From c91cafa8ffdb52f874c7b1ff1f6b23e53dbf7039 Mon Sep 17 00:00:00 2001 From: Paulo Gustavo Veiga Date: Mon, 15 Jan 2024 16:36:29 -0800 Subject: [PATCH] Simplyfy auth. --- .../config/common/SecurityConfig.java | 2 - .../config/mvc/MvcSecurityConfig.java | 57 ++++++++++--------- .../config/rest/RestAppConfig.java | 54 +++++++----------- 3 files changed, 48 insertions(+), 65 deletions(-) diff --git a/wise-webapp/src/main/java/com/wisemapping/config/common/SecurityConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/common/SecurityConfig.java index ebc3834c..5cc92ac2 100644 --- a/wise-webapp/src/main/java/com/wisemapping/config/common/SecurityConfig.java +++ b/wise-webapp/src/main/java/com/wisemapping/config/common/SecurityConfig.java @@ -15,8 +15,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.crypto.password.PasswordEncoder; -import static org.springframework.security.crypto.factory.PasswordEncoderFactories.createDelegatingPasswordEncoder; - @Configuration @EnableWebSecurity @EnableMethodSecurity( diff --git a/wise-webapp/src/main/java/com/wisemapping/config/mvc/MvcSecurityConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/mvc/MvcSecurityConfig.java index d90cbdd1..c7a06dfc 100644 --- a/wise-webapp/src/main/java/com/wisemapping/config/mvc/MvcSecurityConfig.java +++ b/wise-webapp/src/main/java/com/wisemapping/config/mvc/MvcSecurityConfig.java @@ -18,14 +18,13 @@ public class MvcSecurityConfig { @Bean @Order(1) - public SecurityFilterChain embeddedDisabledXOrigin(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { - final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector); + public SecurityFilterChain embeddedDisabledXOrigin(@NotNull final HttpSecurity http, @NotNull final MvcRequestMatcher.Builder mvc) throws Exception { http .securityMatchers((matchers) -> - matchers.requestMatchers(matcher.pattern("c/maps/*/embed"))) + matchers.requestMatchers(mvc.pattern("/c/maps/*/embed"))) .authorizeHttpRequests( - (auth) -> auth.requestMatchers(matcher.pattern(("c/maps/*/embed"))).permitAll()) + (auth) -> auth.requestMatchers(mvc.pattern(("/c/maps/*/embed"))).permitAll()) .headers((header -> header.frameOptions() .disable() )) @@ -34,27 +33,31 @@ public class MvcSecurityConfig { return http.build(); } + @Bean + MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) { + return new MvcRequestMatcher.Builder(introspector); + } + @Bean @Order(2) - public SecurityFilterChain mvcFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { - final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector); + public SecurityFilterChain mvcFilterChain(@NotNull final HttpSecurity http, @NotNull final MvcRequestMatcher.Builder mvc) throws Exception { http .securityMatchers((matchers) -> - matchers.requestMatchers(matcher.pattern("/c/**"))) + matchers.requestMatchers(mvc.pattern("/c/**"))) .authorizeHttpRequests( (auth) -> auth - .requestMatchers(matcher.pattern("/c/login")).permitAll() - .requestMatchers(matcher.pattern("/c/logout")).permitAll() - .requestMatchers(matcher.pattern("/c/registration")).permitAll() - .requestMatchers(matcher.pattern("/c/registration-success")).permitAll() - .requestMatchers(matcher.pattern("/c/registration-google")).permitAll() + .requestMatchers(mvc.pattern("/c/login")).permitAll() + .requestMatchers(mvc.pattern("/c/logout")).permitAll() + .requestMatchers(mvc.pattern("/c/registration")).permitAll() + .requestMatchers(mvc.pattern("/c/registration-success")).permitAll() + .requestMatchers(mvc.pattern("/c/registration-google")).permitAll() - .requestMatchers(matcher.pattern("/c/forgot-password")).permitAll() - .requestMatchers(matcher.pattern("/c/forgot-password-success")).permitAll() - .requestMatchers(matcher.pattern("/c/maps/*/try")).permitAll() - .requestMatchers(matcher.pattern("/c/maps/*/public")).permitAll() - .requestMatchers(matcher.pattern("/c/**")).hasAnyRole("USER", "ADMIN") + .requestMatchers(mvc.pattern("/c/forgot-password")).permitAll() + .requestMatchers(mvc.pattern("/c/forgot-password-success")).permitAll() + .requestMatchers(mvc.pattern("/c/maps/*/try")).permitAll() + .requestMatchers(mvc.pattern("/c/maps/*/public")).permitAll() + .requestMatchers(mvc.pattern("/c/**")).hasAnyRole("USER", "ADMIN") .anyRequest().authenticated()) .formLogin((loginForm) -> loginForm.loginPage("/c/login") @@ -77,25 +80,23 @@ public class MvcSecurityConfig { .disable() )) .csrf((csrf) -> - csrf.ignoringRequestMatchers(matcher.pattern("/c/logout"))); + csrf.ignoringRequestMatchers(mvc.pattern("/c/logout"))); return http.build(); } @Bean @Order(3) - public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { - final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector); - + public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final MvcRequestMatcher.Builder mvc) throws Exception { return http.authorizeHttpRequests( (auth) -> - auth.requestMatchers(matcher.pattern("/static/**")).permitAll(). - requestMatchers(matcher.pattern("/css/**")).permitAll(). - requestMatchers(matcher.pattern("/js/**")).permitAll(). - // @todo: Wht this is required ... - requestMatchers(matcher.pattern("/WEB-INF/jsp/*.jsp")).permitAll(). - requestMatchers(matcher.pattern("/images/**")).permitAll(). - requestMatchers(matcher.pattern("/*")).permitAll() + auth.requestMatchers(mvc.pattern("/static/**")).permitAll(). + requestMatchers(mvc.pattern("/css/**")).permitAll(). + requestMatchers(mvc.pattern("/js/**")).permitAll(). + // @todo: Why this is required ... + requestMatchers(mvc.pattern("/WEB-INF/jsp/*.jsp")).permitAll(). + requestMatchers(mvc.pattern("/images/**")).permitAll(). + requestMatchers(mvc.pattern("/*")).permitAll() ).build(); } } diff --git a/wise-webapp/src/main/java/com/wisemapping/config/rest/RestAppConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/rest/RestAppConfig.java index 092fd7d6..f153a1bd 100644 --- a/wise-webapp/src/main/java/com/wisemapping/config/rest/RestAppConfig.java +++ b/wise-webapp/src/main/java/com/wisemapping/config/rest/RestAppConfig.java @@ -4,10 +4,6 @@ import org.jetbrains.annotations.NotNull; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; -import org.springframework.context.annotation.ImportResource; -import org.springframework.core.annotation.Order; -import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; -import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; @@ -21,39 +17,27 @@ import static org.springframework.security.config.Customizer.withDefaults; @SpringBootApplication @EnableWebSecurity -//@ImportResource(value = {"classpath:spring/wisemapping-rest.xml"}) @ComponentScan({"com.wisemapping.rest"}) public class RestAppConfig { @Bean - @Order(2) - SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { -// final MvcRequestMatcher.Builder matcher = new MvcRequestMatcher.Builder(introspector).servletPath("**"); -// return http -// .securityMatchers((matchers) -> -// matchers.requestMatchers(matcher.pattern(("/**")))) -// .authorizeHttpRequests(auth -> auth -// .requestMatchers(matcher.pattern("api/restfull/users/")).permitAll() -// .requestMatchers(matcher.pattern("api/restfull/users/resetPassword")).permitAll() -// .requestMatchers(matcher.pattern("api/restfull/oauth2/googlecallback")).permitAll() -// .requestMatchers(matcher.pattern("api/restfull/oauth2/confirmaccountsync")).permitAll() -// .requestMatchers(matcher.pattern("api/restfull/admin/**")).hasAnyRole("ADMIN") -// .requestMatchers(matcher.pattern("/**")) -// .authenticated() -//// .hasAnyRole("USER", "ADMIN") -// ) -// .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) -// .httpBasic(withDefaults()) -// .csrf(AbstractHttpConfigurer::disable) -// .build(); - - http.csrf().disable() - .authorizeHttpRequests() - .anyRequest() - .authenticated() - .and() - .httpBasic(withDefaults()); - return http.build(); + MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) { + return new MvcRequestMatcher.Builder(introspector); + } + @Bean + SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final MvcRequestMatcher.Builder mvc) throws Exception { + return http + .authorizeHttpRequests(auth -> auth + .requestMatchers(mvc.pattern("/api/restfull/users/")).permitAll() + .requestMatchers(mvc.pattern("/api/restfull/users/resetPassword")).permitAll() + .requestMatchers(mvc.pattern("/api/restfull/oauth2/googlecallback")).permitAll() + .requestMatchers(mvc.pattern("/api/restfull/oauth2/confirmaccountsync")).permitAll() + .requestMatchers(mvc.pattern("/api/restfull/admin/**")).hasAnyRole("ADMIN") + .requestMatchers(mvc.pattern("/**")).hasAnyRole("USER", "ADMIN") + .anyRequest().authenticated() + ) + .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .httpBasic(withDefaults()) + .csrf(AbstractHttpConfigurer::disable) + .build(); } - - }