Fix embedded view issue.

This commit is contained in:
Paulo Gustavo Veiga 2023-08-23 08:15:39 -07:00
parent 28dc77c501
commit e85a670695

View File

@ -34,6 +34,22 @@ public class SecurityConfig {
firewall.setAllowSemicolon(true); firewall.setAllowSemicolon(true);
return firewall; return firewall;
} }
@Bean
@Order(1)
public SecurityFilterChain embeddedDisabledXOrigin(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
final MvcRequestMatcher.Builder mvcMatcher = new MvcRequestMatcher.Builder(introspector).servletPath("/c");
http
.securityMatchers((matchers) ->
matchers.requestMatchers(mvcMatcher.pattern(("/maps/*/embed"))))
.authorizeHttpRequests(
(auth) -> auth.requestMatchers(mvcMatcher.pattern("/maps/*/embed")).permitAll())
.headers((header -> header.frameOptions()
.disable()
))
.csrf(AbstractHttpConfigurer::disable);
return http.build();
}
@Bean @Bean
@Order(2) @Order(2)
@ -59,7 +75,7 @@ public class SecurityConfig {
} }
@Bean @Bean
@Order(1) @Order(3)
public SecurityFilterChain mvcFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { public SecurityFilterChain mvcFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
final AuthenticationSuccessHandler authenticationSuccessHandler = new AuthenticationSuccessHandler(); final AuthenticationSuccessHandler authenticationSuccessHandler = new AuthenticationSuccessHandler();
authenticationSuccessHandler.setAlwaysUseDefaultTargetUrl(false); authenticationSuccessHandler.setAlwaysUseDefaultTargetUrl(false);
@ -84,7 +100,6 @@ public class SecurityConfig {
.requestMatchers(mvcMatcher.pattern("/forgot-password")).permitAll() .requestMatchers(mvcMatcher.pattern("/forgot-password")).permitAll()
.requestMatchers(mvcMatcher.pattern("/forgot-password-success")).permitAll() .requestMatchers(mvcMatcher.pattern("/forgot-password-success")).permitAll()
.requestMatchers(mvcMatcher.pattern("/maps/*/embed")).permitAll()
.requestMatchers(mvcMatcher.pattern("/maps/*/try")).permitAll() .requestMatchers(mvcMatcher.pattern("/maps/*/try")).permitAll()
.requestMatchers(mvcMatcher.pattern("/maps/*/public")).permitAll() .requestMatchers(mvcMatcher.pattern("/maps/*/public")).permitAll()
.requestMatchers(restfullMapper.pattern("/maps/*/document/xml-pub")).permitAll() .requestMatchers(restfullMapper.pattern("/maps/*/document/xml-pub")).permitAll()
@ -108,7 +123,9 @@ public class SecurityConfig {
.tokenValiditySeconds(2419200) .tokenValiditySeconds(2419200)
.rememberMeParameter("remember-me" .rememberMeParameter("remember-me"
).authenticationSuccessHandler(authenticationSuccessHandler) ).authenticationSuccessHandler(authenticationSuccessHandler)
) ).headers((header -> header.frameOptions()
.disable()
))
.csrf((csrf) -> .csrf((csrf) ->
csrf.ignoringRequestMatchers(mvcMatcher.pattern("/logout"))); csrf.ignoringRequestMatchers(mvcMatcher.pattern("/logout")));
@ -116,7 +133,7 @@ public class SecurityConfig {
} }
@Bean @Bean
@Order(3) @Order(4)
public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
final MvcRequestMatcher.Builder restfullMapper = new MvcRequestMatcher.Builder(introspector); final MvcRequestMatcher.Builder restfullMapper = new MvcRequestMatcher.Builder(introspector);
@ -130,6 +147,8 @@ public class SecurityConfig {
).build(); ).build();
} }
@Bean @Bean
public UserDetailsService userDetailsService() { public UserDetailsService userDetailsService() {
final UserDetailsService result = new UserDetailsService(); final UserDetailsService result = new UserDetailsService();