zhouxy108/wisemapping-open-source
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Migrate authentication to beans.

Browse Source
This commit is contained in:
Paulo Gustavo Veiga
2023-07-28 22:46:38 -07:00
parent f72b89d59a
commit a66dff8ae4
68 changed files with 423 additions and 522 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
wise-webapp/src/main/java/com/wisemapping/config/SecurityConfig.java Normal file
View File

@@ -0,0 +1,126 @@
package com.wisemapping.config;
import com.wisemapping.security.AuthenticationSuccessHandler;
import com.wisemapping.security.UserDetailsService;
import com.wisemapping.service.UserService;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
@Configuration
@EnableWebSecurity(debug = true)
public class SecurityConfig {
@Autowired
UserService userService;
@Value("${admin.user}")
String adminUser;
@Bean
public StrictHttpFirewall httpFirewall() {
StrictHttpFirewall firewall = new StrictHttpFirewall();
firewall.setAllowSemicolon(true);
return firewall;
}
@Bean
@Order(2)
SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
final MvcRequestMatcher.Builder serviceMapper = new MvcRequestMatcher.Builder(introspector).servletPath("/service");
return http
.securityMatchers((matchers) ->
matchers.requestMatchers(serviceMapper.pattern(("/**"))))
.authorizeHttpRequests(auth ->
auth
.requestMatchers("/users/").permitAll()
.requestMatchers("/users/resetPassword").permitAll()
.requestMatchers("/oauth2/googlecallback").permitAll()
.requestMatchers("/oauth2/confirmaccountsync").permitAll()
.requestMatchers("/admin/**").hasAnyRole("ADMIN")
.requestMatchers("/**").hasAnyRole("USER", "ADMIN")
)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.httpBasic(httpBasic -> {
})
.csrf(AbstractHttpConfigurer::disable)
.build();
}
@Bean
@Order(1)
public SecurityFilterChain filterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
final AuthenticationSuccessHandler authenticationSuccessHandler = new AuthenticationSuccessHandler();
authenticationSuccessHandler.setAlwaysUseDefaultTargetUrl(false);
authenticationSuccessHandler.setDefaultTargetUrl("/c/maps/");
final MvcRequestMatcher.Builder restfullMapper = new MvcRequestMatcher.Builder(introspector).servletPath("/c/restful");
final MvcRequestMatcher.Builder mvcMatcher = new MvcRequestMatcher.Builder(introspector).servletPath("/c");
http
.securityMatchers((matchers) ->
matchers.requestMatchers(restfullMapper.pattern(("/**"))).
requestMatchers(mvcMatcher.pattern(("/**"))))
.authorizeHttpRequests(
(auth) ->
auth
.requestMatchers("/login", "logout").permitAll()
.requestMatchers("/registration", "registration-success").permitAll()
.requestMatchers("/registration-google").permitAll()
.requestMatchers("/forgot-password", "/forgot-password-success").permitAll()
.requestMatchers("/maps/*/embed").permitAll()
.requestMatchers("/maps/*/try").permitAll()
.requestMatchers("/maps/*/public").permitAll()
.requestMatchers("/restful/maps/*/document/xml-pub").permitAll()
.requestMatchers("/**").hasAnyRole("USER", "ADMIN")
.anyRequest().authenticated())
.formLogin((loginForm) ->
loginForm.loginPage("/c/login")
.loginProcessingUrl("/c/perform-login")
.defaultSuccessUrl("/c/maps/")
.failureUrl("/c/login?login_error=2"))
.logout((logout) ->
logout
.logoutUrl("/c/logout")
.logoutSuccessUrl("/c/login")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.permitAll()
).rememberMe(remember ->
remember
.tokenValiditySeconds(2419200)
.rememberMeParameter("remember-me"
).authenticationSuccessHandler(authenticationSuccessHandler)
)
.csrf((csrf) ->
csrf.ignoringRequestMatchers("/logout"));
return http.build();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring().requestMatchers("/static/**", "/css/**", "/js/**", "/images/**");
}
@Bean
public UserDetailsService userDetailsService() {
final UserDetailsService result = new UserDetailsService();
result.setUserService(userService);
result.setAdminUser(adminUser);
return result;
}
}

