Move couple of classes to services

Improve label security.
This commit is contained in:
Paulo Gustavo Veiga 2023-11-19 07:57:23 -08:00
parent 480fd49fd0
commit 8ec7c4edea
5 changed files with 17 additions and 14 deletions

View File

@ -12,7 +12,6 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
@Configuration
@EnableMethodSecurity(
prePostEnabled = true,
securedEnabled = true,
jsr250Enabled = true)
public class MethodSecurityConfig {

View File

@ -24,6 +24,7 @@ import com.wisemapping.model.User;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
@ -38,7 +39,8 @@ public class LabelServiceImpl implements LabelService {
private LabelManager labelManager;
@Override
public void addLabel(@NotNull final Label label, @NotNull final User user) throws WiseMappingException {
@PreAuthorize("hasAnyRole('USER', 'ADMIN') && hasPermission(#user, 'WRITE')")
public void addLabel(@NotNull final Label label, @NotNull final User user) {
label.setCreator(user);
labelManager.addLabel(label);
@ -46,22 +48,26 @@ public class LabelServiceImpl implements LabelService {
@NotNull
@Override
@PreAuthorize("hasAnyRole('USER', 'ADMIN') && hasPermission(#user, 'READ')")
public List<Label> getAll(@NotNull final User user) {
return labelManager.getAllLabels(user);
}
@Override @Nullable
@Override
@PreAuthorize("hasAnyRole('USER', 'ADMIN') && hasPermission(#user, 'READ')")
public Label findLabelById(int id, @NotNull final User user) {
return labelManager.getLabelById(id, user);
}
@Nullable
@Override
@PreAuthorize("hasAnyRole('USER', 'ADMIN') && hasPermission(#user, 'READ')")
public Label getLabelByTitle(@NotNull String title, @NotNull final User user) {
return labelManager.getLabelByTitle(title, user);
}
@Override
@PreAuthorize("hasAnyRole('USER', 'ADMIN') && hasPermission(#user, 'WRITE')")
public void removeLabel(@NotNull Label label, @NotNull User user) throws WiseMappingException {
if (label.getCreator().equals(user)) {
labelManager.removeLabel(label);

View File

@ -29,21 +29,27 @@ import org.apache.http.client.fluent.Request;
import org.jetbrains.annotations.Nullable;
import jakarta.validation.constraints.NotNull;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import java.io.IOException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@Service
public class RecaptchaService {
final private static Logger logger = LogManager.getLogger();
final private static String GOOGLE_RECAPTCHA_VERIFY_URL =
"https://www.google.com/recaptcha/api/siteverify";
private final static ObjectMapper objectMapper = new ObjectMapper();
public static final String CATCH_ERROR_CODE_TIMEOUT_OR_DUPLICATE = "timeout-or-duplicate";
public static final String CATCHA_ERROR_CODE_INPUT_RESPONSE = "invalid-input-response";
@Value("${google.recaptcha2.secretKey}")
private String recaptchaSecret;
@Nullable

View File

@ -21,7 +21,9 @@ import org.apache.commons.collections.ExtendedProperties;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.runtime.RuntimeConstants;
import org.jetbrains.annotations.NotNull;
import org.springframework.stereotype.Component;
@Component
public class VelocityEngineWrapper {
private final VelocityEngine velocityEngine;

View File

@ -18,9 +18,6 @@
<property name="velocityEngineWrapper" ref="velocityEngineWrapper"/>
</bean>
<bean id="httpInvoker" class="com.wisemapping.service.google.http.HttpInvoker">
</bean>
<bean id="googleService" class="com.wisemapping.service.google.GoogleService">
<property name="httpInvoker" ref="httpInvoker"/>
<property name="optinConfirmUrl" value="${security.oauth2.google.confirmUrl}"/>
@ -30,10 +27,6 @@
<property name="callbackUrl" value="${security.oauth2.google.callbackUrl}"/>
</bean>
<bean id="recaptchaService" class="com.wisemapping.service.RecaptchaService">
<property name="recaptchaSecret" value="${google.recaptcha2.secretKey}"/>
</bean>
<bean id="mailSender" class="org.springframework.mail.javamail.JavaMailSenderImpl">
<property name="host" value="${mail.smtp.host}"/>
<property name="port" value="${mail.smtp.port}"/>
@ -49,9 +42,6 @@
</property>
</bean>
<bean id="velocityEngineWrapper" class="com.wisemapping.util.VelocityEngineWrapper">
</bean>
<bean id="notificationService" class="com.wisemapping.mail.NotificationService">
<property name="baseUrl" value="${site.baseurl:http://localhost:8080/}"/>
<property name="mailer" ref="mailer"/>