mirror of
https://bitbucket.org/wisemapping/wisemapping-open-source.git
synced 2024-11-24 15:07:56 +01:00
Fix embedded view issue.
This commit is contained in:
parent
28dc77c501
commit
e85a670695
@ -34,6 +34,22 @@ public class SecurityConfig {
|
|||||||
firewall.setAllowSemicolon(true);
|
firewall.setAllowSemicolon(true);
|
||||||
return firewall;
|
return firewall;
|
||||||
}
|
}
|
||||||
|
@Bean
|
||||||
|
@Order(1)
|
||||||
|
public SecurityFilterChain embeddedDisabledXOrigin(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
|
||||||
|
final MvcRequestMatcher.Builder mvcMatcher = new MvcRequestMatcher.Builder(introspector).servletPath("/c");
|
||||||
|
http
|
||||||
|
.securityMatchers((matchers) ->
|
||||||
|
matchers.requestMatchers(mvcMatcher.pattern(("/maps/*/embed"))))
|
||||||
|
.authorizeHttpRequests(
|
||||||
|
(auth) -> auth.requestMatchers(mvcMatcher.pattern("/maps/*/embed")).permitAll())
|
||||||
|
.headers((header -> header.frameOptions()
|
||||||
|
.disable()
|
||||||
|
))
|
||||||
|
.csrf(AbstractHttpConfigurer::disable);
|
||||||
|
|
||||||
|
return http.build();
|
||||||
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@Order(2)
|
@Order(2)
|
||||||
@ -59,7 +75,7 @@ public class SecurityConfig {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@Order(1)
|
@Order(3)
|
||||||
public SecurityFilterChain mvcFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
|
public SecurityFilterChain mvcFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
|
||||||
final AuthenticationSuccessHandler authenticationSuccessHandler = new AuthenticationSuccessHandler();
|
final AuthenticationSuccessHandler authenticationSuccessHandler = new AuthenticationSuccessHandler();
|
||||||
authenticationSuccessHandler.setAlwaysUseDefaultTargetUrl(false);
|
authenticationSuccessHandler.setAlwaysUseDefaultTargetUrl(false);
|
||||||
@ -84,7 +100,6 @@ public class SecurityConfig {
|
|||||||
|
|
||||||
.requestMatchers(mvcMatcher.pattern("/forgot-password")).permitAll()
|
.requestMatchers(mvcMatcher.pattern("/forgot-password")).permitAll()
|
||||||
.requestMatchers(mvcMatcher.pattern("/forgot-password-success")).permitAll()
|
.requestMatchers(mvcMatcher.pattern("/forgot-password-success")).permitAll()
|
||||||
.requestMatchers(mvcMatcher.pattern("/maps/*/embed")).permitAll()
|
|
||||||
.requestMatchers(mvcMatcher.pattern("/maps/*/try")).permitAll()
|
.requestMatchers(mvcMatcher.pattern("/maps/*/try")).permitAll()
|
||||||
.requestMatchers(mvcMatcher.pattern("/maps/*/public")).permitAll()
|
.requestMatchers(mvcMatcher.pattern("/maps/*/public")).permitAll()
|
||||||
.requestMatchers(restfullMapper.pattern("/maps/*/document/xml-pub")).permitAll()
|
.requestMatchers(restfullMapper.pattern("/maps/*/document/xml-pub")).permitAll()
|
||||||
@ -108,7 +123,9 @@ public class SecurityConfig {
|
|||||||
.tokenValiditySeconds(2419200)
|
.tokenValiditySeconds(2419200)
|
||||||
.rememberMeParameter("remember-me"
|
.rememberMeParameter("remember-me"
|
||||||
).authenticationSuccessHandler(authenticationSuccessHandler)
|
).authenticationSuccessHandler(authenticationSuccessHandler)
|
||||||
)
|
).headers((header -> header.frameOptions()
|
||||||
|
.disable()
|
||||||
|
))
|
||||||
.csrf((csrf) ->
|
.csrf((csrf) ->
|
||||||
csrf.ignoringRequestMatchers(mvcMatcher.pattern("/logout")));
|
csrf.ignoringRequestMatchers(mvcMatcher.pattern("/logout")));
|
||||||
|
|
||||||
@ -116,7 +133,7 @@ public class SecurityConfig {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@Order(3)
|
@Order(4)
|
||||||
public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
|
public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
|
||||||
final MvcRequestMatcher.Builder restfullMapper = new MvcRequestMatcher.Builder(introspector);
|
final MvcRequestMatcher.Builder restfullMapper = new MvcRequestMatcher.Builder(introspector);
|
||||||
|
|
||||||
@ -130,6 +147,8 @@ public class SecurityConfig {
|
|||||||
).build();
|
).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public UserDetailsService userDetailsService() {
|
public UserDetailsService userDetailsService() {
|
||||||
final UserDetailsService result = new UserDetailsService();
|
final UserDetailsService result = new UserDetailsService();
|
||||||
|
Loading…
Reference in New Issue
Block a user