com/wisemapping/mail/NotificationService.java
View File

@ -32,7 +32,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.context.support.ResourceBundleMessageSource;
import javax.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;

2
wise-webapp/src/main/java/com/wisemapping/model/AccessAuditory.java
View File

@ -20,7 +20,7 @@ package com.wisemapping.model;
import org.jetbrains.annotations.NotNull;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.Serializable;
import java.util.Calendar;

4
wise-webapp/src/main/java/com/wisemapping/model/Collaboration.java
View File

@ -21,8 +21,8 @@ package com.wisemapping.model;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import javax.validation.constraints.NotNull;
import jakarta.persistence.*;
import jakarta.validation.constraints.NotNull;
import java.io.Serializable;
import java.util.Objects;

2
wise-webapp/src/main/java/com/wisemapping/model/CollaborationProperties.java
View File

@ -20,7 +20,7 @@ package com.wisemapping.model;
import org.jetbrains.annotations.NotNull;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.Serializable;
@Entity

2
wise-webapp/src/main/java/com/wisemapping/model/Collaborator.java
View File

@ -22,7 +22,7 @@ import org.hibernate.annotations.CacheConcurrencyStrategy;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.Serializable;
import java.util.Calendar;
import java.util.HashSet;

2
wise-webapp/src/main/java/com/wisemapping/model/Label.java
View File

@ -22,7 +22,7 @@ import org.hibernate.annotations.CacheConcurrencyStrategy;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.Serializable;
import java.util.Objects;

2
wise-webapp/src/main/java/com/wisemapping/model/MindMapHistory.java
View File

@ -22,7 +22,7 @@ import com.wisemapping.util.ZipUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.IOException;
import java.util.Calendar;

4
wise-webapp/src/main/java/com/wisemapping/model/Mindmap.java
View File

@ -30,7 +30,7 @@ import org.hibernate.annotations.NotFoundAction;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.IOException;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
@ -55,7 +55,7 @@ public class Mindmap implements Serializable {
@JoinColumn(name = "creator_id", unique = true)
private User creator;
@ManyToOne(fetch = FetchType.LAZY)
@ManyToOne
@JoinColumn(name = "last_editor_id", nullable = false)
@NotFound(action = NotFoundAction.IGNORE)
private User lastEditor;

4
wise-webapp/src/main/java/com/wisemapping/model/User.java
View File

@ -21,7 +21,7 @@ package com.wisemapping.model;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.Serializable;
import java.util.Calendar;
@ -90,7 +90,7 @@ public class User
return password;
}
public void setPassword(@javax.validation.constraints.NotNull String password) {
public void setPassword(@jakarta.validation.constraints.NotNull String password) {
this.password = password;
}

2
wise-webapp/src/main/java/com/wisemapping/rest/AccountController.java
View File

@ -32,6 +32,7 @@ import com.wisemapping.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
@ -41,6 +42,7 @@ import org.springframework.web.bind.annotation.ResponseStatus;
import java.util.List;
@Controller
@PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
public class AccountController extends BaseController {
@Qualifier("userService")
@Autowired

4
wise-webapp/src/main/java/com/wisemapping/rest/AdminController.java
View File

@ -30,14 +30,16 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.List;
@Controller
@PreAuthorize("isAuthenticated() and hasRole('ROLE_ADMIN')")
public class AdminController extends BaseController {
@Qualifier("userService")
@Autowired

7
wise-webapp/src/main/java/com/wisemapping/rest/BaseController.java
View File

@ -20,6 +20,7 @@ package com.wisemapping.rest;
import com.wisemapping.exceptions.ClientException;
import com.wisemapping.exceptions.OAuthAuthenticationException;
import com.wisemapping.exceptions.Severity;
import com.wisemapping.exceptions.ValidationException;
import com.wisemapping.mail.NotificationService;
import com.wisemapping.model.User;
import com.wisemapping.rest.model.RestErrors;
@ -37,9 +38,9 @@ import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.ServletContext;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.lang.reflect.UndeclaredThrowableException;
import java.util.Locale;

7
wise-webapp/src/main/java/com/wisemapping/rest/LabelController.java
View File

@ -18,6 +18,7 @@
package com.wisemapping.rest;
import com.wisemapping.exceptions.LabelCouldNotFoundException;
import com.wisemapping.exceptions.ValidationException;
import com.wisemapping.exceptions.WiseMappingException;
import com.wisemapping.model.Label;
import com.wisemapping.model.User;
@ -30,15 +31,17 @@ import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BeanPropertyBindingResult;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletResponse;
import java.util.List;
@Controller
@PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
public class LabelController extends BaseController {
@Qualifier("labelService")
@ -64,7 +67,7 @@ public class LabelController extends BaseController {
response.setHeader("ResourceId", Long.toString(label.getId()));
}
@RequestMapping(method = RequestMethod.GET, value = "/labels", produces = {"application/json"})
@RequestMapping(method = RequestMethod.GET, value = "/labels/", produces = {"application/json"})
public RestLabelList retrieveList() {
final User user = Utils.getUser();
assert user != null;

4
wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java
View File

@ -33,12 +33,13 @@ import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BeanPropertyBindingResult;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.*;
@ -46,6 +47,7 @@ import java.util.stream.Collectors;
@Controller
@PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
public class MindmapController extends BaseController {
final Logger logger = LogManager.getLogger();