2
wise-webapp/src/main/java/com/wisemapping/dao/MindmapManagerImpl.java
View File

@@ -20,6 +20,7 @@ package com.wisemapping.dao;
import com.wisemapping.model.*;
import com.wisemapping.util.ZipUtils;
import jakarta.persistence.Query;
import org.hibernate.Criteria;
import org.hibernate.criterion.Junction;
import org.hibernate.criterion.Order;
@@ -30,7 +31,6 @@ import org.jetbrains.annotations.Nullable;
import org.springframework.orm.hibernate5.HibernateTemplate;
import org.springframework.orm.hibernate5.support.HibernateDaoSupport;
import javax.persistence.Query;
import java.io.IOException;
import java.util.Calendar;
import java.util.List;

2
wise-webapp/src/main/java/com/wisemapping/exceptions/InvalidEmailException.java
View File

@@ -21,7 +21,7 @@ package com.wisemapping.exceptions;
import org.springframework.lang.Nullable;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class InvalidEmailException
extends ClientException {

2
wise-webapp/src/main/java/com/wisemapping/exceptions/InvalidMindmapException.java
View File

@@ -21,7 +21,7 @@ package com.wisemapping.exceptions;
import org.springframework.lang.Nullable;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class InvalidMindmapException
extends ClientException {

2
wise-webapp/src/main/java/com/wisemapping/exceptions/MapCouldNotFoundException.java
View File

@@ -19,7 +19,7 @@
package com.wisemapping.exceptions;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class MapCouldNotFoundException
extends ClientException

2
wise-webapp/src/main/java/com/wisemapping/exceptions/OAuthAuthenticationException.java
View File

@@ -3,7 +3,7 @@ package com.wisemapping.exceptions;
import com.wisemapping.service.google.http.HttpInvokerException;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class OAuthAuthenticationException extends WiseMappingException {

2
wise-webapp/src/main/java/com/wisemapping/exceptions/PasswordTooLongException.java
View File

@@ -19,7 +19,7 @@
package com.wisemapping.exceptions;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class PasswordTooLongException
extends ClientException {

2
wise-webapp/src/main/java/com/wisemapping/exceptions/TooManyInactiveAccountsExceptions.java
View File

@@ -19,7 +19,7 @@
package com.wisemapping.exceptions;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class TooManyInactiveAccountsExceptions
extends ClientException {

2
wise-webapp/src/main/java/com/wisemapping/rest/ValidationException.java → wise-webapp/src/main/java/com/wisemapping/exceptions/ValidationException.java
View File

@@ -16,7 +16,7 @@
* limitations under the License.
*/
package com.wisemapping.rest;
package com.wisemapping.exceptions;
import com.wisemapping.exceptions.WiseMappingException;

14
wise-webapp/src/main/java/com/wisemapping/filter/CorsFilter.java
View File

@@ -20,13 +20,13 @@ package com.wisemapping.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletResponse;
/**
*

4
wise-webapp/src/main/java/com/wisemapping/filter/RequestPropertiesInterceptor.java
View File

@@ -22,8 +22,8 @@ import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
public class RequestPropertiesInterceptor implements HandlerInterceptor {

7
wise-webapp/src/main/java/com/wisemapping/filter/UserLocaleInterceptor.java
View File

@@ -22,12 +22,11 @@ import com.wisemapping.model.User;
import com.wisemapping.security.Utils;
import org.jetbrains.annotations.NotNull;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.web.servlet.i18n.SessionLocaleResolver;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.util.Locale;
public class UserLocaleInterceptor implements HandlerInterceptor {

6
wise-webapp/src/main/java/com/wisemapping/listener/UnlockOnExpireListener.java
View File

