- Fix security issues when the map is loaded from the rest service. Two URL has been defined for each type of access.

This commit is contained in:
Paulo Gustavo Veiga 2013-02-07 21:44:20 -03:00
parent 6e2880c8cc
commit 5d05f21803
8 changed files with 13 additions and 14 deletions

View File

@ -99,7 +99,7 @@ mindplot.widget.LinkEditor = new Class({
}); });
openButton.inject(form); openButton.inject(form);
openButton.addEvent('click',function(){ openButton.addEvent('click',function(){
window.open(input.value,"_blank", "status=1,width=700,height=450,resize=1"); window.open(input.value,"_blank", "status=1,width=700,height=450,resizable=1");
}); });

View File

@ -173,7 +173,7 @@ public class MindmapController extends BaseController {
return lockInfo.getTimestamp(); return lockInfo.getTimestamp();
} }
@RequestMapping(method = RequestMethod.GET, value = "/maps/{id}/document/xml",consumes = {"text/plain"}, produces = {"application/xml"}) @RequestMapping(method = RequestMethod.GET, value = { "/maps/{id}/document/xml","/maps/{id}/document/xml-pub"},consumes = {"text/plain"}, produces = {"application/xml"})
@ResponseBody @ResponseBody
public byte[] retrieveDocument(@PathVariable int id, @NotNull HttpServletResponse response) throws WiseMappingException, IOException { public byte[] retrieveDocument(@PathVariable int id, @NotNull HttpServletResponse response) throws WiseMappingException, IOException {
// I should not return byte, but there is some encoding issue here. Further research needed. // I should not return byte, but there is some encoding issue here. Further research needed.

View File

@ -24,10 +24,9 @@
<sec:http pattern="/c/maps/*/embed" security="none"/> <sec:http pattern="/c/maps/*/embed" security="none"/>
<sec:http pattern="/c/maps/*/try" security="none"/> <sec:http pattern="/c/maps/*/try" security="none"/>
<!--<sec:http pattern="/c/maps/*/print" security="none"/>-->
<sec:http pattern="/c/maps/*/public" security="none"/> <sec:http pattern="/c/maps/*/public" security="none"/>
<sec:http pattern="/c/GCFInstall" security="none"/> <sec:http pattern="/c/GCFInstall" security="none"/>
<!--<sec:http pattern="/c/restful/maps/*/document/xml " security="none"/>--> <sec:http pattern="/c/restful/maps/*/document/xml-pub" security="none"/>
<sec:http pattern="/c/publicview.htm" security="none"/> <sec:http pattern="/c/publicview.htm" security="none"/>
<sec:http pattern="/c/embeddedview.htm" security="none"/> <sec:http pattern="/c/embeddedview.htm" security="none"/>

View File

@ -2,3 +2,6 @@
<%@taglib prefix="spring" uri="http://www.springframework.org/tags" %> <%@taglib prefix="spring" uri="http://www.springframework.org/tags" %>
<%@taglib prefix="form" uri="http://www.springframework.org/tags/form" %> <%@taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> <%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<%
request.setAttribute("principal", com.wisemapping.security.Utils.getUser());
%>

View File

@ -45,7 +45,7 @@
); );
</c:if> </c:if>
<c:if test="${memoryPersistence || readOnlyMode}"> <c:if test="${memoryPersistence || readOnlyMode}">
options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml"); options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml${principal!=null?'':'-pub'}");
</c:if> </c:if>
var userOptions = ${mindmap.properties}; var userOptions = ${mindmap.properties};

View File

@ -2,17 +2,14 @@
<div id="toolbar"> <div id="toolbar">
<div id="persist" class="buttonContainer"> <div id="persist" class="buttonContainer">
<c:if test="${!readOnlyMode}"> <c:if test="${!readOnlyMode && !memoryPersistence}">
<div id="save" class="buttonOn"> <div id="save" class="buttonOn">
<img src="images/save.png"/> <img src="images/save.png"/>
</div> </div>
<%--<div id="discard" class="buttonOn">--%> <div id="print" class="buttonOn">
<%--<img src="images/discard.png"/>--%> <img src="images/print.png"/>
<%--</div>--%> </div>
</c:if> </c:if>
<div id="print" class="buttonOn">
<img src="images/print.png"/>
</div>
</div> </div>
<c:if test="${!readOnlyMode}"> <c:if test="${!readOnlyMode}">
<div id="edit" class="buttonContainer"> <div id="edit" class="buttonContainer">

View File

@ -45,7 +45,7 @@
options.readOnly = true; options.readOnly = true;
// Configure persistence ... // Configure persistence ...
options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml"); options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml${principal!=null?'':'-pub'}");
// Build designer ... // Build designer ...
var designer = buildDesigner(options); var designer = buildDesigner(options);

View File

@ -77,7 +77,7 @@
options.readOnly = true; options.readOnly = true;
// Configure loader ... // Configure loader ...
options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml.xml"); options.persistenceManager = new mindplot.LocalStorageManager("c/restful/maps/{id}/document/xml${principal!=null?'':'-pub'}");
// Build designer ... // Build designer ...
var designer = buildDesigner(options); var designer = buildDesigner(options);