4
wise-webapp/src/main/java/com/wisemapping/rest/OAuth2Controller.java
View File

@ -34,8 +34,8 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
@Controller

9
wise-webapp/src/main/java/com/wisemapping/rest/UserController.java
View File

@ -35,13 +35,14 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BindException;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.Arrays;
import java.util.List;
@ -61,7 +62,7 @@ public class UserController extends BaseController {
@Autowired
private AuthenticationManager authManager;
@Value("${google.recaptcha2.enabled}")
@Value("${google.recaptcha2.enabled:false}")
private Boolean recatchaEnabled;
@Value("${accounts.exclusion.domain:''}")
@ -70,7 +71,7 @@ public class UserController extends BaseController {
private static final Logger logger = LogManager.getLogger();
private static final String REAL_IP_ADDRESS_HEADER = "X-Real-IP";
@RequestMapping(method = RequestMethod.POST, value = "/users", produces = { "application/json" })
@RequestMapping(method = RequestMethod.POST, value = "/users/", produces = { "application/json" })
@ResponseStatus(value = HttpStatus.CREATED)
public void registerUser(@RequestBody RestUserRegistration registration, @NotNull HttpServletRequest request,
@NotNull HttpServletResponse response) throws WiseMappingException, BindException {

6
wise-webapp/src/main/java/com/wisemapping/rest/model/RestCollaborator.java
View File

@ -24,9 +24,9 @@ import com.wisemapping.model.Collaborator;
import com.wisemapping.util.TimeUtils;
import org.jetbrains.annotations.NotNull;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import jakarta.xml.bind.annotation.XmlAccessType;
import jakarta.xml.bind.annotation.XmlAccessorType;
import jakarta.xml.bind.annotation.XmlRootElement;
import java.util.Calendar;
@JsonAutoDetect(

6
wise-webapp/src/main/java/com/wisemapping/rest/model/RestErrors.java
View File

@ -30,9 +30,9 @@ import org.springframework.validation.Errors;
import org.springframework.validation.FieldError;
import org.springframework.validation.ObjectError;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import jakarta.xml.bind.annotation.XmlAccessType;
import jakarta.xml.bind.annotation.XmlAccessorType;
import jakarta.xml.bind.annotation.XmlRootElement;
import java.util.*;
@JsonAutoDetect(

2
wise-webapp/src/main/java/com/wisemapping/rest/model/RestLabelList.java
View File

@ -4,7 +4,7 @@ import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.wisemapping.model.Label;
import org.jetbrains.annotations.NotNull;
import javax.xml.bind.annotation.XmlElement;
import jakarta.xml.bind.annotation.XmlElement;
import java.util.ArrayList;
import java.util.List;

6
wise-webapp/src/main/java/com/wisemapping/rest/model/RestMindmap.java
View File

@ -29,9 +29,9 @@ import com.wisemapping.util.TimeUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import jakarta.xml.bind.annotation.XmlAccessType;
import jakarta.xml.bind.annotation.XmlAccessorType;
import jakarta.xml.bind.annotation.XmlRootElement;
import java.io.IOException;
import java.util.Calendar;

2
wise-webapp/src/main/java/com/wisemapping/rest/model/RestMindmapList.java
View File

@ -24,7 +24,7 @@ import com.wisemapping.model.Collaborator;
import com.wisemapping.model.Mindmap;
import org.jetbrains.annotations.NotNull;
import javax.xml.bind.annotation.XmlElement;
import jakarta.xml.bind.annotation.XmlElement;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;

6
wise-webapp/src/main/java/com/wisemapping/security/AuthenticationSuccessHandler.java
View File

@ -23,9 +23,9 @@ import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;

44
wise-webapp/src/main/java/com/wisemapping/security/CSFRRequestMatcher.java
View File

@ -1,44 +0,0 @@
/*
* Copyright [2022] [wisemapping]
*
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
* It is basically the Apache License, Version 2.0 (the "License") plus the
* "powered by wisemapping" text requirement on every single page;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the license at
*
* http://www.wisemapping.org/license
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.wisemapping.security;
import org.springframework.security.web.util.matcher.RequestMatcher;
import javax.servlet.http.HttpServletRequest;
import java.util.Arrays;
public class CSFRRequestMatcher implements RequestMatcher {
private String prefix;
static String[] supportedMethods = {"POST", "PUT", "GET", "DELETE", "PATCH"};
@Override
public boolean matches(HttpServletRequest request) {
final String requestURI = request.getRequestURI();
return Arrays.stream(supportedMethods).anyMatch(p -> request.getMethod().toUpperCase().equals(p))
&& requestURI.startsWith(prefix);
}
public String getPrefix() {
return prefix;
}
public void setPrefix(String prefix) {
this.prefix = prefix;
}
}

35
wise-webapp/src/main/java/com/wisemapping/security/UserDetailsService.java
View File