@@ -31,9 +31,9 @@ import org.apache.logging.log4j.Logger;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import jakarta.servlet.ServletContext;
import jakarta.servlet.http.HttpSessionEvent;
import jakarta.servlet.http.HttpSessionListener;
public class UnlockOnExpireListener implements HttpSessionListener {
private static final Logger logger = LogManager.getLogger();

2
wise-webapp/src/main/java/com/wisemapping/mail/Mailer.java
View File

@@ -21,11 +21,11 @@ package com.wisemapping.mail;
import com.wisemapping.util.VelocityEngineUtils;
import com.wisemapping.util.VelocityEngineWrapper;
import org.jetbrains.annotations.NotNull;
import org.springframework.mail.javamail.JavaMailSender;
import org.springframework.mail.javamail.MimeMessageHelper;
import org.springframework.mail.javamail.MimeMessagePreparator;
import jakarta.validation.constraints.NotNull;
import java.nio.charset.StandardCharsets;
import java.util.Map;

2
wise-webapp/src/main/java/com/wisemapping/mail/NotificationService.java
View File

@@ -32,7 +32,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.context.support.ResourceBundleMessageSource;
import javax.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;

2
wise-webapp/src/main/java/com/wisemapping/model/AccessAuditory.java
View File

@@ -20,7 +20,7 @@ package com.wisemapping.model;
import org.jetbrains.annotations.NotNull;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.Serializable;
import java.util.Calendar;

4
wise-webapp/src/main/java/com/wisemapping/model/Collaboration.java
View File

@@ -21,8 +21,8 @@ package com.wisemapping.model;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import javax.validation.constraints.NotNull;
import jakarta.persistence.*;
import jakarta.validation.constraints.NotNull;
import java.io.Serializable;
import java.util.Objects;

2
wise-webapp/src/main/java/com/wisemapping/model/CollaborationProperties.java
View File

@@ -20,7 +20,7 @@ package com.wisemapping.model;
import org.jetbrains.annotations.NotNull;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.Serializable;
@Entity

2
wise-webapp/src/main/java/com/wisemapping/model/Collaborator.java
View File

@@ -22,7 +22,7 @@ import org.hibernate.annotations.CacheConcurrencyStrategy;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.Serializable;
import java.util.Calendar;
import java.util.HashSet;

2
wise-webapp/src/main/java/com/wisemapping/model/Label.java
View File

@@ -22,7 +22,7 @@ import org.hibernate.annotations.CacheConcurrencyStrategy;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.Serializable;
import java.util.Objects;

2
wise-webapp/src/main/java/com/wisemapping/model/MindMapHistory.java
View File

@@ -22,7 +22,7 @@ import com.wisemapping.util.ZipUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.IOException;
import java.util.Calendar;

2
wise-webapp/src/main/java/com/wisemapping/model/Mindmap.java
View File

@@ -30,7 +30,7 @@ import org.hibernate.annotations.NotFoundAction;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.IOException;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;

4
wise-webapp/src/main/java/com/wisemapping/model/User.java
View File

@@ -21,7 +21,7 @@ package com.wisemapping.model;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.Serializable;
import java.util.Calendar;
@@ -90,7 +90,7 @@ public class User
return password;
}
public void setPassword(@javax.validation.constraints.NotNull String password) {
public void setPassword(@jakarta.validation.constraints.NotNull String password) {
this.password = password;
}

2
wise-webapp/src/main/java/com/wisemapping/rest/AccountController.java
View File

@@ -32,6 +32,7 @@ import com.wisemapping.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
@@ -41,6 +42,7 @@ import org.springframework.web.bind.annotation.ResponseStatus;
import java.util.List;
@Controller
@PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
public class AccountController extends BaseController {
@Qualifier("userService")
@Autowired

4
wise-webapp/src/main/java/com/wisemapping/rest/AdminController.java
View File

@@ -30,14 +30,16 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.List;
@Controller
@PreAuthorize("isAuthenticated() and hasRole('ROLE_ADMIN')")
public class AdminController extends BaseController {
@Qualifier("userService")
@Autowired

