Migrate authentication to beans.

main
Paulo Gustavo Veiga 2023-07-28 22:46:38 -07:00
parent f72b89d59a
commit a66dff8ae4
68 changed files with 423 additions and 522 deletions

View File

@ -21,7 +21,7 @@ RUN cd ${WEBAPP_TARGET_DIR} && jar -xvf /tmp/wisemapping.war
RUN rm /tmp/wisemapping.war
# Change logger to
RUN cp ${WEBAPP_TARGET_DIR}/WEB-INF/classes/log4j-stdout.properties ${WEBAPP_TARGET_DIR}/WEB-INF/classes/log4j.properties
RUN cp ${WEBAPP_TARGET_DIR}/WEB-INF/classes/log4j-stdout.xml ${WEBAPP_TARGET_DIR}/WEB-INF/classes/log4j.properties
# Add support for proxy
RUN sed -i 's|\

View File

@ -13,11 +13,11 @@
</parent>
<properties>
<org.springframework.version>5.3.28</org.springframework.version>
<org.springframework.addons>5.8.4</org.springframework.addons>
<hibernate.version>5.6.15.Final</hibernate.version>
<org.springframework.version>6.0.10</org.springframework.version>
<org.springframework.addons>6.1.1</org.springframework.addons>
<hibernate.version>6.2.6.Final</hibernate.version>
<hibernate-validator.version>6.0.21.Final</hibernate-validator.version>
<spring-security-taglibs.version>5.6.1</spring-security-taglibs.version>
<spring-security-taglibs.version>6.0.2</spring-security-taglibs.version>
</properties>
<dependencies>
@ -56,12 +56,6 @@
<artifactId>postgresql</artifactId>
<version>42.5.4</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>${org.springframework.addons}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
@ -82,16 +76,17 @@
<!-- Hibernate -->
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>${hibernate.version}</version>
<artifactId>hibernate-core-jakarta</artifactId>
<version>5.6.15.Final</version>
</dependency>
<!-- Hibernate Validator -->
<dependency>
<groupId>org.hibernate.validator</groupId>
<artifactId>hibernate-validator</artifactId>
<version>${hibernate-validator.version}</version>
<version>8.0.1.Final</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
@ -104,12 +99,6 @@
<version>${org.springframework.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.25</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
@ -139,24 +128,12 @@
<version>5.3.15</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>antlr</groupId>
<artifactId>antlr</artifactId>
<version>2.7.6</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.apache.tiles</groupId>
<artifactId>tiles-jsp</artifactId>
<version>3.0.8</version>
<scope>runtime</scope>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- <dependency>-->
<!-- <groupId>antlr</groupId>-->
<!-- <artifactId>antlr</artifactId>-->
<!-- <version>2.7.7</version>-->
<!-- <scope>runtime</scope>-->
<!-- </dependency>-->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
@ -169,18 +146,17 @@
<version>${org.springframework.addons}</version>
<scope>compile</scope>
</dependency>
<!-- <dependency>-->
<!-- <groupId>jakarta.persistence</groupId>-->
<!-- <artifactId>jakarta.persistence-api</artifactId>-->
<!-- <version>3.1.0</version>-->
<!-- </dependency>-->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${org.springframework.addons}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${org.springframework.addons}</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
@ -194,9 +170,9 @@
<scope>compile</scope>
</dependency>
<dependency>
<groupId>com.sun.mail</groupId>
<artifactId>javax.mail</artifactId>
<version>1.6.2</version>
<groupId>jakarta.mail</groupId>
<artifactId>jakarta.mail-api</artifactId>
<version>2.1.2</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
@ -209,21 +185,16 @@
<artifactId>commons-dbcp2</artifactId>
<version>2.9.0</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-ehcache</artifactId>
<version>${hibernate.version}</version>
</dependency>
<dependency>
<groupId>javax.cache</groupId>
<artifactId>cache-api</artifactId>
<version>1.1.1</version>
</dependency>
<dependency>
<groupId>org.ehcache</groupId>
<artifactId>ehcache</artifactId>
<version>3.9.9</version>
</dependency>
<!-- <dependency>-->
<!-- <groupId>org.hibernate</groupId>-->
<!-- <artifactId>hibernate-ehcache</artifactId>-->
<!-- <version>5.6.15.Final</version>-->
<!-- </dependency>-->
<!-- <dependency>-->
<!-- <groupId>javax.cache</groupId>-->
<!-- <artifactId>cache-api</artifactId>-->
<!-- <version>1.1.1</version>-->
<!-- </dependency>-->
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
@ -235,6 +206,7 @@
<artifactId>commons-validator</artifactId>
<version>1.7</version>
</dependency>
<!-- Only for test purposes -->
<dependency>
<groupId>org.hsqldb</groupId>
@ -242,29 +214,26 @@
<version>2.7.1</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.14.2</version>
<version>2.15.1</version>
</dependency>
<dependency>
<!-- This is required in case of Tomcat, do not remove -->
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
<groupId>jakarta.transaction</groupId>
<artifactId>jakarta.transaction-api</artifactId>
<version>2.0.1</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>2.0.5</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<version>6.0.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
@ -275,6 +244,11 @@
<artifactId>fluent-hc</artifactId>
<version>4.5.14</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${org.springframework.addons}</version>
</dependency>
</dependencies>
<profiles>
<profile>
@ -420,6 +394,9 @@
</overlay>
</overlays>
<archiveClasses>true</archiveClasses>
<packagingExcludes>
WEB-INF/lib/commons-logging-*.jar,
</packagingExcludes>
<webResources>
<resource>
<directory>src/main/resources</directory>
@ -436,21 +413,6 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.0</version>
<configuration>
<path>/wisemapping</path>
<warFile>${project.build.directory}/wisemapping.war</warFile>
<mode>war</mode>
<update>true</update>
<systemProperties>
<database.base.url>${project.build.directory}</database.base.url>
</systemProperties>
</configuration>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
@ -497,14 +459,6 @@
</rules>
</configuration>
</execution>
<!-- Confirm why there is a NPE -->
<!-- <execution>-->
<!-- <id>default-report-integration</id>-->
<!-- <phase>verify</phase>-->
<!-- <goals>-->
<!-- <goal>report-integration</goal>-->
<!-- </goals>-->
<!-- </execution>-->
<execution>
<id>default-report</id>
<phase>verify</phase>
@ -518,48 +472,29 @@
<plugin>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-maven-plugin</artifactId>
<version>9.4.34.v20201102</version>
<version>11.0.15</version>
<configuration>
<stopKey>foo</stopKey>
<httpConnector>
<port>8080</port>
</httpConnector>
<stopPort>9999</stopPort>
<deployMode>FORK</deployMode>
<webApp>
<war>${project.build.directory}/wisemapping.war</war>
<reload>automatic</reload>
<webAppConfig>
<overrideDescriptor>${project.basedir}/webdefault.xml</overrideDescriptor>
</webAppConfig>
<systemProperties>
<systemProperty>
<name>org.mortbay.util.FileResource.checkAliases</name>
<value>false</value>
</systemProperty>
<systemProperty>
<name>org.mortbay.util.FileResource.checkAliases</name>
<value>false</value>
</systemProperty>
<systemProperty>
<name>database.base.url</name>
<value>${project.build.directory}</value>
</systemProperty>
</systemProperties>
</webApp>
</configuration>
<executions>
<execution>
<id>run-forked</id>
<phase>pre-integration-test</phase>
<goals>
<goal>run-forked</goal>
<goal>run-war</goal>
</goals>
<configuration>
<useTestClasspath>true</useTestClasspath>
<useTestScope>true</useTestScope>
<scanIntervalSeconds>0</scanIntervalSeconds>
<waitForChild>false</waitForChild>
<maxStartupLines>200</maxStartupLines>
<jvmArgs>-Ddatabase.base.url=${project.build.directory} -Djetty.port=8080
</jvmArgs>
<jvmArgs>-Ddatabase.base.url=${project.build.directory} -Djetty.port=8080 -Dlogging.level.org.springframework=TRACE</jvmArgs>
</configuration>
</execution>
<execution>