@ -1,20 +1,20 @@
/*
* Copyright [2022] [wisemapping]
*
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
* It is basically the Apache License, Version 2.0 (the "License") plus the
* "powered by wisemapping" text requirement on every single page;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the license at
*
* http://www.wisemapping.org/license
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
* Copyright [2022] [wisemapping]
*
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
* It is basically the Apache License, Version 2.0 (the "License") plus the
* "powered by wisemapping" text requirement on every single page;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the license at
*
* http://www.wisemapping.org/license
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.wisemapping.security;
@ -23,12 +23,13 @@ import com.wisemapping.model.User;
import com.wisemapping.service.UserService;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.context.annotation.Bean;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
public class UserDetailsService
implements org.springframework.security.core.userdetails.UserDetailsService{
implements org.springframework.security.core.userdetails.UserDetailsService {
private UserService userService;
private String adminUser;

99
wise-webapp/src/main/java/com/wisemapping/security/ldap/LdapUserDetailsContextMapper.java
View File

@ -1,99 +0,0 @@
package com.wisemapping.security.ldap;
import com.wisemapping.exceptions.WiseMappingException;
import com.wisemapping.model.AuthenticationType;
import com.wisemapping.model.User;
import com.wisemapping.security.UserDetails;
import com.wisemapping.service.UserService;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
import java.util.Calendar;
import java.util.Collection;
public class LdapUserDetailsContextMapper implements UserDetailsContextMapper {
private UserService userService;
private String adminUser;
private String ldapAttributeFirstName;
private String ldapAttributeLastName;
public UserService getUserService() {
return userService;
}
public void setUserService(UserService userService) {
this.userService = userService;
}
private boolean isAdmin(@Nullable String email) {
return email != null && adminUser != null && email.trim().endsWith(adminUser);
}
public String getAdminUser() {
return adminUser;
}
public void setAdminUser(String adminUser) {
this.adminUser = adminUser;
}
@Override
public UserDetails mapUserFromContext(@NotNull DirContextOperations userData,
String email, Collection<? extends GrantedAuthority> arg2) {
User user = userService.getUserBy(email);
if (user == null) {
// If the user was not found in the database, create a new one ...
user = new User();
user.setEmail(email);
final String firstName = userData.getStringAttribute(ldapAttributeFirstName);
user.setFirstname(firstName);
final String lastName = userData.getStringAttribute(ldapAttributeLastName);
user.setLastname(lastName);
user.setPassword(email);
final Calendar now = Calendar.getInstance();
user.setActivationDate(now);
try {
user.setAuthenticationType(AuthenticationType.LDAP);
user = userService.createUser(user, false, false);
} catch (WiseMappingException e) {
throw new IllegalStateException(e);
}
}
return new UserDetails(user, isAdmin(email));
}
public String getLdapAttributeLastName() {
return ldapAttributeLastName;
}
public void setLdapAttributeLastName(String ldapAttributLastName) {
this.ldapAttributeLastName = ldapAttributLastName;
}
public String getLdapAttrbutFirstName() {
return ldapAttributeFirstName;
}
public void setLdapAttributeFirstName(String ldapAttributeFirstName) {
this.ldapAttributeFirstName = ldapAttributeFirstName;
}
@Override
public void mapUserToContext(org.springframework.security.core.userdetails.UserDetails userDetails, DirContextAdapter dirContextAdapter) {
// To be implemented ...
}
}

4
wise-webapp/src/main/java/com/wisemapping/service/HibernateAppListener.java
View File

@ -18,8 +18,8 @@
package com.wisemapping.service;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import jakarta.servlet.ServletContextEvent;
import jakarta.servlet.ServletContextListener;
public class HibernateAppListener implements ServletContextListener {

2
wise-webapp/src/main/java/com/wisemapping/service/MindmapService.java
View File

@ -22,7 +22,7 @@ import com.wisemapping.exceptions.WiseMappingException;
import com.wisemapping.model.*;
import org.jetbrains.annotations.Nullable;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
import java.io.IOException;
import java.util.List;

2
wise-webapp/src/main/java/com/wisemapping/service/RecaptchaService.java
View File

@ -28,7 +28,7 @@ import org.apache.http.client.fluent.Form;
import org.apache.http.client.fluent.Request;
import org.jetbrains.annotations.Nullable;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
import java.io.IOException;
import java.util.HashMap;
import java.util.List;

2
wise-webapp/src/main/java/com/wisemapping/service/google/http/HttpInvoker.java
View File

@ -47,7 +47,7 @@ import org.springframework.stereotype.Service;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
@Service
public class HttpInvoker {

6
wise-webapp/src/main/java/com/wisemapping/webmvc/LoginController.java → wise-webapp/src/main/java/com/wisemapping/webmvc/MvcLoginController.java
View File

@ -21,13 +21,15 @@ package com.wisemapping.webmvc;
import com.wisemapping.model.User;
import com.wisemapping.security.Utils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class LoginController {
@PreAuthorize("permitAll()")
public class MvcLoginController {
@Value("${database.driver}")
private String driver;
@ -39,7 +41,7 @@ public class LoginController {
if (user != null) {
result = new ModelAndView("forward:/c/maps/");
} else {
result = new ModelAndView("login");
result = new ModelAndView("reactInclude");
result.addObject("isHsql", driver.contains("hsql"));
}
return result;

22
wise-webapp/src/main/java/com/wisemapping/webmvc/MindmapController.java → wise-webapp/src/main/java/com/wisemapping/webmvc/MvcMindmapController.java
View File