7
wise-webapp/src/main/java/com/wisemapping/rest/BaseController.java
View File

@@ -20,6 +20,7 @@ package com.wisemapping.rest;
import com.wisemapping.exceptions.ClientException;
import com.wisemapping.exceptions.OAuthAuthenticationException;
import com.wisemapping.exceptions.Severity;
import com.wisemapping.exceptions.ValidationException;
import com.wisemapping.mail.NotificationService;
import com.wisemapping.model.User;
import com.wisemapping.rest.model.RestErrors;
@@ -37,9 +38,9 @@ import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.ServletContext;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.lang.reflect.UndeclaredThrowableException;
import java.util.Locale;

7
wise-webapp/src/main/java/com/wisemapping/rest/LabelController.java
View File

@@ -18,6 +18,7 @@
package com.wisemapping.rest;
import com.wisemapping.exceptions.LabelCouldNotFoundException;
import com.wisemapping.exceptions.ValidationException;
import com.wisemapping.exceptions.WiseMappingException;
import com.wisemapping.model.Label;
import com.wisemapping.model.User;
@@ -30,15 +31,17 @@ import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BeanPropertyBindingResult;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletResponse;
import java.util.List;
@Controller
@PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
public class LabelController extends BaseController {
@Qualifier("labelService")
@@ -64,7 +67,7 @@ public class LabelController extends BaseController {
response.setHeader("ResourceId", Long.toString(label.getId()));
}
@RequestMapping(method = RequestMethod.GET, value = "/labels", produces = {"application/json"})
@RequestMapping(method = RequestMethod.GET, value = "/labels/", produces = {"application/json"})
public RestLabelList retrieveList() {
final User user = Utils.getUser();
assert user != null;

4
wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java
View File

@@ -33,12 +33,13 @@ import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BeanPropertyBindingResult;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.*;
@@ -46,6 +47,7 @@ import java.util.stream.Collectors;
@Controller
@PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
public class MindmapController extends BaseController {
final Logger logger = LogManager.getLogger();

4
wise-webapp/src/main/java/com/wisemapping/rest/OAuth2Controller.java
View File

@@ -34,8 +34,8 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
@Controller

9
wise-webapp/src/main/java/com/wisemapping/rest/UserController.java
View File

@@ -35,13 +35,14 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BindException;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.Arrays;
import java.util.List;
@@ -61,7 +62,7 @@ public class UserController extends BaseController {
@Autowired
private AuthenticationManager authManager;
@Value("${google.recaptcha2.enabled}")
@Value("${google.recaptcha2.enabled:false}")
private Boolean recatchaEnabled;
@Value("${accounts.exclusion.domain:''}")
@@ -70,7 +71,7 @@ public class UserController extends BaseController {
private static final Logger logger = LogManager.getLogger();
private static final String REAL_IP_ADDRESS_HEADER = "X-Real-IP";
@RequestMapping(method = RequestMethod.POST, value = "/users", produces = { "application/json" })
@RequestMapping(method = RequestMethod.POST, value = "/users/", produces = { "application/json" })
@ResponseStatus(value = HttpStatus.CREATED)
public void registerUser(@RequestBody RestUserRegistration registration, @NotNull HttpServletRequest request,
@NotNull HttpServletResponse response) throws WiseMappingException, BindException {

6
wise-webapp/src/main/java/com/wisemapping/rest/model/RestCollaborator.java
View File

@@ -24,9 +24,9 @@ import com.wisemapping.model.Collaborator;
import com.wisemapping.util.TimeUtils;
import org.jetbrains.annotations.NotNull;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import jakarta.xml.bind.annotation.XmlAccessType;
import jakarta.xml.bind.annotation.XmlAccessorType;
import jakarta.xml.bind.annotation.XmlRootElement;
import java.util.Calendar;
@JsonAutoDetect(

6
wise-webapp/src/main/java/com/wisemapping/rest/model/RestErrors.java
View File

@@ -30,9 +30,9 @@ import org.springframework.validation.Errors;
import org.springframework.validation.FieldError;
import org.springframework.validation.ObjectError;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import jakarta.xml.bind.annotation.XmlAccessType;
import jakarta.xml.bind.annotation.XmlAccessorType;
import jakarta.xml.bind.annotation.XmlRootElement;
import java.util.*;
@JsonAutoDetect(