View File

@ -0,0 +1,126 @@
package com.wisemapping.config;
import com.wisemapping.security.AuthenticationSuccessHandler;
import com.wisemapping.security.UserDetailsService;
import com.wisemapping.service.UserService;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
@Configuration
@EnableWebSecurity(debug = true)
public class SecurityConfig {
@Autowired
UserService userService;
@Value("${admin.user}")
String adminUser;
@Bean
public StrictHttpFirewall httpFirewall() {
StrictHttpFirewall firewall = new StrictHttpFirewall();
firewall.setAllowSemicolon(true);
return firewall;
}
@Bean
@Order(2)
SecurityFilterChain apiSecurityFilterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
final MvcRequestMatcher.Builder serviceMapper = new MvcRequestMatcher.Builder(introspector).servletPath("/service");
return http
.securityMatchers((matchers) ->
matchers.requestMatchers(serviceMapper.pattern(("/**"))))
.authorizeHttpRequests(auth ->
auth
.requestMatchers("/users/").permitAll()
.requestMatchers("/users/resetPassword").permitAll()
.requestMatchers("/oauth2/googlecallback").permitAll()
.requestMatchers("/oauth2/confirmaccountsync").permitAll()
.requestMatchers("/admin/**").hasAnyRole("ADMIN")
.requestMatchers("/**").hasAnyRole("USER", "ADMIN")
)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.httpBasic(httpBasic -> {
})
.csrf(AbstractHttpConfigurer::disable)
.build();
}
@Bean
@Order(1)
public SecurityFilterChain filterChain(@NotNull final HttpSecurity http, @NotNull final HandlerMappingIntrospector introspector) throws Exception {
final AuthenticationSuccessHandler authenticationSuccessHandler = new AuthenticationSuccessHandler();
authenticationSuccessHandler.setAlwaysUseDefaultTargetUrl(false);
authenticationSuccessHandler.setDefaultTargetUrl("/c/maps/");
final MvcRequestMatcher.Builder restfullMapper = new MvcRequestMatcher.Builder(introspector).servletPath("/c/restful");
final MvcRequestMatcher.Builder mvcMatcher = new MvcRequestMatcher.Builder(introspector).servletPath("/c");
http
.securityMatchers((matchers) ->
matchers.requestMatchers(restfullMapper.pattern(("/**"))).
requestMatchers(mvcMatcher.pattern(("/**"))))
.authorizeHttpRequests(
(auth) ->
auth
.requestMatchers("/login", "logout").permitAll()
.requestMatchers("/registration", "registration-success").permitAll()
.requestMatchers("/registration-google").permitAll()
.requestMatchers("/forgot-password", "/forgot-password-success").permitAll()
.requestMatchers("/maps/*/embed").permitAll()
.requestMatchers("/maps/*/try").permitAll()
.requestMatchers("/maps/*/public").permitAll()
.requestMatchers("/restful/maps/*/document/xml-pub").permitAll()
.requestMatchers("/**").hasAnyRole("USER", "ADMIN")
.anyRequest().authenticated())
.formLogin((loginForm) ->
loginForm.loginPage("/c/login")
.loginProcessingUrl("/c/perform-login")
.defaultSuccessUrl("/c/maps/")
.failureUrl("/c/login?login_error=2"))
.logout((logout) ->
logout
.logoutUrl("/c/logout")
.logoutSuccessUrl("/c/login")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.permitAll()
).rememberMe(remember ->
remember
.tokenValiditySeconds(2419200)
.rememberMeParameter("remember-me"
).authenticationSuccessHandler(authenticationSuccessHandler)
)
.csrf((csrf) ->
csrf.ignoringRequestMatchers("/logout"));
return http.build();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.ignoring().requestMatchers("/static/**", "/css/**", "/js/**", "/images/**");
}
@Bean
public UserDetailsService userDetailsService() {
final UserDetailsService result = new UserDetailsService();
result.setUserService(userService);
result.setAdminUser(adminUser);
return result;
}
}