@ -21,7 +21,7 @@ package com.wisemapping.webmvc;
import com.wisemapping.exceptions.AccessDeniedSecurityException;
import com.wisemapping.exceptions.MapCouldNotFoundException;
import com.wisemapping.exceptions.MapNonPublicException;
import com.wisemapping.exceptions.MapNotPublicSecurityException;
import com.wisemapping.exceptions.WiseMappingException;
import com.wisemapping.model.CollaborationRole;
import com.wisemapping.model.Mindmap;
@ -34,6 +34,7 @@ import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
@ -45,7 +46,7 @@ import org.springframework.web.servlet.ModelAndView;
import java.util.Locale;
@Controller
public class MindmapController {
public class MvcMindmapController {
@Qualifier("mindmapService")
@Autowired
@ -59,12 +60,12 @@ public class MindmapController {
model.addAttribute("mindmap", mindmap);
final Locale locale = LocaleContextHolder.getLocale();
model.addAttribute("locale", locale.toString().toLowerCase());
return "mindmapPrint";
return "mindmapViewonly";
}
@RequestMapping(value = "maps/")
public String showListPage(@NotNull Model model) {
return "mindmapList";
return "reactInclude";
}
@RequestMapping(value = "maps/{id}/edit", method = RequestMethod.GET)
@ -106,6 +107,7 @@ public class MindmapController {
}
@RequestMapping(value = "maps/{id}/try", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public String showMindmapTryPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException {
return showEditorPage(id, model, false);
}
@ -118,13 +120,14 @@ public class MindmapController {
}
@RequestMapping(value = "maps/{id}/embed")
public ModelAndView showEmbeddedPage(@PathVariable int id, @RequestParam(required = false) Float zoom) throws MapCouldNotFoundException, MapNonPublicException, AccessDeniedSecurityException {
@PreAuthorize("permitAll()")
public ModelAndView showEmbeddedPage(@PathVariable int id, @RequestParam(required = false) Float zoom) throws MapCouldNotFoundException, MapNotPublicSecurityException, AccessDeniedSecurityException {
if (!mindmapService.isMindmapPublic(id)) {
throw new MapNonPublicException("Map " + id + " is not public.");
throw new MapNotPublicSecurityException("Map " + id + " is not public.");
}
final MindMapBean mindmap = findMindmapBean(id);
final ModelAndView view = new ModelAndView("mindmapEmbedded", "mindmap", mindmap);
final ModelAndView view = new ModelAndView("mindmapViewonly", "mindmap", mindmap);
view.addObject("zoom", zoom == null ? 1 : zoom);
final Locale locale = LocaleContextHolder.getLocale();
view.addObject("locale", locale.toString().toLowerCase());
@ -132,21 +135,24 @@ public class MindmapController {
}
@RequestMapping(value = "maps/{id}/public", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public String showPublicViewPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException {
if (!mindmapService.isMindmapPublic(id)) {
throw new MapNonPublicException("Map " + id + " is not public.");
throw new MapNotPublicSecurityException("Map " + id + " is not public.");
}
return this.showPrintPage(id, model);
}
@Deprecated
@RequestMapping(value = "publicView", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public String showPublicViewPageLegacy(@RequestParam(required = true) int mapId) {
return "redirect:maps/" + mapId + "/public";
}
@Deprecated
@RequestMapping(value = "embeddedView", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public String showPublicViewLegacyPage(@RequestParam(required = true) int mapId, @RequestParam(required = false) int zoom) {
return "redirect:maps/" + mapId + "/embed?zoom=" + zoom;
}

12
wise-webapp/src/main/java/com/wisemapping/webmvc/UsersController.java → wise-webapp/src/main/java/com/wisemapping/webmvc/MvcUsersController.java
View File

@ -22,31 +22,35 @@ package com.wisemapping.webmvc;
import com.wisemapping.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class UsersController {
public class MvcUsersController {
@Qualifier("userService")
@Autowired
private UserService userService;
@RequestMapping(value = "forgot-password", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public ModelAndView showResetPasswordPage() {
return new ModelAndView("forgot-password");
return new ModelAndView("reactInclude");
}
@RequestMapping(value = "registration-google", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public ModelAndView processGoogleCallback() {
return new ModelAndView("registration-google");
return new ModelAndView("reactInclude");
}
@RequestMapping(value = "registration", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public ModelAndView showRegistrationPage() {
return new ModelAndView("registration");
return new ModelAndView("reactInclude");
}
}

2
wise-webapp/src/main/resources/Bundle.properties
View File

@ -1 +1 @@
# Solves error Can't find bundle for base name javax.xml.bind.Messages, locale en_US
# Solves error Can't find bundle for base name jakarta.xml.bind.Messages, locale en_US

3
wise-webapp/src/main/resources/messages_en.properties
View File

@ -8,7 +8,6 @@ INVALID_EMAIL_ADDRESS=Invalid email address. Please, verify that your entered v
CREATOR=Creator
WELCOME=Welcome
SHARE=Share
UNEXPECTED_ERROR=An unexpected error has occurred.
MAP_TITLE_ALREADY_EXISTS=You have already a map with the same name
LABEL_TITLE_ALREADY_EXISTS=You have already a label with the same name
TUTORIAL.MULTIPLE_TEXT_STYLES=Multiple Text Styles
@ -47,9 +46,7 @@ MINDMAP_IS_LOCKED=Min map is locked for edition.
# Confirmed
RESET_PASSWORD_INVALID_EMAIL=The email provided is not a valid user account. Please, try again with a valid email.
TRY_WELCOME=This edition space showcases some of the mind map editor capabilities \!.
UNEXPECTED_ERROR_DETAILS=Unexpected error processing request.
NO_ENOUGH_PERMISSIONS=This mind map cannot be opened.
NO_ENOUGH_PERMISSIONS_DETAILS=You do not have enough right access to see this map. This map has been changed to private or deleted.
CAPTCHA_TIMEOUT_OUT_DUPLICATE=Please, refresh the page and try again.
CAPTCHA_INVALID_INPUT_RESPONSE=Invalid input response, refresh the page and try again.
MINDMAP_EMPTY_ERROR=Mind map can not be empty.

