From 87712b2493c8ffcbdcfc9bd789ab5078654e3ed2 Mon Sep 17 00:00:00 2001 From: Paulo Gustavo Veiga Date: Thu, 10 Aug 2023 23:18:59 -0700 Subject: [PATCH] Fix public map access. --- .../src/main/java/com/wisemapping/config/AppConfig.java | 4 ---- .../src/main/java/com/wisemapping/config/SecurityConfig.java | 4 ++-- .../src/main/java/com/wisemapping/rest/MindmapController.java | 4 ++-- 3 files changed, 4 insertions(+), 8 deletions(-) diff --git a/wise-webapp/src/main/java/com/wisemapping/config/AppConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/AppConfig.java index 9bc43335..647863eb 100644 --- a/wise-webapp/src/main/java/com/wisemapping/config/AppConfig.java +++ b/wise-webapp/src/main/java/com/wisemapping/config/AppConfig.java @@ -1,7 +1,5 @@ package com.wisemapping.config; -import com.wisemapping.exceptions.AccessDeniedSecurityException; -import com.wisemapping.exceptions.MapNotPublicSecurityException; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.HandlerExceptionResolver; @@ -11,8 +9,6 @@ import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver; import org.springframework.web.servlet.view.InternalResourceViewResolver; import org.springframework.web.servlet.view.JstlView; -import java.util.Properties; - @EnableWebMvc @Configuration public class AppConfig { diff --git a/wise-webapp/src/main/java/com/wisemapping/config/SecurityConfig.java b/wise-webapp/src/main/java/com/wisemapping/config/SecurityConfig.java index 754eabb2..9fdd5d31 100644 --- a/wise-webapp/src/main/java/com/wisemapping/config/SecurityConfig.java +++ b/wise-webapp/src/main/java/com/wisemapping/config/SecurityConfig.java @@ -80,7 +80,7 @@ public class SecurityConfig { .requestMatchers("/registration", "registration-success", "/registration-google").permitAll() .requestMatchers("/forgot-password", "/forgot-password-success").permitAll() .requestMatchers("/maps/*/embed", "/maps/*/try", "/maps/*/public").permitAll() - .requestMatchers("/restful/maps/*/document/xml-pub").permitAll() + .requestMatchers("/maps/*/document/xml-pub").permitAll() .requestMatchers("/**").hasAnyRole("USER", "ADMIN") .anyRequest().authenticated()) .formLogin((loginForm) -> @@ -112,7 +112,7 @@ public class SecurityConfig { public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { return http.authorizeHttpRequests( (auth) -> - auth.requestMatchers("/static/**", "/css/**", "/js/**", "/images/**", "/favicon.ico").permitAll() + auth.requestMatchers("/static/**", "/css/**", "/js/**", "/images/**", "/*").permitAll() ).build(); } diff --git a/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java b/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java index d033d9f4..8e7d309e 100644 --- a/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java +++ b/wise-webapp/src/main/java/com/wisemapping/rest/MindmapController.java @@ -84,8 +84,7 @@ public class MindmapController extends BaseController { List mindmaps = mindmapService.findMindmapsByUser(user); mindmaps = mindmaps .stream() - .filter(m -> filter.accept(m, user)) - .collect(Collectors.toUnmodifiableList()); + .filter(m -> filter.accept(m, user)).toList(); return new RestMindmapList(mindmaps, user); } @@ -148,6 +147,7 @@ public class MindmapController extends BaseController { saveMindmapDocument(minor, mindmap, user); } + @PreAuthorize("permitAll()") @RequestMapping(method = RequestMethod.GET, value = {"/maps/{id}/document/xml", "/maps/{id}/document/xml-pub"}, consumes = {"text/plain"}, produces = {"application/xml; charset=UTF-8"}) @ResponseBody public byte[] retrieveDocument(@PathVariable int id, @NotNull HttpServletResponse response) throws WiseMappingException, IOException {