View File

@ -20,6 +20,7 @@ package com.wisemapping.dao;
import com.wisemapping.model.*;
import com.wisemapping.util.ZipUtils;
import jakarta.persistence.Query;
import org.hibernate.Criteria;
import org.hibernate.criterion.Junction;
import org.hibernate.criterion.Order;
@ -30,7 +31,6 @@ import org.jetbrains.annotations.Nullable;
import org.springframework.orm.hibernate5.HibernateTemplate;
import org.springframework.orm.hibernate5.support.HibernateDaoSupport;
import javax.persistence.Query;
import java.io.IOException;
import java.util.Calendar;
import java.util.List;

View File

@ -21,7 +21,7 @@ package com.wisemapping.exceptions;
import org.springframework.lang.Nullable;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class InvalidEmailException
extends ClientException {

View File

@ -21,7 +21,7 @@ package com.wisemapping.exceptions;
import org.springframework.lang.Nullable;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class InvalidMindmapException
extends ClientException {

View File

@ -19,7 +19,7 @@
package com.wisemapping.exceptions;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class MapCouldNotFoundException
extends ClientException

View File

@ -3,7 +3,7 @@ package com.wisemapping.exceptions;
import com.wisemapping.service.google.http.HttpInvokerException;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class OAuthAuthenticationException extends WiseMappingException {

View File

@ -19,7 +19,7 @@
package com.wisemapping.exceptions;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class PasswordTooLongException
extends ClientException {

View File

@ -19,7 +19,7 @@
package com.wisemapping.exceptions;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
public class TooManyInactiveAccountsExceptions
extends ClientException {

View File

@ -16,7 +16,7 @@
* limitations under the License.
*/
package com.wisemapping.rest;
package com.wisemapping.exceptions;
import com.wisemapping.exceptions.WiseMappingException;

View File

@ -20,13 +20,13 @@ package com.wisemapping.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletResponse;
/**
*

View File

@ -22,8 +22,8 @@ import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
public class RequestPropertiesInterceptor implements HandlerInterceptor {

View File

@ -22,12 +22,11 @@ import com.wisemapping.model.User;
import com.wisemapping.security.Utils;
import org.jetbrains.annotations.NotNull;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.springframework.web.servlet.i18n.SessionLocaleResolver;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.util.Locale;
public class UserLocaleInterceptor implements HandlerInterceptor {

View File

@ -31,9 +31,9 @@ import org.apache.logging.log4j.Logger;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import jakarta.servlet.ServletContext;
import jakarta.servlet.http.HttpSessionEvent;
import jakarta.servlet.http.HttpSessionListener;
public class UnlockOnExpireListener implements HttpSessionListener {
private static final Logger logger = LogManager.getLogger();

View File

@ -21,11 +21,11 @@ package com.wisemapping.mail;
import com.wisemapping.util.VelocityEngineUtils;
import com.wisemapping.util.VelocityEngineWrapper;
import org.jetbrains.annotations.NotNull;
import org.springframework.mail.javamail.JavaMailSender;
import org.springframework.mail.javamail.MimeMessageHelper;
import org.springframework.mail.javamail.MimeMessagePreparator;
import jakarta.validation.constraints.NotNull;
import java.nio.charset.StandardCharsets;
import java.util.Map;

View File

@ -32,7 +32,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.context.support.ResourceBundleMessageSource;
import javax.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;

View File

@ -20,7 +20,7 @@ package com.wisemapping.model;
import org.jetbrains.annotations.NotNull;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.Serializable;
import java.util.Calendar;

View File

@ -21,8 +21,8 @@ package com.wisemapping.model;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import javax.validation.constraints.NotNull;
import jakarta.persistence.*;
import jakarta.validation.constraints.NotNull;
import java.io.Serializable;
import java.util.Objects;

View File

@ -20,7 +20,7 @@ package com.wisemapping.model;
import org.jetbrains.annotations.NotNull;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.Serializable;
@Entity

View File

@ -22,7 +22,7 @@ import org.hibernate.annotations.CacheConcurrencyStrategy;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.Serializable;
import java.util.Calendar;
import java.util.HashSet;

View File

@ -22,7 +22,7 @@ import org.hibernate.annotations.CacheConcurrencyStrategy;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.Serializable;
import java.util.Objects;

View File

@ -22,7 +22,7 @@ import com.wisemapping.util.ZipUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.IOException;
import java.util.Calendar;

View File

@ -30,7 +30,7 @@ import org.hibernate.annotations.NotFoundAction;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.IOException;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;

View File

@ -21,7 +21,7 @@ package com.wisemapping.model;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.persistence.*;
import jakarta.persistence.*;
import java.io.Serializable;
import java.util.Calendar;
@ -90,7 +90,7 @@ public class User
return password;
}
public void setPassword(@javax.validation.constraints.NotNull String password) {
public void setPassword(@jakarta.validation.constraints.NotNull String password) {
this.password = password;
}