1
wise-webapp/src/main/webapp/WEB-INF/app.properties
View File

@ -160,3 +160,4 @@ security.oauth2.google.url=https://accounts.google.com/o/oauth2/v2/auth?redirect
# Coma separated list of domains and emails ban
#accounts.exclusion.domain=

7
wise-webapp/src/main/webapp/WEB-INF/classes/log4j-stdout.properties
View File

@ -1,7 +0,0 @@
# Debug level
log4j.rootLogger=INFO,stdout
# Stdout logger
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d %p %c - %m%n

19
wise-webapp/src/main/webapp/WEB-INF/classes/log4j-stdout.xml Normal file
View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="DEBUG">
<Appenders>
<Console name="LogToConsole" target="SYSTEM_OUT">
<PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n"/>
</Console>
</Appenders>
<Loggers>
<Logger name="com.wisemapping" level="debug">
<AppenderRef ref="LogToConsole"/>
</Logger>
<Logger name="org.springframework" level="trace">
<AppenderRef ref="LogToConsole"/>
</Logger>
<Root level="trace">
<AppenderRef ref="LogToConsole"/>
</Root>
</Loggers>
</Configuration>

24
wise-webapp/src/main/webapp/WEB-INF/classes/log4j.properties
View File

@ -1,24 +0,0 @@
# Log levels
log4j.rootLogger=INFO, stdout, R
log4j.logger.com.wisemapping=DEBUG,R
log4j.logger.org.springframework=DEBUG,R
log4j.logger.org.hibernate=INFO,R
log4j.logger.org.hibernate.type.descriptor.sql.BasicBinder=TRACE,R
log4j.logger.org.hibernate.SQL=DEBUG,R
# Stdout logger
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d %p %c - %m%n
# File Writer Logger
log4j.appender.R=org.apache.log4j.RollingFileAppender
log4j.appender.R.File=wisemapping.log
log4j.appender.R.MaxFileSize=100KB
# Keep one backup file
log4j.appender.R.MaxBackupIndex=1
log4j.appender.R.layout=org.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern=%d %p %c - %m%n

24
wise-webapp/src/main/webapp/WEB-INF/classes/log4j2.xml Normal file
View File

@ -0,0 +1,24 @@
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="DEBUG">
<Appenders>
<Console name="LogToConsole" target="SYSTEM_OUT">
<PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n"/>
</Console>
<File name="LogToFile" fileName="wisemapping.log">
<PatternLayout>
<Pattern>%d %p %c{1.} [%t] %m%n</Pattern>
</PatternLayout>
</File>
</Appenders>
<Loggers>
<Logger name="com.wisemapping" level="warn">
<AppenderRef ref="LogToConsole"/>
</Logger>
<Logger name="org.springframework" level="warn">
<AppenderRef ref="LogToConsole"/>
</Logger>
<Root level="warn">
<AppenderRef ref="LogToConsole"/>
</Root>
</Loggers>
</Configuration>

33
wise-webapp/src/main/webapp/WEB-INF/defs/definitions.xml
View File

@ -1,33 +0,0 @@
<!DOCTYPE tiles-definitions PUBLIC "-//Apache Software Foundation//DTD Tiles Configuration 3.0//EN" "http://tiles.apache.org/dtds/tiles-config_3_0.dtd">
<tiles-definitions>
<definition name="mindmapEmbedded" template="/jsp/mindmapViewonly.jsp"/>
<definition name="mindmapEditor" template="/jsp/mindmapEditor.jsp"/>
<definition name="mindmapPrint" template="/jsp/mindmapViewonly.jsp"/>
<definition name="login" template="/jsp/reactInclude.jsp"/>
<definition name="registration" template="/jsp/reactInclude.jsp"/>
<definition name="registration-google" template="/jsp/reactInclude.jsp"/>
<definition name="forgot-password" template="/jsp/reactInclude.jsp"/>
<definition name="mindmapList" template="/jsp/reactInclude.jsp"/>
<!-- Template Declaration -->
<definition name="errorTemplate" template="/jsp/errorTemplate.jsp">
<put-attribute name="title" value="" type="string"/>
<put-attribute name="details" value="" type="string"/>
</definition>
<!-- Error Pages -->
<definition name="unexpectedError" extends="errorTemplate">
<put-attribute name="title" value="UNEXPECTED_ERROR"/>
<put-attribute name="details" value="UNEXPECTED_ERROR_DETAILS"/>
<put-attribute name="logError" value="true"/>
</definition>
<definition name="securityError" extends="errorTemplate">
<put-attribute name="title" value="NO_ENOUGH_PERMISSIONS"/>
<put-attribute name="details" value="NO_ENOUGH_PERMISSIONS_DETAILS"/>
</definition>
</tiles-definitions>

