Compare commits

...

2 Commits

Author SHA1 Message Date
Paulo Gustavo Veiga
d03a9e5eea Fix controller loading. 2024-01-21 15:42:02 -08:00
Paulo Gustavo Veiga
50a0c340b2 Improve security filter code. 2024-01-21 15:18:07 -08:00
9 changed files with 47 additions and 31 deletions

View File

@ -1,11 +1,7 @@
package com.wisemapping.config; package com.wisemapping;
import com.wisemapping.config.common.CommonConfig; import com.wisemapping.config.common.CommonConfig;
import com.wisemapping.config.common.HibernateConfig;
import com.wisemapping.config.mvc.MvcAppConfig; import com.wisemapping.config.mvc.MvcAppConfig;
import com.wisemapping.config.rest.InterceptorsConfig;
import com.wisemapping.config.common.SecurityConfig;
import com.wisemapping.config.rest.ServletConfig;
import com.wisemapping.config.rest.RestAppConfig; import com.wisemapping.config.rest.RestAppConfig;
import org.springframework.boot.WebApplicationType; import org.springframework.boot.WebApplicationType;
import org.springframework.boot.builder.SpringApplicationBuilder; import org.springframework.boot.builder.SpringApplicationBuilder;
@ -17,8 +13,8 @@ public class Application {
public static void main(String[] args) { public static void main(String[] args) {
new SpringApplicationBuilder() new SpringApplicationBuilder()
.parent(CommonConfig.class).web(WebApplicationType.NONE) .parent(CommonConfig.class).web(WebApplicationType.NONE)
.child(MvcAppConfig.class).web(WebApplicationType.SERVLET) .child(RestAppConfig.class).web(WebApplicationType.SERVLET)
.sibling(RestAppConfig.class).web(WebApplicationType.SERVLET) // .sibling(MvcAppConfig.class).web(WebApplicationType.SERVLET)
.run(args); .run(args);
} }

View File

@ -1,17 +1,17 @@
package com.wisemapping.config.common; package com.wisemapping.config.common;
import com.wisemapping.config.rest.ServletConfig;
import com.wisemapping.dao.LabelManagerImpl; import com.wisemapping.dao.LabelManagerImpl;
import com.wisemapping.model.Mindmap;
import com.wisemapping.security.AuthenticationProvider; import com.wisemapping.security.AuthenticationProvider;
import com.wisemapping.service.MindmapServiceImpl; import com.wisemapping.service.MindmapServiceImpl;
import com.wisemapping.util.VelocityEngineUtils; import com.wisemapping.util.VelocityEngineUtils;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.ImportResource; import org.springframework.context.annotation.ImportResource;
@Configuration @ComponentScan(basePackageClasses = {AuthenticationProvider.class, MindmapServiceImpl.class, LabelManagerImpl.class, VelocityEngineUtils.class})
@Import({HibernateConfig.class, SecurityConfig.class})
@EnableAutoConfiguration
@ImportResource(value = {"classpath:spring/wisemapping-mail.xml"}) @ImportResource(value = {"classpath:spring/wisemapping-mail.xml"})
@ComponentScan(basePackageClasses = {HibernateConfig.class, SecurityConfig.class, AuthenticationProvider.class, MindmapServiceImpl.class, LabelManagerImpl.class, VelocityEngineUtils.class})
public class CommonConfig { public class CommonConfig {
} }

View File

@ -1,15 +1,15 @@
package com.wisemapping.config.common; package com.wisemapping.config.common;
import com.wisemapping.dao.MindmapManagerImpl;
import com.wisemapping.model.User; import com.wisemapping.model.User;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import com.wisemapping.service.MindmapServiceImpl;
import org.springframework.boot.autoconfigure.domain.EntityScan; import org.springframework.boot.autoconfigure.domain.EntityScan;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.data.jpa.repository.config.EnableJpaRepositories; import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
@Configuration @Configuration
@EnableAutoConfiguration @EnableJpaRepositories(basePackageClasses={MindmapServiceImpl.class, MindmapManagerImpl.class})
@EnableJpaRepositories(basePackages={"com.wisemapping.dao","com.wisemapping.service"})
@EntityScan(basePackageClasses= User.class) @EntityScan(basePackageClasses= User.class)
public class HibernateConfig { public class HibernateConfig {

View File

@ -26,8 +26,8 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration //@Configuration
@ComponentScan(basePackageClasses = UserLocaleInterceptor.class) //@ComponentScan(basePackageClasses = UserLocaleInterceptor.class)
public class InterceptorsConfig implements WebMvcConfigurer { public class InterceptorsConfig implements WebMvcConfigurer {
@Autowired @Autowired
private UserLocaleInterceptor userLocaleInterceptor; private UserLocaleInterceptor userLocaleInterceptor;