View File

@ -32,6 +32,7 @@ import com.wisemapping.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
@ -41,6 +42,7 @@ import org.springframework.web.bind.annotation.ResponseStatus;
import java.util.List;
@Controller
@PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
public class AccountController extends BaseController {
@Qualifier("userService")
@Autowired

View File

@ -30,14 +30,16 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.List;
@Controller
@PreAuthorize("isAuthenticated() and hasRole('ROLE_ADMIN')")
public class AdminController extends BaseController {
@Qualifier("userService")
@Autowired

View File

@ -20,6 +20,7 @@ package com.wisemapping.rest;
import com.wisemapping.exceptions.ClientException;
import com.wisemapping.exceptions.OAuthAuthenticationException;
import com.wisemapping.exceptions.Severity;
import com.wisemapping.exceptions.ValidationException;
import com.wisemapping.mail.NotificationService;
import com.wisemapping.model.User;
import com.wisemapping.rest.model.RestErrors;
@ -37,9 +38,9 @@ import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.ServletContext;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.lang.reflect.UndeclaredThrowableException;
import java.util.Locale;

View File

@ -18,6 +18,7 @@
package com.wisemapping.rest;
import com.wisemapping.exceptions.LabelCouldNotFoundException;
import com.wisemapping.exceptions.ValidationException;
import com.wisemapping.exceptions.WiseMappingException;
import com.wisemapping.model.Label;
import com.wisemapping.model.User;
@ -30,15 +31,17 @@ import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BeanPropertyBindingResult;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletResponse;
import java.util.List;
@Controller
@PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
public class LabelController extends BaseController {
@Qualifier("labelService")
@ -64,7 +67,7 @@ public class LabelController extends BaseController {
response.setHeader("ResourceId", Long.toString(label.getId()));
}
@RequestMapping(method = RequestMethod.GET, value = "/labels", produces = {"application/json"})
@RequestMapping(method = RequestMethod.GET, value = "/labels/", produces = {"application/json"})
public RestLabelList retrieveList() {
final User user = Utils.getUser();
assert user != null;

View File

@ -33,12 +33,13 @@ import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BeanPropertyBindingResult;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.*;
@ -46,6 +47,7 @@ import java.util.stream.Collectors;
@Controller
@PreAuthorize("isAuthenticated() and hasRole('ROLE_USER')")
public class MindmapController extends BaseController {
final Logger logger = LogManager.getLogger();

View File

@ -34,8 +34,8 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
@Controller

View File

@ -35,13 +35,14 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BindException;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.Arrays;
import java.util.List;
@ -61,7 +62,7 @@ public class UserController extends BaseController {
@Autowired
private AuthenticationManager authManager;
@Value("${google.recaptcha2.enabled}")
@Value("${google.recaptcha2.enabled:false}")
private Boolean recatchaEnabled;
@Value("${accounts.exclusion.domain:''}")
@ -70,7 +71,7 @@ public class UserController extends BaseController {
private static final Logger logger = LogManager.getLogger();
private static final String REAL_IP_ADDRESS_HEADER = "X-Real-IP";
@RequestMapping(method = RequestMethod.POST, value = "/users", produces = { "application/json" })
@RequestMapping(method = RequestMethod.POST, value = "/users/", produces = { "application/json" })
@ResponseStatus(value = HttpStatus.CREATED)
public void registerUser(@RequestBody RestUserRegistration registration, @NotNull HttpServletRequest request,
@NotNull HttpServletResponse response) throws WiseMappingException, BindException {

View File

@ -24,9 +24,9 @@ import com.wisemapping.model.Collaborator;
import com.wisemapping.util.TimeUtils;
import org.jetbrains.annotations.NotNull;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import jakarta.xml.bind.annotation.XmlAccessType;
import jakarta.xml.bind.annotation.XmlAccessorType;
import jakarta.xml.bind.annotation.XmlRootElement;
import java.util.Calendar;
@JsonAutoDetect(

View File

@ -30,9 +30,9 @@ import org.springframework.validation.Errors;
import org.springframework.validation.FieldError;
import org.springframework.validation.ObjectError;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import jakarta.xml.bind.annotation.XmlAccessType;
import jakarta.xml.bind.annotation.XmlAccessorType;
import jakarta.xml.bind.annotation.XmlRootElement;
import java.util.*;
@JsonAutoDetect(

View File

@ -4,7 +4,7 @@ import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.wisemapping.model.Label;
import org.jetbrains.annotations.NotNull;
import javax.xml.bind.annotation.XmlElement;
import jakarta.xml.bind.annotation.XmlElement;
import java.util.ArrayList;
import java.util.List;

View File

@ -29,9 +29,9 @@ import com.wisemapping.util.TimeUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import jakarta.xml.bind.annotation.XmlAccessType;
import jakarta.xml.bind.annotation.XmlAccessorType;
import jakarta.xml.bind.annotation.XmlRootElement;
import java.io.IOException;
import java.util.Calendar;

View File

@ -24,7 +24,7 @@ import com.wisemapping.model.Collaborator;
import com.wisemapping.model.Mindmap;
import org.jetbrains.annotations.NotNull;
import javax.xml.bind.annotation.XmlElement;
import jakarta.xml.bind.annotation.XmlElement;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;

View File

@ -23,9 +23,9 @@ import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;

