Complete security filter

This commit is contained in:
Paulo Gustavo Veiga 2022-02-19 17:21:45 -08:00
parent f2c15d100d
commit 6aadb5a363

View File

@ -13,8 +13,6 @@
</bean> </bean>
<sec:http-firewall ref="custom-firewall"/> <sec:http-firewall ref="custom-firewall"/>
<sec:http pattern="/static/webapp/**" security="none"/> <sec:http pattern="/static/webapp/**" security="none"/>
<sec:http pattern="/static/mindplot/**" security="none"/> <sec:http pattern="/static/mindplot/**" security="none"/>
<sec:http pattern="/css/**" security="none"/> <sec:http pattern="/css/**" security="none"/>
@ -29,8 +27,6 @@
<sec:http pattern="/c/maps/*/public" security="none"/> <sec:http pattern="/c/maps/*/public" security="none"/>
<sec:http pattern="/c/restful/maps/*/document/xml-pub" security="none"/> <sec:http pattern="/c/restful/maps/*/document/xml-pub" security="none"/>
<sec:http pattern="/c/publicview.htm" security="none"/>
<sec:http pattern="/c/embeddedview.htm" security="none"/>
<sec:http pattern="/c/termsOfUse" security="none"/> <sec:http pattern="/c/termsOfUse" security="none"/>
<sec:http pattern="/c/activation" security="none"/> <sec:http pattern="/c/activation" security="none"/>
@ -54,8 +50,8 @@
</sec:http> </sec:http>
<sec:http use-expressions="true" pattern="/c/**/*"> <sec:http use-expressions="true" pattern="/c/**/*">
<sec:csrf request-matcher-ref="requestMatcher"/>
<sec:intercept-url pattern="/c/login" access="hasRole('ANONYMOUS')"/> <sec:intercept-url pattern="/c/login" access="hasRole('ANONYMOUS')"/>
<sec:intercept-url pattern="/c/logout" access="hasRole('ANONYMOUS')"/>
<sec:intercept-url pattern="/c/registration" access="hasRole('ANONYMOUS')"/> <sec:intercept-url pattern="/c/registration" access="hasRole('ANONYMOUS')"/>
<sec:intercept-url pattern="/c/registration-success" access="hasRole('ANONYMOUS')"/> <sec:intercept-url pattern="/c/registration-success" access="hasRole('ANONYMOUS')"/>
<sec:intercept-url pattern="/c/forgot-password" access="hasRole('ANONYMOUS')"/> <sec:intercept-url pattern="/c/forgot-password" access="hasRole('ANONYMOUS')"/>
@ -72,10 +68,9 @@
<!-- Expire in 28 days --> <!-- Expire in 28 days -->
<sec:remember-me token-validity-seconds="2419200" remember-me-parameter="remember-me"/> <sec:remember-me token-validity-seconds="2419200" remember-me-parameter="remember-me"/>
<sec:logout logout-url="/c/logout" invalidate-session="true" logout-success-url="/c/login"/> <sec:logout logout-url="/c/logout" invalidate-session="true" logout-success-url="/c/login"/>
<sec:csrf request-matcher-ref="requestMatcher"/>
</sec:http> </sec:http>
<!-- Extends CFSR check to get methods to have consistency in all errors. Otherwise, request is forward in some cases --> <!-- Extends CSFR match to get methods to have consistency in all errors. Otherwise, get requests are forward in some cases -->
<bean id="requestMatcher" <bean id="requestMatcher"
class="com.wisemapping.security.CSFRRequestMatcher"> class="com.wisemapping.security.CSFRRequestMatcher">
<property name="prefix" value="/c/restful/"/> <property name="prefix" value="/c/restful/"/>