View File

@ -1,11 +1,9 @@
package com.wisemapping.config.mvc; package com.wisemapping.config.mvc;
import com.wisemapping.webmvc.MvcMindmapController; import com.wisemapping.webmvc.MvcMindmapController;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.HandlerExceptionResolver; import org.springframework.web.servlet.HandlerExceptionResolver;
import org.springframework.web.servlet.ViewResolver; import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.EnableWebMvc;
@ -16,8 +14,9 @@ import org.springframework.web.servlet.view.InternalResourceViewResolver;
import org.springframework.web.servlet.view.JstlView; import org.springframework.web.servlet.view.JstlView;
@SpringBootApplication(scanBasePackageClasses = {MvcMindmapController.class, MvcSecurityConfig.class}) //@SpringBootApplication
@EnableWebMvc //@Import({MvcMindmapController.class, MvcSecurityConfig.class})
//@EnableWebMvc
public class MvcAppConfig implements WebMvcConfigurer { public class MvcAppConfig implements WebMvcConfigurer {
@Override @Override
public void addResourceHandlers(ResourceHandlerRegistry registry) { public void addResourceHandlers(ResourceHandlerRegistry registry) {

View File

@ -23,7 +23,6 @@ import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

View File

@ -1,13 +1,13 @@
package com.wisemapping.config.rest; package com.wisemapping.config.rest;
import com.wisemapping.rest.MindmapController; import com.wisemapping.rest.MindmapController;
import jakarta.servlet.http.HttpServletResponse;
import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.NotNull;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
@ -17,7 +17,9 @@ import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
import static org.springframework.security.config.Customizer.withDefaults; import static org.springframework.security.config.Customizer.withDefaults;
@SpringBootApplication(scanBasePackageClasses = {MindmapController.class, ServletConfig.class}) @SpringBootApplication(scanBasePackageClasses = MindmapController.class)
@Import({ServletConfig.class, InterceptorsConfig.class})
@EnableWebSecurity
public class RestAppConfig { public class RestAppConfig {
@Bean @Bean
MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) { MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
@ -27,7 +29,7 @@ public class RestAppConfig {
@Bean @Bean
SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final MvcRequestMatcher.Builder mvc) throws Exception { SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final MvcRequestMatcher.Builder mvc) throws Exception {
return http return http
.csrf(AbstractHttpConfigurer::disable) .securityMatcher("/**")
.authorizeHttpRequests(auth -> auth .authorizeHttpRequests(auth -> auth
.requestMatchers(mvc.pattern("/api/restfull/users/")).permitAll() .requestMatchers(mvc.pattern("/api/restfull/users/")).permitAll()
.requestMatchers(mvc.pattern("/api/restfull/users/resetPassword")).permitAll() .requestMatchers(mvc.pattern("/api/restfull/users/resetPassword")).permitAll()
@ -37,6 +39,11 @@ public class RestAppConfig {
.requestMatchers(mvc.pattern("/**")).hasAnyRole("USER", "ADMIN") .requestMatchers(mvc.pattern("/**")).hasAnyRole("USER", "ADMIN")
.anyRequest().authenticated() .anyRequest().authenticated()
) )
.logout(logout -> logout.permitAll()
.logoutSuccessHandler((request, response, authentication) -> {
response.setStatus(HttpServletResponse.SC_OK);
}))
.csrf(AbstractHttpConfigurer::disable)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.httpBasic(withDefaults()) .httpBasic(withDefaults())
.build(); .build();

View File

@ -1,3 +1,20 @@
/*
* Copyright [2022] [wisemapping]
*
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
* It is basically the Apache License, Version 2.0 (the "License") plus the
* "powered by wisemapping" text requirement on every single page;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the license at
*
* http://www.wisemapping.org/license
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.wisemapping.config.rest; package com.wisemapping.config.rest;
import org.springframework.boot.web.server.WebServerFactoryCustomizer; import org.springframework.boot.web.server.WebServerFactoryCustomizer;

View File

@ -26,15 +26,13 @@ import com.wisemapping.model.User;
import com.wisemapping.rest.model.RestUser; import com.wisemapping.rest.model.RestUser;
import com.wisemapping.service.MindmapService; import com.wisemapping.service.MindmapService;
import com.wisemapping.service.UserService; import com.wisemapping.service.UserService;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
import java.util.List; import java.util.List;