Add CSRD to get operations
parent
9966412705
commit
f2c15d100d
|
@ -0,0 +1,27 @@
|
||||||
|
package com.wisemapping.security;
|
||||||
|
|
||||||
|
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import java.util.Arrays;
|
||||||
|
|
||||||
|
public class CSFRRequestMatcher implements RequestMatcher {
|
||||||
|
|
||||||
|
private String prefix;
|
||||||
|
static String[] supportedMethods = {"POST", "PUT", "GET", "DELETE", "PATCH"};
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean matches(HttpServletRequest request) {
|
||||||
|
final String requestURI = request.getRequestURI();
|
||||||
|
return Arrays.stream(supportedMethods).anyMatch(p -> request.getMethod().toUpperCase().equals(p))
|
||||||
|
&& requestURI.startsWith(prefix);
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getPrefix() {
|
||||||
|
return prefix;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setPrefix(String prefix) {
|
||||||
|
this.prefix = prefix;
|
||||||
|
}
|
||||||
|
}
|
|
@ -42,7 +42,7 @@
|
||||||
<sec:intercept-url pattern="/service/users" method="OPTIONS" access="permitAll"/>
|
<sec:intercept-url pattern="/service/users" method="OPTIONS" access="permitAll"/>
|
||||||
<sec:intercept-url pattern="/service/users/resetPassword" method="OPTIONS" access="permitAll"/>
|
<sec:intercept-url pattern="/service/users/resetPassword" method="OPTIONS" access="permitAll"/>
|
||||||
|
|
||||||
|
|
||||||
<sec:intercept-url pattern="/service/users/" method="POST" access="permitAll"/>
|
<sec:intercept-url pattern="/service/users/" method="POST" access="permitAll"/>
|
||||||
<sec:intercept-url pattern="/service/users/resetPassword" method="PUT" access="permitAll"/>
|
<sec:intercept-url pattern="/service/users/resetPassword" method="PUT" access="permitAll"/>
|
||||||
|
|
||||||
|
@ -62,8 +62,6 @@
|
||||||
<sec:intercept-url pattern="/c/forgot-password-success" access="hasRole('ANONYMOUS')"/>
|
<sec:intercept-url pattern="/c/forgot-password-success" access="hasRole('ANONYMOUS')"/>
|
||||||
|
|
||||||
<sec:intercept-url pattern="/c/**/*" access="isAuthenticated() and hasRole('ROLE_USER')"/>
|
<sec:intercept-url pattern="/c/**/*" access="isAuthenticated() and hasRole('ROLE_USER')"/>
|
||||||
|
|
||||||
<sec:csrf/>
|
|
||||||
<sec:access-denied-handler error-page="/c/login"/>
|
<sec:access-denied-handler error-page="/c/login"/>
|
||||||
<sec:form-login login-page="/c/login"
|
<sec:form-login login-page="/c/login"
|
||||||
authentication-success-handler-ref="authenticationSuccessHandler"
|
authentication-success-handler-ref="authenticationSuccessHandler"
|
||||||
|
@ -74,12 +72,13 @@
|
||||||
<!-- Expire in 28 days -->
|
<!-- Expire in 28 days -->
|
||||||
<sec:remember-me token-validity-seconds="2419200" remember-me-parameter="remember-me"/>
|
<sec:remember-me token-validity-seconds="2419200" remember-me-parameter="remember-me"/>
|
||||||
<sec:logout logout-url="/c/logout" invalidate-session="true" logout-success-url="/c/login"/>
|
<sec:logout logout-url="/c/logout" invalidate-session="true" logout-success-url="/c/login"/>
|
||||||
<sec:csrf token-repository-ref="tokenRepository"/>
|
<sec:csrf request-matcher-ref="requestMatcher"/>
|
||||||
</sec:http>
|
</sec:http>
|
||||||
|
|
||||||
<bean id="tokenRepository"
|
<!-- Extends CFSR check to get methods to have consistency in all errors. Otherwise, request is forward in some cases -->
|
||||||
class="org.springframework.security.web.csrf.CookieCsrfTokenRepository">
|
<bean id="requestMatcher"
|
||||||
<property name="cookieHttpOnly" value="true"/>
|
class="com.wisemapping.security.CSFRRequestMatcher">
|
||||||
|
<property name="prefix" value="/c/restful/"/>
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<import resource="wisemapping-security-${security.type}.xml"/>
|
<import resource="wisemapping-security-${security.type}.xml"/>
|
||||||
|
|
Loading…
Reference in New Issue