7
wise-webapp/src/main/webapp/WEB-INF/views/init.jsp Normal file
View File

@ -0,0 +1,7 @@
<%@taglib uri="jakarta.tags.functions" prefix="fn" %>
<%@taglib uri="jakarta.tags.core" prefix="c"%>
<%
request.setAttribute("principal", com.wisemapping.security.Utils.getUser());
%>

4
wise-webapp/src/main/webapp/jsp/mindmapEditor.jsp → wise-webapp/src/main/webapp/WEB-INF/views/mindmapEditor.jsp
View File

@ -1,7 +1,7 @@
<%@ page import="com.wisemapping.security.Utils" %>
<%@ page import="com.wisemapping.model.User" %>
<%@ page pageEncoding="UTF-8" contentType="text/html; charset=UTF-8" %>
<%@ include file="/jsp/init.jsp" %>
<%@ include file="init.jsp" %>
<%--@elvariable id="mindmap" type="com.wisemapping.model.Mindmap"--%>
<%--@elvariable id="editorTryMode" type="java.lang.Boolean"--%>
@ -16,7 +16,7 @@
<base href="${requestScope['site.baseurl']}/static/webapp/">
<link rel="preload" href="https://fonts.googleapis.com/css2?family=Montserrat:wght@100;200;300;400;600&display=swap" as="style" onload="this.onload=null;this.rel='stylesheet'" crossorigin>
<%@ include file="/jsp/pageHeaders.jsf" %>
<%@ include file="pageHeaders.jsf" %>
<title>Loading ... | WiseMapping</title>

4
wise-webapp/src/main/webapp/jsp/mindmapViewonly.jsp → wise-webapp/src/main/webapp/WEB-INF/views/mindmapViewonly.jsp
View File

@ -1,5 +1,5 @@
<%@page pageEncoding="UTF-8" %>
<%@include file="/jsp/init.jsp" %>
<%@include file="init.jsp" %>
<%--@elvariable id="mindmap" type="com.wisemapping.model.Mindmap"--%>
@ -15,7 +15,7 @@
<link rel="preload" href="../../css/viewonly.css" as="style" onload="this.onload=null;this.rel='stylesheet'">
<title>${mindmap.title} | <spring:message code="SITE.TITLE"/></title>
<%@ include file="/jsp/pageHeaders.jsf" %>
<%@ include file="pageHeaders.jsf" %>
<script type="text/javascript">
var mapId = '${mindmap.id}';

2
wise-webapp/src/main/webapp/jsp/pageHeaders.jsf → wise-webapp/src/main/webapp/WEB-INF/views/pageHeaders.jsf
View File

@ -1,4 +1,4 @@
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@taglib uri="jakarta.tags.core" prefix="c"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<meta name="viewport" content="width=device-width, initial-scale=1.0">

9
wise-webapp/src/main/webapp/jsp/reactInclude.jsp → wise-webapp/src/main/webapp/WEB-INF/views/reactInclude.jsp
View File

@ -1,4 +1,4 @@
<%@ taglib uri = "http://java.sun.com/jsp/jstl/functions" prefix = "fn" %>
<%@ taglib uri = "jakarta.tags.functions" prefix = "fn" %>
<%@ page pageEncoding="UTF-8" contentType="text/html; charset=UTF-8" %>
<!DOCTYPE html>
@ -9,9 +9,7 @@
<base href="${requestScope['site.baseurl']}/static/webapp/">
<link rel="preload" href="https://fonts.googleapis.com/css2?family=Montserrat:wght@100;200;300;400;600&display=swap" as="style" onload="this.onload=null;this.rel='stylesheet'" crossorigin>
<%@ include file="/jsp/pageHeaders.jsf" %>
<title>WiseMapping</title>
<%@ include file="pageHeaders.jsf" %>
<script>
window.serverconfig = {
@ -23,7 +21,10 @@
googleOauth2Url: '${requestScope['security.oauth2.google.url']}'
};
<!-- Hack to force view selection on react to move all the UI to react-->
window.errorMvcView = '${requestScope['exception']!=null?(fn:indexOf(requestScope['exception'],'SecurityException') gt 1?'securityError':'unexpectedError'):''}';
</script>
<c:if test="${requestScope['google.analytics.enabled']}">
<!-- Google Ads Sense Config. Lazy loading optimization -->
<script type="text/javascript">

12
wise-webapp/src/main/webapp/WEB-INF/web.xml
View File

@ -1,11 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
<web-app version="5.0"
xmlns="https://jakarta.ee/xml/ns/jakartaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_5_0.xsd">
<filter>
<filter>
<filter-name>charsetFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
@ -17,7 +17,7 @@
<distributable/>
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-name>jakarta.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-value>messages</param-value>
</context-param>
@ -29,7 +29,7 @@
/WEB-INF/wisemapping-dao.xml
/WEB-INF/wisemapping-service.xml
/WEB-INF/wisemapping-model.xml
/WEB-INF/wisemapping-security.xml
/WEB-INF/wisemapping-servlet.xml
</param-value>
</context-param>