2
wise-webapp/src/main/java/com/wisemapping/rest/model/RestLabelList.java
View File

@@ -4,7 +4,7 @@ import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.wisemapping.model.Label;
import org.jetbrains.annotations.NotNull;
import javax.xml.bind.annotation.XmlElement;
import jakarta.xml.bind.annotation.XmlElement;
import java.util.ArrayList;
import java.util.List;

6
wise-webapp/src/main/java/com/wisemapping/rest/model/RestMindmap.java
View File

@@ -29,9 +29,9 @@ import com.wisemapping.util.TimeUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import jakarta.xml.bind.annotation.XmlAccessType;
import jakarta.xml.bind.annotation.XmlAccessorType;
import jakarta.xml.bind.annotation.XmlRootElement;
import java.io.IOException;
import java.util.Calendar;

2
wise-webapp/src/main/java/com/wisemapping/rest/model/RestMindmapList.java
View File

@@ -24,7 +24,7 @@ import com.wisemapping.model.Collaborator;
import com.wisemapping.model.Mindmap;
import org.jetbrains.annotations.NotNull;
import javax.xml.bind.annotation.XmlElement;
import jakarta.xml.bind.annotation.XmlElement;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;

6
wise-webapp/src/main/java/com/wisemapping/security/AuthenticationSuccessHandler.java
View File

@@ -23,9 +23,9 @@ import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;

44
wise-webapp/src/main/java/com/wisemapping/security/CSFRRequestMatcher.java
View File

@@ -1,44 +0,0 @@
/*
* Copyright [2022] [wisemapping]
*
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
* It is basically the Apache License, Version 2.0 (the "License") plus the
* "powered by wisemapping" text requirement on every single page;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the license at
*
* http://www.wisemapping.org/license
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.wisemapping.security;
import org.springframework.security.web.util.matcher.RequestMatcher;
import javax.servlet.http.HttpServletRequest;
import java.util.Arrays;
public class CSFRRequestMatcher implements RequestMatcher {
private String prefix;
static String[] supportedMethods = {"POST", "PUT", "GET", "DELETE", "PATCH"};
@Override
public boolean matches(HttpServletRequest request) {
final String requestURI = request.getRequestURI();
return Arrays.stream(supportedMethods).anyMatch(p -> request.getMethod().toUpperCase().equals(p))
&& requestURI.startsWith(prefix);
}
public String getPrefix() {
return prefix;
}
public void setPrefix(String prefix) {
this.prefix = prefix;
}
}

35
wise-webapp/src/main/java/com/wisemapping/security/UserDetailsService.java
View File

@@ -1,20 +1,20 @@
/*
* Copyright [2022] [wisemapping]
*
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
* It is basically the Apache License, Version 2.0 (the "License") plus the
* "powered by wisemapping" text requirement on every single page;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the license at
*
* http://www.wisemapping.org/license
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
* Copyright [2022] [wisemapping]
*
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
* It is basically the Apache License, Version 2.0 (the "License") plus the
* "powered by wisemapping" text requirement on every single page;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the license at
*
* http://www.wisemapping.org/license
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.wisemapping.security;
@@ -23,12 +23,13 @@ import com.wisemapping.model.User;
import com.wisemapping.service.UserService;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.context.annotation.Bean;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
public class UserDetailsService
implements org.springframework.security.core.userdetails.UserDetailsService{
implements org.springframework.security.core.userdetails.UserDetailsService {
private UserService userService;
private String adminUser;

99
wise-webapp/src/main/java/com/wisemapping/security/ldap/LdapUserDetailsContextMapper.java
View File

