First steps on csfr impl

This commit is contained in:
Paulo Gustavo Veiga 2022-02-19 12:39:38 -08:00
parent bea7bea486
commit e1bd2630aa
5 changed files with 3908 additions and 18 deletions

3879
wise-webapp/out Normal file

File diff suppressed because one or more lines are too long

View File

@ -17,6 +17,7 @@
<org.springframework.addons>5.3.5.RELEASE</org.springframework.addons>
<hibernate.version>5.6.5.Final</hibernate.version>
<hibernate-validator.version>6.0.21.Final</hibernate-validator.version>
<spring-security-taglibs.version>5.6.1</spring-security-taglibs.version>
</properties>
<dependencies>
@ -68,6 +69,11 @@
<version>${org.springframework.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring-security-taglibs.version}</version>
</dependency>
<!-- Hibernate -->
<dependency>
<groupId>org.hibernate</groupId>

View File

@ -17,10 +17,6 @@
<sec:http pattern="/static/webapp/**" security="none"/>
<sec:http pattern="/static/mindplot/**" security="none"/>
<sec:http pattern="/c/login" security="none"/>
<sec:http pattern="/c/registration" security="none"/>
<sec:http pattern="/c/forgot-password" security="none"/>
<sec:http pattern="/css/**" security="none"/>
<sec:http pattern="/js/**" security="none"/>
<sec:http pattern="/images/**" security="none"/>
@ -43,12 +39,13 @@
<!-- Admin related services that required admin role-->
<sec:http use-expressions="true" create-session="stateless" pattern="/service/**">
<sec:csrf disabled="true"/>
<sec:csrf/>
<!-- Enabled only for cors -->
<sec:intercept-url pattern="/service/users" method="OPTIONS" access="permitAll"/>
<sec:intercept-url pattern="/service/users/resetPassword" method="OPTIONS" access="permitAll"/>
<sec:intercept-url pattern="/service/users/" method="POST" access="permitAll"/>
<sec:intercept-url pattern="/service/users/resetPassword" method="PUT" access="permitAll"/>
@ -59,14 +56,15 @@
<sec:http-basic/>
</sec:http>
<sec:http use-expressions="true">
<sec:csrf disabled="true"/>
<sec:access-denied-handler error-page="/c/login"/>
<sec:intercept-url pattern="/c/restful/admin/users/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
<sec:intercept-url pattern="/c/restful/admin/database/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
<sec:http use-expressions="true" pattern="/c/**/*">
<sec:intercept-url pattern="/c/login" access="hasRole('ANONYMOUS')"/>
<sec:intercept-url pattern="/c/logout" access="hasRole('ANONYMOUS')"/>
<sec:intercept-url pattern="/c/registration" access="hasRole('ANONYMOUS')"/>
<sec:intercept-url pattern="/c/forgot-password" access="hasRole('ANONYMOUS')"/>
<sec:intercept-url pattern="/c/**/*" access="isAuthenticated() and hasRole('ROLE_USER')"/>
<sec:csrf/>
<sec:access-denied-handler error-page="/c/login"/>
<sec:form-login login-page="/c/login"
authentication-success-handler-ref="authenticationSuccessHandler"
always-use-default-target="false"
@ -76,8 +74,14 @@
<!-- Expire in 28 days -->
<sec:remember-me token-validity-seconds="2419200" remember-me-parameter="remember-me"/>
<sec:logout logout-url="/c/logout" invalidate-session="true" logout-success-url="/c/login"/>
<sec:csrf token-repository-ref="tokenRepository"/>
</sec:http>
<bean id="tokenRepository"
class="org.springframework.security.web.csrf.CookieCsrfTokenRepository">
<property name="cookieHttpOnly" value="true"/>
</bean>
<import resource="wisemapping-security-${security.type}.xml"/>
<bean id="userDetailsService" class="com.wisemapping.security.UserDetailsService">

View File

@ -1,23 +1,25 @@
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="theme-color" content="#000000" />
<meta name="author" content="WiseMapping">
<meta name="publisher" content="WiseMapping">
<meta name="author" content="wisemapping">
<meta name="publisher" content="wisemapping">
<meta name="keywords"
content="mindmap,mind map,mind maps,mindmaps,ideas,brainstorming,organize,thoughts,structure,collaboration,free,fast,simple,online,tool,knowledge,share,sharing,publish">
<meta name="description"
content="WiseMapping is a free, fast and simple online mind mapping editor for individuals and business. Sign up to start organizing and sharing your ideas and thoughts.">
content="wisemapping is a free, fast and simple online mind mapping editor for individuals and business. sign up to start organizing and sharing your ideas and thoughts.">
<meta property="og:title" content="WiseMapping"/>
<meta property="og:title" content="wisemapping"/>
<meta property="og:type" content="website"/>
<meta property="og:url" content="http://www.wisemapping.com"/>
<meta property="og:image" content="http://www.wisemapping.com/images/logo.png"/>
<meta property="og:site_name" content="WiseMapping.com"/>
<meta property="og:site_name" content="wisemapping.com"/>
<link rel="icon" href="../../favicon.ico" type="image/x-icon"/>
<link rel="apple-touch-icon" href="../../favicon.png" />
<link rel="shortcut icon" href="../../favicon.ico" type="image/x-icon"/>
<sec:csrfMetaTags />
<link rel="manifest" href="../../manifest.json" />

View File

@ -8,7 +8,6 @@
<base href="${requestScope['site.baseurl']}/static/webapp/">
<link rel="preconnect" href="https://fonts.gstatic.com" />
<link href="https://fonts.googleapis.com/css2?family=Montserrat:wght@100;200;300;400;600&display=swap" rel="stylesheet" />
<%@ include file="/jsp/pageHeaders.jsf" %>
<title>Loading | WiseMapping</title>