Fix public map access.

main
Paulo Gustavo Veiga 2023-08-10 23:18:59 -07:00
parent c783feef65
commit 87712b2493
3 changed files with 4 additions and 8 deletions

View File

@ -1,7 +1,5 @@
package com.wisemapping.config; package com.wisemapping.config;
import com.wisemapping.exceptions.AccessDeniedSecurityException;
import com.wisemapping.exceptions.MapNotPublicSecurityException;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.HandlerExceptionResolver; import org.springframework.web.servlet.HandlerExceptionResolver;
@ -11,8 +9,6 @@ import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver;
import org.springframework.web.servlet.view.InternalResourceViewResolver; import org.springframework.web.servlet.view.InternalResourceViewResolver;
import org.springframework.web.servlet.view.JstlView; import org.springframework.web.servlet.view.JstlView;
import java.util.Properties;
@EnableWebMvc @EnableWebMvc
@Configuration @Configuration
public class AppConfig { public class AppConfig {

View File

@ -80,7 +80,7 @@ public class SecurityConfig {
.requestMatchers("/registration", "registration-success", "/registration-google").permitAll() .requestMatchers("/registration", "registration-success", "/registration-google").permitAll()
.requestMatchers("/forgot-password", "/forgot-password-success").permitAll() .requestMatchers("/forgot-password", "/forgot-password-success").permitAll()
.requestMatchers("/maps/*/embed", "/maps/*/try", "/maps/*/public").permitAll() .requestMatchers("/maps/*/embed", "/maps/*/try", "/maps/*/public").permitAll()
.requestMatchers("/restful/maps/*/document/xml-pub").permitAll() .requestMatchers("/maps/*/document/xml-pub").permitAll()
.requestMatchers("/**").hasAnyRole("USER", "ADMIN") .requestMatchers("/**").hasAnyRole("USER", "ADMIN")
.anyRequest().authenticated()) .anyRequest().authenticated())
.formLogin((loginForm) -> .formLogin((loginForm) ->
@ -112,7 +112,7 @@ public class SecurityConfig {
public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception { public SecurityFilterChain shareResourcesFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
return http.authorizeHttpRequests( return http.authorizeHttpRequests(
(auth) -> (auth) ->
auth.requestMatchers("/static/**", "/css/**", "/js/**", "/images/**", "/favicon.ico").permitAll() auth.requestMatchers("/static/**", "/css/**", "/js/**", "/images/**", "/*").permitAll()
).build(); ).build();
} }

View File

@ -84,8 +84,7 @@ public class MindmapController extends BaseController {
List<Mindmap> mindmaps = mindmapService.findMindmapsByUser(user); List<Mindmap> mindmaps = mindmapService.findMindmapsByUser(user);
mindmaps = mindmaps mindmaps = mindmaps
.stream() .stream()
.filter(m -> filter.accept(m, user)) .filter(m -> filter.accept(m, user)).toList();
.collect(Collectors.toUnmodifiableList());
return new RestMindmapList(mindmaps, user); return new RestMindmapList(mindmaps, user);
} }
@ -148,6 +147,7 @@ public class MindmapController extends BaseController {
saveMindmapDocument(minor, mindmap, user); saveMindmapDocument(minor, mindmap, user);
} }
@PreAuthorize("permitAll()")
@RequestMapping(method = RequestMethod.GET, value = {"/maps/{id}/document/xml", "/maps/{id}/document/xml-pub"}, consumes = {"text/plain"}, produces = {"application/xml; charset=UTF-8"}) @RequestMapping(method = RequestMethod.GET, value = {"/maps/{id}/document/xml", "/maps/{id}/document/xml-pub"}, consumes = {"text/plain"}, produces = {"application/xml; charset=UTF-8"})
@ResponseBody @ResponseBody
public byte[] retrieveDocument(@PathVariable int id, @NotNull HttpServletResponse response) throws WiseMappingException, IOException { public byte[] retrieveDocument(@PathVariable int id, @NotNull HttpServletResponse response) throws WiseMappingException, IOException {