View File

@ -1,44 +0,0 @@
/*
* Copyright [2022] [wisemapping]
*
* Licensed under WiseMapping Public License, Version 1.0 (the "License").
* It is basically the Apache License, Version 2.0 (the "License") plus the
* "powered by wisemapping" text requirement on every single page;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the license at
*
* http://www.wisemapping.org/license
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.wisemapping.security;
import org.springframework.security.web.util.matcher.RequestMatcher;
import javax.servlet.http.HttpServletRequest;
import java.util.Arrays;
public class CSFRRequestMatcher implements RequestMatcher {
private String prefix;
static String[] supportedMethods = {"POST", "PUT", "GET", "DELETE", "PATCH"};
@Override
public boolean matches(HttpServletRequest request) {
final String requestURI = request.getRequestURI();
return Arrays.stream(supportedMethods).anyMatch(p -> request.getMethod().toUpperCase().equals(p))
&& requestURI.startsWith(prefix);
}
public String getPrefix() {
return prefix;
}
public void setPrefix(String prefix) {
this.prefix = prefix;
}
}

View File

@ -23,6 +23,7 @@ import com.wisemapping.model.User;
import com.wisemapping.service.UserService;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.context.annotation.Bean;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

View File

@ -1,99 +0,0 @@
package com.wisemapping.security.ldap;
import com.wisemapping.exceptions.WiseMappingException;
import com.wisemapping.model.AuthenticationType;
import com.wisemapping.model.User;
import com.wisemapping.security.UserDetails;
import com.wisemapping.service.UserService;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
import java.util.Calendar;
import java.util.Collection;
public class LdapUserDetailsContextMapper implements UserDetailsContextMapper {
private UserService userService;
private String adminUser;
private String ldapAttributeFirstName;
private String ldapAttributeLastName;
public UserService getUserService() {
return userService;
}
public void setUserService(UserService userService) {
this.userService = userService;
}
private boolean isAdmin(@Nullable String email) {
return email != null && adminUser != null && email.trim().endsWith(adminUser);
}
public String getAdminUser() {
return adminUser;
}
public void setAdminUser(String adminUser) {
this.adminUser = adminUser;
}
@Override
public UserDetails mapUserFromContext(@NotNull DirContextOperations userData,
String email, Collection<? extends GrantedAuthority> arg2) {
User user = userService.getUserBy(email);
if (user == null) {
// If the user was not found in the database, create a new one ...
user = new User();
user.setEmail(email);
final String firstName = userData.getStringAttribute(ldapAttributeFirstName);
user.setFirstname(firstName);
final String lastName = userData.getStringAttribute(ldapAttributeLastName);
user.setLastname(lastName);
user.setPassword(email);
final Calendar now = Calendar.getInstance();
user.setActivationDate(now);
try {
user.setAuthenticationType(AuthenticationType.LDAP);
user = userService.createUser(user, false, false);
} catch (WiseMappingException e) {
throw new IllegalStateException(e);
}
}
return new UserDetails(user, isAdmin(email));
}
public String getLdapAttributeLastName() {
return ldapAttributeLastName;
}
public void setLdapAttributeLastName(String ldapAttributLastName) {
this.ldapAttributeLastName = ldapAttributLastName;
}
public String getLdapAttrbutFirstName() {
return ldapAttributeFirstName;
}
public void setLdapAttributeFirstName(String ldapAttributeFirstName) {
this.ldapAttributeFirstName = ldapAttributeFirstName;
}
@Override
public void mapUserToContext(org.springframework.security.core.userdetails.UserDetails userDetails, DirContextAdapter dirContextAdapter) {
// To be implemented ...
}
}

View File

@ -18,8 +18,8 @@
package com.wisemapping.service;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import jakarta.servlet.ServletContextEvent;
import jakarta.servlet.ServletContextListener;
public class HibernateAppListener implements ServletContextListener {

View File

@ -22,7 +22,7 @@ import com.wisemapping.exceptions.WiseMappingException;
import com.wisemapping.model.*;
import org.jetbrains.annotations.Nullable;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
import java.io.IOException;
import java.util.List;

View File

@ -28,7 +28,7 @@ import org.apache.http.client.fluent.Form;
import org.apache.http.client.fluent.Request;
import org.jetbrains.annotations.Nullable;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
import java.io.IOException;
import java.util.HashMap;
import java.util.List;

View File

@ -47,7 +47,7 @@ import org.springframework.stereotype.Service;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import javax.validation.constraints.NotNull;
import jakarta.validation.constraints.NotNull;
@Service
public class HttpInvoker {

View File

@ -21,13 +21,15 @@ package com.wisemapping.webmvc;
import com.wisemapping.model.User;
import com.wisemapping.security.Utils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class LoginController {
@PreAuthorize("permitAll()")
public class MvcLoginController {
@Value("${database.driver}")
private String driver;
@ -39,7 +41,7 @@ public class LoginController {
if (user != null) {
result = new ModelAndView("forward:/c/maps/");
} else {
result = new ModelAndView("login");
result = new ModelAndView("reactInclude");
result.addObject("isHsql", driver.contains("hsql"));
}
return result;

