Fix public map access.
parent
c783feef65
commit
87712b2493
|
@ -1,7 +1,5 @@
|
||||||
package com.wisemapping.config;
|
package com.wisemapping.config;
|
||||||
|
|
||||||
import com.wisemapping.exceptions.AccessDeniedSecurityException;
|
|
||||||
import com.wisemapping.exceptions.MapNotPublicSecurityException;
|
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.web.servlet.HandlerExceptionResolver;
|
import org.springframework.web.servlet.HandlerExceptionResolver;
|
||||||
|
@ -11,8 +9,6 @@ import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver;
|
||||||
import org.springframework.web.servlet.view.InternalResourceViewResolver;
|
import org.springframework.web.servlet.view.InternalResourceViewResolver;
|
||||||
import org.springframework.web.servlet.view.JstlView;
|
import org.springframework.web.servlet.view.JstlView;
|
||||||
|
|
||||||
import java.util.Properties;
|
|
||||||
|
|
||||||
@EnableWebMvc
|
@EnableWebMvc
|
||||||
@Configuration
|
@Configuration
|
||||||
public class AppConfig {
|
public class AppConfig {
|
||||||
|
|
|
@ -80,7 +80,7 @@ public class SecurityConfig {
|
||||||
.requestMatchers("/registration", "registration-success", "/registration-google").permitAll()
|
.requestMatchers("/registration", "registration-success", "/registration-google").permitAll()
|
||||||
.requestMatchers("/forgot-password", "/forgot-password-success").permitAll()
|
.requestMatchers("/forgot-password", "/forgot-password-success").permitAll()
|
||||||
.requestMatchers("/maps/*/embed", "/maps/*/try", "/maps/*/public").permitAll()
|
.requestMatchers("/maps/*/embed", "/maps/*/try", "/maps/*/public").permitAll()
|
||||||
.requestMatchers("/restful/maps/*/document/xml-pub").permitAll()
|
.requestMatchers("/maps/*/document/xml-pub").permitAll()
|
||||||
.requestMatchers("/**").hasAnyRole("USER", "ADMIN")
|
.requestMatchers("/**").hasAnyRole("USER", "ADMIN")
|
||||||
.anyRequest().authenticated())
|
.anyRequest().authenticated())
|
||||||
.formLogin((loginForm) ->
|
.formLogin((loginForm) ->
|
||||||
|
@ -112,7 +112,7 @@ public class SecurityConfig {
|
||||||
public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
|
public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
|
||||||
return http.authorizeHttpRequests(
|
return http.authorizeHttpRequests(
|
||||||
(auth) ->
|
(auth) ->
|
||||||
auth.requestMatchers("/static/**", "/css/**", "/js/**", "/images/**", "/favicon.ico").permitAll()
|
auth.requestMatchers("/static/**", "/css/**", "/js/**", "/images/**", "/*").permitAll()
|
||||||
).build();
|
).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -84,8 +84,7 @@ public class MindmapController extends BaseController {
|
||||||
List<Mindmap> mindmaps = mindmapService.findMindmapsByUser(user);
|
List<Mindmap> mindmaps = mindmapService.findMindmapsByUser(user);
|
||||||
mindmaps = mindmaps
|
mindmaps = mindmaps
|
||||||
.stream()
|
.stream()
|
||||||
.filter(m -> filter.accept(m, user))
|
.filter(m -> filter.accept(m, user)).toList();
|
||||||
.collect(Collectors.toUnmodifiableList());
|
|
||||||
|
|
||||||
return new RestMindmapList(mindmaps, user);
|
return new RestMindmapList(mindmaps, user);
|
||||||
}
|
}
|
||||||
|
@ -148,6 +147,7 @@ public class MindmapController extends BaseController {
|
||||||
saveMindmapDocument(minor, mindmap, user);
|
saveMindmapDocument(minor, mindmap, user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@PreAuthorize("permitAll()")
|
||||||
@RequestMapping(method = RequestMethod.GET, value = {"/maps/{id}/document/xml", "/maps/{id}/document/xml-pub"}, consumes = {"text/plain"}, produces = {"application/xml; charset=UTF-8"})
|
@RequestMapping(method = RequestMethod.GET, value = {"/maps/{id}/document/xml", "/maps/{id}/document/xml-pub"}, consumes = {"text/plain"}, produces = {"application/xml; charset=UTF-8"})
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public byte[] retrieveDocument(@PathVariable int id, @NotNull HttpServletResponse response) throws WiseMappingException, IOException {
|
public byte[] retrieveDocument(@PathVariable int id, @NotNull HttpServletResponse response) throws WiseMappingException, IOException {
|
||||||
|
|
Loading…
Reference in New Issue