Merge pull request #8 from sberg-net/fix-spring6-secure-config

Fix spring6 secure config
sberg-net · Oct 18, 2023 · 4697fea · 4697fea
2 parents 2eaf6f4 + 6c787db
commit 4697fea
Show file tree

Hide file tree

Showing 12 changed files with 126 additions and 48 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 
+## [0.19.2]
+
+### Fixes
+- Startseite kann nicht aufgerufen werden (thymeleaf template exeception, Änderungen in Version 3.1)
+
 ## [0.19.1]
 
 ### Security

diff --git a/pom.xml b/pom.xml
@@ -10,7 +10,7 @@
     </parent>
     <groupId>net.sberg</groupId>
     <artifactId>openkim</artifactId>
-    <version>0.19.1</version>
+    <version>0.19.2</version>
     <name>openkim</name>
     <description>Open KIM Client Modul </description>
 

diff --git a/src/main/java/net/sberg/openkim/WebMvcConfig.java b/src/main/java/net/sberg/openkim/WebMvcConfig.java
@@ -90,13 +90,7 @@ public ViewResolver viewResolver() {
 
     @Override
     public void addViewControllers(ViewControllerRegistry registry) {
-        registry.addViewController("/").setViewName("minimalkonfiguration/minimalKonfiguration");
-        registry.addViewController("/dashboard").setViewName("dashboard/dashboard");
-        registry.addViewController("/konfiguration").setViewName("konfiguration/konfiguration");
-        registry.addViewController("/pop3log").setViewName("log/pop3log");
-        registry.addViewController("/smtplog").setViewName("log/smtplog");
         registry.addViewController("/login").setViewName("login");
-        registry.addViewController("/pipelineoperationtest").setViewName("pipelineoperationtest/pipelineoperationtest");
     }
 
     @Override

diff --git a/src/main/java/net/sberg/openkim/WebSecurityConfig.java b/src/main/java/net/sberg/openkim/WebSecurityConfig.java
@@ -26,9 +26,12 @@
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
+
+import static org.springframework.security.web.util.matcher.AntPathRequestMatcher.antMatcher;
 
 @EnableWebSecurity
 @Configuration
@@ -51,37 +54,51 @@ public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception {
     @Bean
     public SecurityFilterChain defaultFilterChain(HttpSecurity http) throws Exception {
         http
-                .sessionManagement()
+            .sessionManagement((session) -> session
                 .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
                 .invalidSessionUrl("/login")
-                .and()
-                .csrf()
-                .and()
-                .authorizeHttpRequests((request) -> request
-                        .requestMatchers("/", "/konfiguration/**,", "/minimalkonfiguration/**",
-                                "/openkimkeystore/**", "/konnektor/**", "/log/**", "/pop3log/**", "/smtplog/**",
-                                "/dashboard/**", "/konnvzd/**", "/konnwebservice/**", "/konnntp/**",
-                                "/pipelineoperationtest/**", "/user/**")
-                        .hasAnyRole(EnumAuthRole.ROLE_ADMIN.getSuffix(), EnumAuthRole.ROLE_MONITORING.getSuffix())
-                        .anyRequest().authenticated()
-                )
-                .formLogin((form) -> form
-                        .loginPage("/login")
-                        .permitAll()
-                )
-                .logout((logout) -> logout
-                        .permitAll()
-                        .logoutSuccessUrl("/login"));
+            )
+            .authorizeHttpRequests((resourceRequest) -> resourceRequest
+                .requestMatchers(
+                    antMatcher("/webjars/**"),
+                    antMatcher("/js/**"),
+                    antMatcher("/css/**"),
+                    antMatcher("/img/**"),
+                    antMatcher("/fonts/**"),
+                    antMatcher("/dev/**")
+                ).permitAll()
+            )
+            .authorizeHttpRequests((request) -> request
+                .requestMatchers(
+                    antMatcher("/"),
+                    antMatcher("/konfiguration/**,"),
+                    antMatcher("/minimalkonfiguration/**"),
+                    antMatcher("/openkimkeystore/**"),
+                    antMatcher("/konnektor/**"),
+                    antMatcher("/log/**"),
+                    antMatcher("/pop3log/**"),
+                    antMatcher("/pop3log/**"),
+                    antMatcher("/dashboard/**"),
+                    antMatcher("/konnvzd/**"),
+                    antMatcher("/konnwebservice/**"),
+                    antMatcher("/konnwebservice/**"),
+                    antMatcher("/konnntp/**"),
+                    antMatcher("/pipelineoperationtest/**"),
+                    antMatcher("/user/**"))
+                .hasAnyRole(EnumAuthRole.ROLE_ADMIN.getSuffix(), EnumAuthRole.ROLE_MONITORING.getSuffix())
+                .anyRequest().authenticated()
+            )
+            .formLogin((form) -> form
+                .loginPage("/login")
+                .permitAll()
+            )
+            .logout((logout) -> logout
+                .logoutSuccessUrl("/login")
+                .permitAll()
+            );
         return http.build();
     }
 
