refactor: inline H2_CONSOLE_PAGE and remove Url class.

php-coder · php-coder · commit 859d7985da51 · 2019-06-19T22:17:37.000+01:00
Addressed to #927 No functional changes.
diff --git a/src/main/java/ru/mystamps/web/Url.java b/src/main/java/ru/mystamps/web/Url.java
diff --git a/src/main/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriter.java b/src/main/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriter.java
@@ -19,7 +19,6 @@
 
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.web.header.HeaderWriter;
-import ru.mystamps.web.Url;
 import ru.mystamps.web.feature.collection.CollectionUrl;
 import ru.mystamps.web.feature.series.SeriesUrl;
 
@@ -42,7 +41,8 @@ class ContentSecurityPolicyHeaderWriter implements HeaderWriter {
 	
 	private static final String ADD_IMAGE_PAGE_PATTERN = "/series/(add|\\d+|\\d+/(ask|image))";
 	
-	private static final String H2_CONSOLE_PATTERN = Url.H2_CONSOLE_PAGE + '/';
+	// see also spring.h2.console.path in application-test.properties and SecurityConfig
+	private static final String H2_CONSOLE_PATTERN = "/console/";
 	
 	// default policy prevents loading resources from any source
 	private static final String DEFAULT_SRC = "default-src 'none'";
diff --git a/src/main/java/ru/mystamps/web/support/spring/security/SecurityConfig.java b/src/main/java/ru/mystamps/web/support/spring/security/SecurityConfig.java
@@ -41,7 +41,6 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
-import ru.mystamps.web.Url;
 import ru.mystamps.web.feature.account.AccountUrl;
 import ru.mystamps.web.feature.account.UserService;
 import ru.mystamps.web.feature.category.CategoryUrl;
@@ -133,7 +132,9 @@ protected void configure(HttpSecurity http) throws Exception {
 				.and()
 			.csrf()
 				// Allow unsecured requests to H2 consoles.
-				.ignoringAntMatchers(Url.H2_CONSOLE_PAGE + "/**")
+				// See also spring.h2.console.path in application-test.properties and
+				// ContentSecurityPolicyHeaderWriter.H2_CONSOLE_PATTERN
+				.ignoringAntMatchers("/console/**")
 				.and()
 			.rememberMe()
 				// FIXME: GH #27
diff --git a/src/main/resources/application-test.properties b/src/main/resources/application-test.properties
@@ -7,7 +7,7 @@ spring.datasource.driver-class-name: org.h2.Driver
 spring.datasource.initialize: false
 
 spring.h2.console.enabled: true
-# see also ru.mystamps.web.Url.H2_CONSOLE_PAGE constant
+# see also SecurityConfig and ContentSecurityPolicyHeaderWriter.H2_CONSOLE_PATTERN
 spring.h2.console.path: /console
 security.basic.enabled: false
 # required for using /console with CSP because we have many hashes as a workaround