6
wise-webapp/src/main/webapp/WEB-INF/wisemapping-dao.xml
View File

@ -21,9 +21,9 @@
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">${database.hibernate.dialect}</prop>
<prop key="hibernate.cache.use_second_level_cache">true</prop>
<prop key="hibernate.cache.region.factory_class">org.hibernate.cache.ehcache.EhCacheRegionFactory</prop>
<prop key="hibernate.default_batch_fetch_size">200</prop>
<!-- <prop key="hibernate.cache.use_second_level_cache">true</prop>-->
<!-- <prop key="hibernate.cache.region.factory_class">org.hibernate.cache.ehcache.EhCacheRegionFactory</prop>-->
<!-- <prop key="hibernate.default_batch_fetch_size">200</prop>-->
<prop key="hibernate.nestedTransactionAllowed">true</prop>
<prop key="hibernate.auto_quote_keyword">true</prop>
</props>

90
wise-webapp/src/main/webapp/WEB-INF/wisemapping-security.xml
View File

@ -1,90 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<bean id="custom-firewall" class="org.springframework.security.web.firewall.StrictHttpFirewall">
<property name="allowSemicolon" value="true"/>
</bean>
<sec:http-firewall ref="custom-firewall"/>
<sec:http pattern="/static/webapp/**" security="none"/>
<sec:http pattern="/static/mindplot/**" security="none"/>
<sec:http pattern="/css/**" security="none"/>
<sec:http pattern="/js/**" security="none"/>
<sec:http pattern="/images/**" security="none"/>
<sec:http pattern="/c/maps/*/embed" security="none"/>
<sec:http pattern="/c/maps/*/try" security="none"/>
<sec:http pattern="/c/maps/*/public" security="none"/>
<sec:http pattern="/c/restful/maps/*/document/xml-pub" security="none"/>
<sec:http pattern="/c/activation" security="none"/>
<!-- Admin related services that required admin role-->
<sec:http use-expressions="true" create-session="stateless" pattern="/service/**">
<sec:csrf disabled="true"/>
<sec:intercept-url pattern="/service/users" method="OPTIONS" access="permitAll"/>
<sec:intercept-url pattern="/service/users/resetPassword" method="OPTIONS" access="permitAll"/>
<sec:intercept-url pattern="/service/users/" method="POST" access="permitAll"/>
<sec:intercept-url pattern="/service/users/resetPassword" method="PUT" access="permitAll"/>
<sec:intercept-url pattern="/service/oauth2/googlecallback" method="POST" access="permitAll"/>
<sec:intercept-url pattern="/service/oauth2/confirmaccountsync" method="PUT" access="permitAll"/>
<sec:intercept-url pattern="/service/admin/users/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
<sec:intercept-url pattern="/service/admin/database/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
<sec:intercept-url pattern="/service/**" access="isAuthenticated() and hasRole('ROLE_USER')"/>
<sec:http-basic/>
</sec:http>
<sec:http use-expressions="true" pattern="/c/**/*">
<sec:csrf request-matcher-ref="requestMatcher"/>
<sec:intercept-url pattern="/c/login" access="permitAll"/>
<sec:intercept-url pattern="/c/registration" access="hasRole('ANONYMOUS')"/>
<sec:intercept-url pattern="/c/registration-success" access="hasRole('ANONYMOUS')"/>
<sec:intercept-url pattern="/c/registration-google" access="permitAll"/>
<sec:intercept-url pattern="/c/forgot-password" access="hasRole('ANONYMOUS')"/>
<sec:intercept-url pattern="/c/forgot-password-success" access="hasRole('ANONYMOUS')"/>
<sec:intercept-url pattern="/c/**/*" access="isAuthenticated() and hasRole('ROLE_USER')"/>
<sec:access-denied-handler error-page="/c/login"/>
<sec:form-login login-page="/c/login"
authentication-success-handler-ref="authenticationSuccessHandler"
always-use-default-target="false"
authentication-failure-url="/c/login?login_error=2"
login-processing-url="/c/perform-login"/>
<!-- Expire in 28 days -->
<sec:remember-me token-validity-seconds="2419200"
remember-me-parameter="remember-me"
authentication-success-handler-ref="authenticationSuccessHandler"/>
<sec:logout logout-url="/c/logout" invalidate-session="true" logout-success-url="/c/login"/>
</sec:http>
<!-- Extends CSFR match to get methods to have consistency in all errors. Otherwise, get requests are forward in some cases -->
<bean id="requestMatcher"
class="com.wisemapping.security.CSFRRequestMatcher">
<property name="prefix" value="/c/restful/"/>
</bean>
<import resource="wisemapping-security-${security.type}.xml"/>
<bean id="userDetailsService" class="com.wisemapping.security.UserDetailsService">
<property name="userService" ref="userService"/>
<property name="adminUser" value="${admin.user}"/>
</bean>
<bean id="authenticationSuccessHandler" class="com.wisemapping.security.AuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/c/maps/"/>
<property name="alwaysUseDefaultTargetUrl" value="false"/>
</bean>
</beans>

1
wise-webapp/src/main/webapp/WEB-INF/wisemapping-service.xml
View File

@ -120,4 +120,5 @@
</property>
</bean>
<import resource="wisemapping-security-${security.type}.xml"/>
</beans>