View File

@ -34,6 +34,7 @@ import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
@ -45,7 +46,7 @@ import org.springframework.web.servlet.ModelAndView;
import java.util.Locale;
@Controller
public class MindmapController {
public class MvcMindmapController {
@Qualifier("mindmapService")
@Autowired
@ -59,12 +60,12 @@ public class MindmapController {
model.addAttribute("mindmap", mindmap);
final Locale locale = LocaleContextHolder.getLocale();
model.addAttribute("locale", locale.toString().toLowerCase());
return "mindmapPrint";
return "mindmapViewonly";
}
@RequestMapping(value = "maps/")
public String showListPage(@NotNull Model model) {
return "mindmapList";
return "reactInclude";
}
@RequestMapping(value = "maps/{id}/edit", method = RequestMethod.GET)
@ -106,6 +107,7 @@ public class MindmapController {
}
@RequestMapping(value = "maps/{id}/try", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public String showMindmapTryPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException {
return showEditorPage(id, model, false);
}
@ -118,13 +120,14 @@ public class MindmapController {
}
@RequestMapping(value = "maps/{id}/embed")
@PreAuthorize("permitAll()")
public ModelAndView showEmbeddedPage(@PathVariable int id, @RequestParam(required = false) Float zoom) throws MapCouldNotFoundException, MapNonPublicException, AccessDeniedSecurityException {
if (!mindmapService.isMindmapPublic(id)) {
throw new MapNonPublicException("Map " + id + " is not public.");
}
final MindMapBean mindmap = findMindmapBean(id);
final ModelAndView view = new ModelAndView("mindmapEmbedded", "mindmap", mindmap);
final ModelAndView view = new ModelAndView("mindmapViewonly", "mindmap", mindmap);
view.addObject("zoom", zoom == null ? 1 : zoom);
final Locale locale = LocaleContextHolder.getLocale();
view.addObject("locale", locale.toString().toLowerCase());
@ -132,6 +135,7 @@ public class MindmapController {
}
@RequestMapping(value = "maps/{id}/public", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public String showPublicViewPage(@PathVariable int id, @NotNull Model model) throws WiseMappingException {
if (!mindmapService.isMindmapPublic(id)) {
throw new MapNonPublicException("Map " + id + " is not public.");
@ -141,12 +145,14 @@ public class MindmapController {
@Deprecated
@RequestMapping(value = "publicView", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public String showPublicViewPageLegacy(@RequestParam(required = true) int mapId) {
return "redirect:maps/" + mapId + "/public";
}
@Deprecated
@RequestMapping(value = "embeddedView", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public String showPublicViewLegacyPage(@RequestParam(required = true) int mapId, @RequestParam(required = false) int zoom) {
return "redirect:maps/" + mapId + "/embed?zoom=" + zoom;
}

View File

@ -22,31 +22,35 @@ package com.wisemapping.webmvc;
import com.wisemapping.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class UsersController {
public class MvcUsersController {
@Qualifier("userService")
@Autowired
private UserService userService;
@RequestMapping(value = "forgot-password", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public ModelAndView showResetPasswordPage() {
return new ModelAndView("forgot-password");
return new ModelAndView("reactInclude");
}
@RequestMapping(value = "registration-google", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public ModelAndView processGoogleCallback() {
return new ModelAndView("registration-google");
return new ModelAndView("reactInclude");
}
@RequestMapping(value = "registration", method = RequestMethod.GET)
@PreAuthorize("permitAll()")
public ModelAndView showRegistrationPage() {
return new ModelAndView("registration");
return new ModelAndView("reactInclude");
}
}

View File

@ -1 +1 @@
# Solves error Can't find bundle for base name javax.xml.bind.Messages, locale en_US
# Solves error Can't find bundle for base name jakarta.xml.bind.Messages, locale en_US

View File

@ -160,3 +160,4 @@ security.oauth2.google.url=https://accounts.google.com/o/oauth2/v2/auth?redirect
# Coma separated list of domains and emails ban
#accounts.exclusion.domain=

View File

@ -1,7 +0,0 @@
# Debug level
log4j.rootLogger=INFO,stdout
# Stdout logger
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d %p %c - %m%n

View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="DEBUG">
<Appenders>
<Console name="LogToConsole" target="SYSTEM_OUT">
<PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n"/>
</Console>
</Appenders>
<Loggers>
<Logger name="com.wisemapping" level="debug">
<AppenderRef ref="LogToConsole"/>
</Logger>
<Logger name="org.springframework" level="trace">
<AppenderRef ref="LogToConsole"/>
</Logger>
<Root level="trace">
<AppenderRef ref="LogToConsole"/>
</Root>
</Loggers>
</Configuration>

View File

@ -1,24 +0,0 @@
# Log levels
log4j.rootLogger=INFO, stdout, R
log4j.logger.com.wisemapping=DEBUG,R
log4j.logger.org.springframework=DEBUG,R
log4j.logger.org.hibernate=INFO,R
log4j.logger.org.hibernate.type.descriptor.sql.BasicBinder=TRACE,R
log4j.logger.org.hibernate.SQL=DEBUG,R
# Stdout logger
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d %p %c - %m%n
# File Writer Logger
log4j.appender.R=org.apache.log4j.RollingFileAppender
log4j.appender.R.File=wisemapping.log
log4j.appender.R.MaxFileSize=100KB
# Keep one backup file
log4j.appender.R.MaxBackupIndex=1
log4j.appender.R.layout=org.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern=%d %p %c - %m%n

View File

@ -0,0 +1,24 @@
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="DEBUG">
<Appenders>
<Console name="LogToConsole" target="SYSTEM_OUT">
<PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n"/>
</Console>
<File name="LogToFile" fileName="wisemapping.log">
<PatternLayout>
<Pattern>%d %p %c{1.} [%t] %m%n</Pattern>
</PatternLayout>
</File>
</Appenders>
<Loggers>
<Logger name="com.wisemapping" level="debug">
<AppenderRef ref="LogToConsole"/>
</Logger>
<Logger name="org.springframework" level="trace">
<AppenderRef ref="LogToConsole"/>
</Logger>
<Root level="trace">
<AppenderRef ref="LogToConsole"/>
</Root>
</Loggers>
</Configuration>