@@ -1,99 +0,0 @@
package com.wisemapping.security.ldap;
import com.wisemapping.exceptions.WiseMappingException;
import com.wisemapping.model.AuthenticationType;
import com.wisemapping.model.User;
import com.wisemapping.security.UserDetails;
import com.wisemapping.service.UserService;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
import java.util.Calendar;
import java.util.Collection;
public class LdapUserDetailsContextMapper implements UserDetailsContextMapper {
private UserService userService;
private String adminUser;
private String ldapAttributeFirstName;
private String ldapAttributeLastName;
public UserService getUserService() {
return userService;
}
public void setUserService(UserService userService) {
this.userService = userService;
}
private boolean isAdmin(@Nullable String email) {
return email != null && adminUser != null && email.trim().endsWith(adminUser);
}
public String getAdminUser() {
return adminUser;
}
public void setAdminUser(String adminUser) {
this.adminUser = adminUser;
}
@Override
public UserDetails mapUserFromContext(@NotNull DirContextOperations userData,
String email, Collection<? extends GrantedAuthority> arg2) {
User user = userService.getUserBy(email);
if (user == null) {
// If the user was not found in the database, create a new one ...
user = new User();
user.setEmail(email);
final String firstName = userData.getStringAttribute(ldapAttributeFirstName);
user.setFirstname(firstName);
final String lastName = userData.getStringAttribute(ldapAttributeLastName);
user.setLastname(lastName);
user.setPassword(email);
final Calendar now = Calendar.getInstance();
user.setActivationDate(now);
try {
user.setAuthenticationType(AuthenticationType.LDAP);
user = userService.createUser(user, false, false);
} catch (WiseMappingException e) {
throw new IllegalStateException(e);
}
}
return new UserDetails(user, isAdmin(email));
}
public String getLdapAttributeLastName() {
return ldapAttributeLastName;
}
public void setLdapAttributeLastName(String ldapAttributLastName) {
this.ldapAttributeLastName = ldapAttributLastName;
}
public String getLdapAttrbutFirstName() {
return ldapAttributeFirstName;
}
public void setLdapAttributeFirstName(String ldapAttributeFirstName) {
this.ldapAttributeFirstName = ldapAttributeFirstName;
}
@Override
public void mapUserToContext(org.springframework.security.core.userdetails.UserDetails userDetails, DirContextAdapter dirContextAdapter) {
// To be implemented ...
}
}

4
wise-webapp/src/main/java/com/wisemapping/service/HibernateAppListener.java
View File

@@ -18,8 +18,8 @@
package com.wisemapping.service;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import jakarta.servlet.ServletContextEvent;
import jakarta.servlet.ServletContextListener;
public class HibernateAppListener implements ServletContextListener {

2
wise-webapp/src/main/java/com/wisemapping/service/MindmapService.java
View File

@@ -22,7 +22,7 @@ import com.wisemapping.exceptions.WiseMappingException;
import com.wisemapping.model.*;
import org.jetbrains.annotations.Nullable;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
import java.io.IOException;
import java.util.List;

2
wise-webapp/src/main/java/com/wisemapping/service/RecaptchaService.java
View File

@@ -28,7 +28,7 @@ import org.apache.http.client.fluent.Form;
import org.apache.http.client.fluent.Request;
import org.jetbrains.annotations.Nullable;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
import java.io.IOException;
import java.util.HashMap;
import java.util.List;

2
wise-webapp/src/main/java/com/wisemapping/service/google/http/HttpInvoker.java
View File

@@ -47,7 +47,7 @@ import org.springframework.stereotype.Service;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
@Service
public class HttpInvoker {

6
wise-webapp/src/main/java/com/wisemapping/webmvc/LoginController.java → wise-webapp/src/main/java/com/wisemapping/webmvc/MvcLoginController.java
View File

@@ -21,13 +21,15 @@ package com.wisemapping.webmvc;
import com.wisemapping.model.User;
import com.wisemapping.security.Utils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class LoginController {
@PreAuthorize("permitAll()")
public class MvcLoginController {
@Value("${database.driver}")
private String driver;
@@ -39,7 +41,7 @@ public class LoginController {
if (user != null) {
result = new ModelAndView("forward:/c/maps/");
} else {
result = new ModelAndView("login");
result = new ModelAndView("reactInclude");
result.addObject("isHsql", driver.contains("hsql"));
}
return result;

