Fix public map access.

2024-07-07 08:50:45 +02:00 · 2023-08-10 23:18:59 -07:00 · 2023-08-10 23:18:59 -07:00 · 87712b2493
commit 87712b2493
parent c783feef65
3 changed files with 4 additions and 8 deletions
--- a/wise-webapp/src/main/java/com/wisemapping/config/AppConfig.java
+++ b/wise-webapp/src/main/java/com/wisemapping/config/AppConfig.java
@ -1,7 +1,5 @@
 package com.wisemapping.config;

-import com.wisemapping.exceptions.AccessDeniedSecurityException;
-import com.wisemapping.exceptions.MapNotPublicSecurityException;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.HandlerExceptionResolver;
@ -11,8 +9,6 @@ import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver;
 import org.springframework.web.servlet.view.InternalResourceViewResolver;
 import org.springframework.web.servlet.view.JstlView;

-import java.util.Properties;
-
@EnableWebMvc
@Configuration
 public class AppConfig {
--- a/wise-webapp/src/main/java/com/wisemapping/config/SecurityConfig.java
+++ b/wise-webapp/src/main/java/com/wisemapping/config/SecurityConfig.java
@ -80,7 +80,7 @@ public class SecurityConfig {
                                        .requestMatchers("/registration", "registration-success", "/registration-google").permitAll()
                                        .requestMatchers("/forgot-password", "/forgot-password-success").permitAll()
                                        .requestMatchers("/maps/*/embed", "/maps/*/try", "/maps/*/public").permitAll()
-                                        .requestMatchers("/restful/maps/*/document/xml-pub").permitAll()
+                                        .requestMatchers("/maps/*/document/xml-pub").permitAll()
                                        .requestMatchers("/**").hasAnyRole("USER", "ADMIN")
                                        .anyRequest().authenticated())
                .formLogin((loginForm) ->
@ -112,7 +112,7 @@ public class SecurityConfig {
    public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
        return http.authorizeHttpRequests(
                (auth) ->
-                        auth.requestMatchers("/static/**", "/css/**", "/js/**", "/images/**", "/favicon.ico").permitAll()
+                        auth.requestMatchers("/static/**", "/css/**", "/js/**", "/images/**", "/*").permitAll()
        ).build();
    }

--- a/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java
+++ b/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java
@ -84,8 +84,7 @@ public class MindmapController extends BaseController {
        List<Mindmap> mindmaps = mindmapService.findMindmapsByUser(user);
        mindmaps = mindmaps
                .stream()
-                .filter(m -> filter.accept(m, user))
-                .collect(Collectors.toUnmodifiableList());
+                .filter(m -> filter.accept(m, user)).toList();

        return new RestMindmapList(mindmaps, user);
    }
@ -148,6 +147,7 @@ public class MindmapController extends BaseController {
        saveMindmapDocument(minor, mindmap, user);
    }

+    @PreAuthorize("permitAll()")
    @RequestMapping(method = RequestMethod.GET, value = {"/maps/{id}/document/xml", "/maps/{id}/document/xml-pub"}, consumes = {"text/plain"}, produces = {"application/xml; charset=UTF-8"})
    @ResponseBody
    public byte[] retrieveDocument(@PathVariable int id, @NotNull HttpServletResponse response) throws WiseMappingException, IOException {