35
wise-webapp/src/main/webapp/WEB-INF/wisemapping-servlet.xml
View File

@ -11,7 +11,7 @@
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<context:component-scan base-package="com.wisemapping.webmvc"/>
<context:component-scan base-package="com.wisemapping"/>
<context:annotation-config/>
<mvc:annotation-driven/>
<context:property-placeholder location="/WEB-INF/app.properties" ignore-unresolvable="true"/>
@ -22,39 +22,6 @@
<bean id="requestInterceptor" class="com.wisemapping.filter.RequestPropertiesInterceptor"/>
</mvc:interceptors>
<bean id="simpleMappingExceptionResolver"
class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="defaultStatusCode" value="500"/>
<property name="defaultErrorView" value="unexpectedError"/>
<property name="warnLogCategory" value="com.wisemapping.mvc.Exceptions"/>
<property name="exceptionMappings">
<props>
<!-- Security access exceptions must not handled as unexpected errors -->
<prop key="com.wisemapping.exceptions.MapNonPublicException">securityError</prop>
<prop key="com.wisemapping.exceptions.AccessDeniedSecurityException">securityError</prop>
</props>
</property>
<property name="statusCodes">
<props>
<prop key="securityError">403</prop>
</props>
</property>
</bean>
<bean id="viewResolver" class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.tiles3.TilesView"/>
</bean>
<bean id="tilesConfigurer" class="org.springframework.web.servlet.view.tiles3.TilesConfigurer">
<property name="definitions">
<list>
<value>/WEB-INF/defs/definitions.xml</value>
</list>
</property>
</bean>
<bean id="localeResolver"
class="org.springframework.web.servlet.i18n.SessionLocaleResolver">
</bean>

41
wise-webapp/src/main/webapp/css/error.css
View File

@ -1,41 +0,0 @@
div#errorContainer {
font-family:Helvetica;
display: flex;
padding: 200px 80px;
}
h1 {
color: #696969;
font-weight: bold;
font-size:100px;
}
h2 {
color: rgb(241, 163, 39);
font-size: 40px;
}
p {
font-size: 25px;
}
#icon {
height: 150px;
}
div#bottom-logo {
position: fixed;
right: 20px;
bottom: 10px;
background: url(../../images/logo-text-black.svg) no-repeat;
width: 90px;
height: 40px;
}
.column {
justify-content: center;
align-items: center;
flex: 1;
display: flex;
}

6
wise-webapp/src/main/webapp/jsp/error.jsp
View File

@ -1,6 +0,0 @@
<%@ page autoFlush="true" buffer="none" %>
<%@ include file="/jsp/init.jsp" %>
<h1>
<spring:message code="UNEXPECTED_ERROR"/>
</h1>

52
wise-webapp/src/main/webapp/jsp/errorTemplate.jsp
View File

@ -1,52 +0,0 @@
<%@page pageEncoding="UTF-8" %>
<%@include file="/jsp/init.jsp" %>
<!DOCTYPE HTML>
<%@ taglib uri="http://tiles.apache.org/tags-tiles" prefix="tiles" %>
<tiles:importAttribute name="title" scope="request"/>
<tiles:importAttribute name="details" scope="request"/>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<base href="${requestScope['site.baseurl']}/">
<title>
<spring:message code="SITE.TITLE"/>-
<c:choose>
<c:when test="${requestScope.viewTitle!=null}">
${requestScope.viewTitle}
</c:when>
<c:otherwise>
<spring:message code="${requestScope.title}"/>
</c:otherwise>
</c:choose>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<base href="${requestScope['site.baseurl']}/static/mindplot/">
<title><spring:message code="SITE.TITLE"/> - <c:out value="${mindmap.title}"/></title>
<link rel="stylesheet" href="../../css/error.css"/>
<%@ include file="/jsp/pageHeaders.jsf" %>
</head>
<body>
<div id="errorContainer">
<div class='col'>
<h1>Oops !</h1>
<h2>
<spring:message code="${requestScope.title}"/>
</h2>
<p>
<spring:message code="${requestScope.details}"/>
</p>
</div>
<div class='column'>
<a href="https://www.wisemapping.com">
<img src="/images/logo-icon.svg" alt="Wisemapping icon" id="icon" />
</a>
</div>
</div>
<div id="bottom-logo"></div>
</body>
</html>

10
wise-webapp/src/main/webapp/jsp/init.jsp
View File

@ -1,10 +0,0 @@
<%@taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@taglib prefix="spring" uri="http://www.springframework.org/tags" %>
<%@taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<%@ taglib uri = "http://java.sun.com/jsp/jstl/functions" prefix = "fn" %>
<%
request.setAttribute("principal", com.wisemapping.security.Utils.getUser());
%>

2
wise-webapp/src/test/java/com/wisemapping/test/rest/RestLabelITCase.java
View File

@ -71,7 +71,7 @@ public class RestLabelITCase {
static RestLabelList getLabels(HttpHeaders requestHeaders, RestTemplate template) {
final HttpEntity findLabelEntity = new HttpEntity(requestHeaders);
final ResponseEntity<RestLabelList> response = template.exchange(BASE_REST_URL + "/labels", HttpMethod.GET, findLabelEntity, RestLabelList.class);
final ResponseEntity<RestLabelList> response = template.exchange(BASE_REST_URL + "/labels/", HttpMethod.GET, findLabelEntity, RestLabelList.class);
return response.getBody();
}