14
wise-webapp/src/main/java/com/wisemapping/webmvc/MindmapController.java → wise-webapp/src/main/java/com/wisemapping/webmvc/MvcMindmapController.java
View File

@@ -34,6 +34,7 @@ import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
@@ -45,7 +46,7 @@ import org.springframework.web.servlet.ModelAndView;
import java.util.Locale;
@Controller
public class MindmapController {
public class MvcMindmapController {
@Qualifier("mindmapService")
@Autowired
@@ -59,12 +60,12 @@ public class MindmapController {
model.addAttribute("mindmap", mindmap);
final Locale locale = LocaleContextHolder.getLocale();
model.addAttribute("locale", locale.toString().toLowerCase());
return "mindmapPrint";
return "mindmapViewonly";
}
@RequestMapping(value = "maps/")
public String showListPage(@NotNull Model model) {
return "mindmapList";
return "reactInclude";
}
@RequestMapping(value = "maps/{id}/edit", method = RequestMethod.GET)
@@ -106,6 +107,7 @@ public class MindmapController {
}
@RequestMapping(value = "maps/{id}/try", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public String showMindmapTryPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException {
return showEditorPage(id, model, false);
}
@@ -118,13 +120,14 @@ public class MindmapController {
}
@RequestMapping(value = "maps/{id}/embed")
@PreAuthorize("permitAll()")
public ModelAndView showEmbeddedPage(@PathVariable int id, @RequestParam(required = false) Float zoom) throws MapCouldNotFoundException, MapNonPublicException, AccessDeniedSecurityException {
if (!mindmapService.isMindmapPublic(id)) {
throw new MapNonPublicException("Map " + id + " is not public.");
}
final MindMapBean mindmap = findMindmapBean(id);
final ModelAndView view = new ModelAndView("mindmapEmbedded", "mindmap", mindmap);
final ModelAndView view = new ModelAndView("mindmapViewonly", "mindmap", mindmap);
view.addObject("zoom", zoom == null ? 1 : zoom);
final Locale locale = LocaleContextHolder.getLocale();
view.addObject("locale", locale.toString().toLowerCase());
@@ -132,6 +135,7 @@ public class MindmapController {
}
@RequestMapping(value = "maps/{id}/public", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public String showPublicViewPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException {
if (!mindmapService.isMindmapPublic(id)) {
throw new MapNonPublicException("Map " + id + " is not public.");
@@ -141,12 +145,14 @@ public class MindmapController {
@Deprecated
@RequestMapping(value = "publicView", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public String showPublicViewPageLegacy(@RequestParam(required = true) int mapId) {
return "redirect:maps/" + mapId + "/public";
}
@Deprecated
@RequestMapping(value = "embeddedView", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public String showPublicViewLegacyPage(@RequestParam(required = true) int mapId, @RequestParam(required = false) int zoom) {
return "redirect:maps/" + mapId + "/embed?zoom=" + zoom;
}

12
wise-webapp/src/main/java/com/wisemapping/webmvc/UsersController.java → wise-webapp/src/main/java/com/wisemapping/webmvc/MvcUsersController.java
View File

@@ -22,31 +22,35 @@ package com.wisemapping.webmvc;
import com.wisemapping.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class UsersController {
public class MvcUsersController {
@Qualifier("userService")
@Autowired
private UserService userService;
@RequestMapping(value = "forgot-password", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public ModelAndView showResetPasswordPage() {
return new ModelAndView("forgot-password");
return new ModelAndView("reactInclude");
}
@RequestMapping(value = "registration-google", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public ModelAndView processGoogleCallback() {
return new ModelAndView("registration-google");
return new ModelAndView("reactInclude");
}
@RequestMapping(value = "registration", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public ModelAndView showRegistrationPage() {
return new ModelAndView("registration");
return new ModelAndView("reactInclude");
}
}