View File

@ -2,16 +2,6 @@
<tiles-definitions>
<definition name="mindmapEmbedded" template="/jsp/mindmapViewonly.jsp"/>
<definition name="mindmapEditor" template="/jsp/mindmapEditor.jsp"/>
<definition name="mindmapPrint" template="/jsp/mindmapViewonly.jsp"/>
<definition name="login" template="/jsp/reactInclude.jsp"/>
<definition name="registration" template="/jsp/reactInclude.jsp"/>
<definition name="registration-google" template="/jsp/reactInclude.jsp"/>
<definition name="forgot-password" template="/jsp/reactInclude.jsp"/>
<definition name="mindmapList" template="/jsp/reactInclude.jsp"/>
<!-- Template Declaration -->
<definition name="errorTemplate" template="/jsp/errorTemplate.jsp">
<put-attribute name="title" value="" type="string"/>

View File

@ -1,7 +1,7 @@
<%@ page import="com.wisemapping.security.Utils" %>
<%@ page import="com.wisemapping.model.User" %>
<%@ page pageEncoding="UTF-8" contentType="text/html; charset=UTF-8" %>
<%@ include file="/jsp/init.jsp" %>
<%@ include file="init.jsp" %>
<%--@elvariable id="mindmap" type="com.wisemapping.model.Mindmap"--%>
<%--@elvariable id="editorTryMode" type="java.lang.Boolean"--%>
@ -16,7 +16,7 @@
<base href="${requestScope['site.baseurl']}/static/webapp/">
<link rel="preload" href="https://fonts.googleapis.com/css2?family=Montserrat:wght@100;200;300;400;600&display=swap" as="style" onload="this.onload=null;this.rel='stylesheet'" crossorigin>
<%@ include file="/jsp/pageHeaders.jsf" %>
<%@ include file="pageHeaders.jsf" %>
<title>Loading ... | WiseMapping</title>

View File

@ -1,5 +1,5 @@
<%@page pageEncoding="UTF-8" %>
<%@include file="/jsp/init.jsp" %>
<%@include file="init.jsp" %>
<%--@elvariable id="mindmap" type="com.wisemapping.model.Mindmap"--%>
@ -15,7 +15,7 @@
<link rel="preload" href="../../css/viewonly.css" as="style" onload="this.onload=null;this.rel='stylesheet'">
<title>${mindmap.title} | <spring:message code="SITE.TITLE"/></title>
<%@ include file="/jsp/pageHeaders.jsf" %>
<%@ include file="pageHeaders.jsf" %>
<script type="text/javascript">
var mapId = '${mindmap.id}';

View File

@ -9,7 +9,7 @@
<base href="${requestScope['site.baseurl']}/static/webapp/">
<link rel="preload" href="https://fonts.googleapis.com/css2?family=Montserrat:wght@100;200;300;400;600&display=swap" as="style" onload="this.onload=null;this.rel='stylesheet'" crossorigin>
<%@ include file="/jsp/pageHeaders.jsf" %>
<%@ include file="pageHeaders.jsf" %>
<title>WiseMapping</title>

View File

@ -0,0 +1,52 @@
<%@page pageEncoding="UTF-8" %>
<%@include file="init.jsp" %>
<!DOCTYPE HTML>
<%@ taglib uri="http://tiles.apache.org/tags-tiles" prefix="tiles" %>
<tiles:importAttribute name="title" scope="request"/>
<tiles:importAttribute name="details" scope="request"/>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<base href="${requestScope['site.baseurl']}/">
<title>
<spring:message code="SITE.TITLE"/>-
<c:choose>
<c:when test="${requestScope.viewTitle!=null}">
${requestScope.viewTitle}
</c:when>
<c:otherwise>
<spring:message code="${requestScope.title}"/>
</c:otherwise>
</c:choose>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<base href="${requestScope['site.baseurl']}/static/mindplot/">
<title><spring:message code="SITE.TITLE"/> - <c:out value="${mindmap.title}"/></title>
<link rel="stylesheet" href="../../css/error.css"/>
<%@ include file="/jsp/pageHeaders.jsf" %>
</head>
<body>
<div id="errorContainer">
<div class='col'>
<h1>Oops !</h1>
<h2>
<spring:message code="${requestScope.title}"/>
</h2>
<p>
<spring:message code="${requestScope.details}"/>
</p>
</div>
<div class='column'>
<a href="https://www.wisemapping.com">
<img src="/images/logo-icon.svg" alt="Wisemapping icon" id="icon" />
</a>
</div>
</div>
<div id="bottom-logo"></div>
</body>
</html>

View File

@ -1,9 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
<web-app version="5.0"
xmlns="https://jakarta.ee/xml/ns/jakartaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_5_0.xsd">
<filter>
<filter-name>charsetFilter</filter-name>
@ -17,7 +17,7 @@
<distributable/>
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-name>jakarta.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-value>messages</param-value>
</context-param>
@ -29,7 +29,7 @@
/WEB-INF/wisemapping-dao.xml
/WEB-INF/wisemapping-service.xml
/WEB-INF/wisemapping-model.xml
/WEB-INF/wisemapping-security.xml
/WEB-INF/wisemapping-servlet.xml
</param-value>
</context-param>

View File

@ -21,9 +21,9 @@
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">${database.hibernate.dialect}</prop>
<prop key="hibernate.cache.use_second_level_cache">true</prop>
<prop key="hibernate.cache.region.factory_class">org.hibernate.cache.ehcache.EhCacheRegionFactory</prop>
<prop key="hibernate.default_batch_fetch_size">200</prop>
<!-- <prop key="hibernate.cache.use_second_level_cache">true</prop>-->
<!-- <prop key="hibernate.cache.region.factory_class">org.hibernate.cache.ehcache.EhCacheRegionFactory</prop>-->
<!-- <prop key="hibernate.default_batch_fetch_size">200</prop>-->
<prop key="hibernate.nestedTransactionAllowed">true</prop>
<prop key="hibernate.auto_quote_keyword">true</prop>
</props>

