Compare commits

..

No commits in common. "6f528835bfd9035e6da56fee71c4f67f6a13e92d" and "34318c1e3f70d1efd97eb384fedc0ac797802f32" have entirely different histories.

7 changed files with 81 additions and 38 deletions

View File

@ -1,48 +1,16 @@
package com.wisemapping.config.common; package com.wisemapping.config.common;
import com.wisemapping.dao.LabelManagerImpl; import com.wisemapping.dao.LabelManagerImpl;
import com.wisemapping.model.User;
import com.wisemapping.security.AuthenticationProvider; import com.wisemapping.security.AuthenticationProvider;
import com.wisemapping.security.Utils;
import com.wisemapping.service.MindmapServiceImpl; import com.wisemapping.service.MindmapServiceImpl;
import com.wisemapping.util.VelocityEngineUtils; import com.wisemapping.util.VelocityEngineUtils;
import jakarta.servlet.http.HttpServletRequest;
import org.jetbrains.annotations.Nullable;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Import; import org.springframework.context.annotation.Import;
import org.springframework.web.servlet.LocaleResolver; import org.springframework.context.annotation.ImportResource;
import org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver;
import java.util.Locale;
@ComponentScan(basePackageClasses = {AuthenticationProvider.class, MindmapServiceImpl.class, LabelManagerImpl.class, VelocityEngineUtils.class}) @ComponentScan(basePackageClasses = {AuthenticationProvider.class, MindmapServiceImpl.class, LabelManagerImpl.class, VelocityEngineUtils.class})
@Import({JPAConfig.class, SecurityConfig.class}) @Import({JPAConfig.class, SecurityConfig.class})
@EnableAutoConfiguration @EnableAutoConfiguration
public class CommonConfig { public class CommonConfig {
@Bean
public LocaleResolver localeResolver() {
final LocaleResolver localeResolver = new AcceptHeaderLocaleResolver() {
@Override
public Locale resolveLocale(@Nullable HttpServletRequest request) {
final User user = Utils.getUser();
Locale result;
String locale = user.getLocale();
if (user != null && locale != null) {
final String locales[] = locale.split("_");
Locale.Builder builder = new Locale.Builder().setLanguage(locales[0]);
if (locales.length > 1) {
builder.setVariant(locales[1]);
} }
result = builder.build();
} else {
result = super.resolveLocale(request);
}
return result;
}
};
return localeResolver;
}
}

View File

@ -18,6 +18,7 @@
package com.wisemapping.config.rest; package com.wisemapping.config.rest;
import com.wisemapping.filter.RequestPropertiesInterceptor; import com.wisemapping.filter.RequestPropertiesInterceptor;
import com.wisemapping.filter.UserLocaleInterceptor;
import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.ComponentScan;
@ -26,14 +27,17 @@ import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration @Configuration
@ComponentScan(basePackageClasses = RequestPropertiesInterceptor.class) @ComponentScan(basePackageClasses = UserLocaleInterceptor.class)
public class InterceptorsConfig implements WebMvcConfigurer { public class InterceptorsConfig implements WebMvcConfigurer {
@Autowired
private UserLocaleInterceptor userLocaleInterceptor;
@Autowired @Autowired
private RequestPropertiesInterceptor requestPropertiesInterceptor; private RequestPropertiesInterceptor requestPropertiesInterceptor;
@Override @Override
public void addInterceptors(@NotNull final InterceptorRegistry registry) { public void addInterceptors(@NotNull final InterceptorRegistry registry) {
registry.addInterceptor(userLocaleInterceptor);
registry.addInterceptor(requestPropertiesInterceptor); registry.addInterceptor(requestPropertiesInterceptor);
} }
} }

View File

@ -39,9 +39,8 @@ public class RestAppConfig {
.securityMatcher("/**") .securityMatcher("/**")
.addFilterAfter(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class) .addFilterAfter(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
.authorizeHttpRequests(auth -> auth .authorizeHttpRequests(auth -> auth
.requestMatchers(mvc.pattern("/api/restful/authenticate")).permitAll()
.requestMatchers(mvc.pattern("/api/restful/users/")).permitAll() .requestMatchers(mvc.pattern("/api/restful/users/")).permitAll()
.requestMatchers(mvc.pattern("/api/restful/maps/*/document/xml-pub")).permitAll() .requestMatchers(mvc.pattern("/api/restful/authenticate")).permitAll()
.requestMatchers(mvc.pattern("/api/restful/users/resetPassword")).permitAll() .requestMatchers(mvc.pattern("/api/restful/users/resetPassword")).permitAll()
.requestMatchers(mvc.pattern("/api/restful/oauth2/googlecallback")).permitAll() .requestMatchers(mvc.pattern("/api/restful/oauth2/googlecallback")).permitAll()
.requestMatchers(mvc.pattern("/api/restful/oauth2/confirmaccountsync")).permitAll() .requestMatchers(mvc.pattern("/api/restful/oauth2/confirmaccountsync")).permitAll()

View File

@ -0,0 +1,57 @@
/*
* Copyright [2022] [wisemapping]
*
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
* It is basically the Apache License, Version 2.0 (the "License") plus the
* "powered by wisemapping" text requirement on every single page;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the license at
*
* http://www.wisemapping.org/license
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.wisemapping.filter;
import com.wisemapping.model.User;
import com.wisemapping.security.Utils;
import org.jetbrains.annotations.NotNull;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.i18n.SessionLocaleResolver;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.util.Locale;
@Component
public class UserLocaleInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(@NotNull HttpServletRequest request, @NotNull HttpServletResponse response, Object object) throws Exception {
final HttpSession session = request.getSession(false);
User user = Utils.getUser(false);
if (user != null && session != null) {
String userLocale = user.getLocale();
final Locale sessionLocale = (Locale) session.getAttribute(SessionLocaleResolver.LOCALE_SESSION_ATTRIBUTE_NAME);
if ((userLocale != null) && ((sessionLocale == null) || (!userLocale.equals(sessionLocale.toString())))) {
Locale locale;
if (userLocale.contains("_")) {
final String[] spit = userLocale.split("_");
locale = new Locale(spit[0], spit[1]);
} else {
locale = new Locale(userLocale);
}
session.setAttribute(SessionLocaleResolver.LOCALE_SESSION_ATTRIBUTE_NAME, locale);
}
}
return true;
}
}

View File

@ -250,7 +250,7 @@ public class MindmapController extends BaseController {
@NotNull @NotNull
private Mindmap findMindmapById(int id) throws MapCouldNotFoundException, AccessDeniedSecurityException { private Mindmap findMindmapById(int id) throws MapCouldNotFoundException, AccessDeniedSecurityException {
// Has enough permissions ? // Has enough permissions ?
final User user = Utils.getUser(); final User user = Utils.getUser(true);
if (!mindmapService.hasPermissions(user, id, CollaborationRole.VIEWER)) { if (!mindmapService.hasPermissions(user, id, CollaborationRole.VIEWER)) {
throw new AccessDeniedSecurityException(id, user); throw new AccessDeniedSecurityException(id, user);
} }

0
wise-api/src/main/resources/application.yml Normal file → Executable file
View File

View File

@ -0,0 +1,15 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="defaultEncoding" value="UTF-8"/>
<property name="basenames">
<list>
<value>messages</value>
</list>
</property>
</bean>
</beans>