View File

@ -1,90 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<bean id="custom-firewall" class="org.springframework.security.web.firewall.StrictHttpFirewall">
<property name="allowSemicolon" value="true"/>
</bean>
<sec:http-firewall ref="custom-firewall"/>
<sec:http pattern="/static/webapp/**" security="none"/>
<sec:http pattern="/static/mindplot/**" security="none"/>
<sec:http pattern="/css/**" security="none"/>
<sec:http pattern="/js/**" security="none"/>
<sec:http pattern="/images/**" security="none"/>
<sec:http pattern="/c/maps/*/embed" security="none"/>
<sec:http pattern="/c/maps/*/try" security="none"/>
<sec:http pattern="/c/maps/*/public" security="none"/>
<sec:http pattern="/c/restful/maps/*/document/xml-pub" security="none"/>
<sec:http pattern="/c/activation" security="none"/>
<!-- Admin related services that required admin role-->
<sec:http use-expressions="true" create-session="stateless" pattern="/service/**">
<sec:csrf disabled="true"/>
<sec:intercept-url pattern="/service/users" method="OPTIONS" access="permitAll"/>
<sec:intercept-url pattern="/service/users/resetPassword" method="OPTIONS" access="permitAll"/>
<sec:intercept-url pattern="/service/users/" method="POST" access="permitAll"/>
<sec:intercept-url pattern="/service/users/resetPassword" method="PUT" access="permitAll"/>
<sec:intercept-url pattern="/service/oauth2/googlecallback" method="POST" access="permitAll"/>
<sec:intercept-url pattern="/service/oauth2/confirmaccountsync" method="PUT" access="permitAll"/>
<sec:intercept-url pattern="/service/admin/users/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
<sec:intercept-url pattern="/service/admin/database/**" access="isAuthenticated() and hasRole('ROLE_ADMIN')"/>
<sec:intercept-url pattern="/service/**" access="isAuthenticated() and hasRole('ROLE_USER')"/>
<sec:http-basic/>
</sec:http>
<sec:http use-expressions="true" pattern="/c/**/*">
<sec:csrf request-matcher-ref="requestMatcher"/>
<sec:intercept-url pattern="/c/login" access="permitAll"/>
<sec:intercept-url pattern="/c/registration" access="hasRole('ANONYMOUS')"/>
<sec:intercept-url pattern="/c/registration-success" access="hasRole('ANONYMOUS')"/>
<sec:intercept-url pattern="/c/registration-google" access="permitAll"/>
<sec:intercept-url pattern="/c/forgot-password" access="hasRole('ANONYMOUS')"/>
<sec:intercept-url pattern="/c/forgot-password-success" access="hasRole('ANONYMOUS')"/>
<sec:intercept-url pattern="/c/**/*" access="isAuthenticated() and hasRole('ROLE_USER')"/>
<sec:access-denied-handler error-page="/c/login"/>
<sec:form-login login-page="/c/login"
authentication-success-handler-ref="authenticationSuccessHandler"
always-use-default-target="false"
authentication-failure-url="/c/login?login_error=2"
login-processing-url="/c/perform-login"/>
<!-- Expire in 28 days -->
<sec:remember-me token-validity-seconds="2419200"
remember-me-parameter="remember-me"
authentication-success-handler-ref="authenticationSuccessHandler"/>
<sec:logout logout-url="/c/logout" invalidate-session="true" logout-success-url="/c/login"/>
</sec:http>
<!-- Extends CSFR match to get methods to have consistency in all errors. Otherwise, get requests are forward in some cases -->
<bean id="requestMatcher"
class="com.wisemapping.security.CSFRRequestMatcher">
<property name="prefix" value="/c/restful/"/>
</bean>
<import resource="wisemapping-security-${security.type}.xml"/>
<bean id="userDetailsService" class="com.wisemapping.security.UserDetailsService">
<property name="userService" ref="userService"/>
<property name="adminUser" value="${admin.user}"/>
</bean>
<bean id="authenticationSuccessHandler" class="com.wisemapping.security.AuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/c/maps/"/>
<property name="alwaysUseDefaultTargetUrl" value="false"/>
</bean>
</beans>

View File

@ -120,4 +120,5 @@
</property>
</bean>
<import resource="wisemapping-security-${security.type}.xml"/>
</beans>

View File

@ -11,7 +11,7 @@
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<context:component-scan base-package="com.wisemapping.webmvc"/>
<context:component-scan base-package="com.wisemapping"/>
<context:annotation-config/>
<mvc:annotation-driven/>
<context:property-placeholder location="/WEB-INF/app.properties" ignore-unresolvable="true"/>
@ -25,12 +25,12 @@
<bean id="simpleMappingExceptionResolver"
class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="defaultStatusCode" value="500"/>
<property name="defaultErrorView" value="unexpectedError"/>
<property name="defaultErrorView" value="errorTemplate"/>
<property name="warnLogCategory" value="com.wisemapping.mvc.Exceptions"/>
<property name="exceptionMappings">
<props>
<!-- Security access exceptions must not handled as unexpected errors -->
<!-- Security access exceptions must not handle as unexpected errors -->
<prop key="com.wisemapping.exceptions.MapNonPublicException">securityError</prop>
<prop key="com.wisemapping.exceptions.AccessDeniedSecurityException">securityError</prop>
</props>
@ -43,16 +43,10 @@
</property>
</bean>
<bean id="viewResolver" class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.tiles3.TilesView"/>
</bean>
<bean id="tilesConfigurer" class="org.springframework.web.servlet.view.tiles3.TilesConfigurer">
<property name="definitions">
<list>
<value>/WEB-INF/defs/definitions.xml</value>
</list>
</property>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/views/"/>
<property name="suffix" value=".jsp"/>
</bean>
<bean id="localeResolver"