-    // ignore resource paths and /dev/* in spring secure to have access without rules
-    @Bean
-    public WebSecurityCustomizer webSecurityCustomizer() {
-        return (web) -> web.ignoring().requestMatchers("/webjars/**", "/js/**", "/css/**",
-                "/img/**", "/fonts/**", "/dev/**");
-    }
-
     @Autowired
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
         auth.userDetailsService(userService.create());

diff --git a/src/main/java/net/sberg/openkim/common/GlobalController.java b/src/main/java/net/sberg/openkim/common/GlobalController.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2023 sberg it-systeme GmbH
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved
+ * by the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ *
+ * http://ec.europa.eu/idabc/eupl
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ */
+package net.sberg.openkim.common;
+
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.ModelAttribute;
+
+@ControllerAdvice
+public class GlobalController {
+    @ModelAttribute("requestPath")
+    String getRequestServletPath(HttpServletRequest request) {
+        return request.getServletPath();
+    }
+}
diff --git a/src/main/java/net/sberg/openkim/dashboard/DashboardController.java b/src/main/java/net/sberg/openkim/dashboard/DashboardController.java
@@ -31,7 +31,6 @@
 import org.springframework.web.bind.annotation.ResponseStatus;
 
 import java.util.ArrayList;
-import java.util.Iterator;
 import java.util.List;
 
 @Controller
@@ -42,14 +41,19 @@ public class DashboardController {
     @Autowired
     private KonfigurationService konfigurationService;
 
+    @RequestMapping(value = "/dashboard", method = RequestMethod.GET)
+    @ResponseStatus(value = HttpStatus.OK)
+    public String entryPoint() throws Exception {
+        return "dashboard/dashboard";
+    }
+
     @RequestMapping(value = "/dashboard/uebersicht", method = RequestMethod.GET)
     @ResponseStatus(value = HttpStatus.OK)
     public String execute(Model model) throws Exception {
         Konfiguration konfiguration = konfigurationService.getKonfiguration();
         List<KonnektorMonitoringResult> result = new ArrayList<>();
         try {
-            for (Iterator<Konnektor> iterator = konfiguration.getKonnektoren().iterator(); iterator.hasNext(); ) {
-                Konnektor konnektor = iterator.next();
+            for (Konnektor konnektor : konfiguration.getKonnektoren()) {
                 result.add(konnektor.getKonnektorMonitoringResult());
             }
             model.addAttribute("fehler", false);
@@ -72,11 +76,10 @@ public boolean executeRefresh() throws Exception {
     @RequestMapping(value = "/api/dashboard/uebersicht", method = RequestMethod.GET)
     @ResponseStatus(value = HttpStatus.OK)
     @ResponseBody
-    public List apiExecute() throws Exception {
+    public List<KonnektorMonitoringResult> apiExecute() throws Exception {
         Konfiguration konfiguration = konfigurationService.getKonfiguration();
         List<KonnektorMonitoringResult> result = new ArrayList<>();
-        for (Iterator<Konnektor> iterator = konfiguration.getKonnektoren().iterator(); iterator.hasNext(); ) {
-            Konnektor konnektor = iterator.next();
+        for (Konnektor konnektor : konfiguration.getKonnektoren()) {
             result.add(konnektor.getKonnektorMonitoringResult());
         }
         return result;

diff --git a/src/main/java/net/sberg/openkim/konfiguration/KonfigurationController.java b/src/main/java/net/sberg/openkim/konfiguration/KonfigurationController.java
@@ -45,6 +45,12 @@ public class KonfigurationController extends AbstractWebController {
     @Autowired
     private ServerStateService serverStateService;
 
+    @RequestMapping(value = "/konfiguration", method = RequestMethod.GET)
+    @ResponseStatus(value = HttpStatus.OK)
+    public String entryPoint() throws Exception {
+        return "konfiguration/konfiguration";
+    }
+
     @RequestMapping(value = "/konfiguration/init/dev", method = RequestMethod.GET)
     @ResponseStatus(value = HttpStatus.OK)
     @ResponseBody

diff --git a/src/main/java/net/sberg/openkim/konfiguration/minimal/MinimalKonfigurationController.java b/src/main/java/net/sberg/openkim/konfiguration/minimal/MinimalKonfigurationController.java
@@ -39,6 +39,12 @@ public class MinimalKonfigurationController extends AbstractWebController {
     @Autowired
     private KonfigurationService konfigurationService;
 
+    @RequestMapping(value = "/", method = RequestMethod.GET)
+    @ResponseStatus(value = HttpStatus.OK)
+    public String entryPoint() throws Exception {
+        return "minimalkonfiguration/minimalKonfiguration";
+    }
+
     @RequestMapping(value = "/minimalkonfiguration/lade", method = RequestMethod.GET)
     @ResponseStatus(value = HttpStatus.OK)
     public String lade(Model model) throws Exception {

diff --git a/src/main/java/net/sberg/openkim/log/LogController.java b/src/main/java/net/sberg/openkim/log/LogController.java
@@ -34,6 +34,18 @@ public class LogController extends AbstractWebController {
     @Autowired
     private LogService logService;
 
+    @RequestMapping(value = "/pop3log", method = RequestMethod.GET)
+    @ResponseStatus(value = HttpStatus.OK)
+    public String entryPointPop3() throws Exception {
+        return "log/pop3log";
+    }
+
+    @RequestMapping(value = "/smtplog", method = RequestMethod.GET)
+    @ResponseStatus(value = HttpStatus.OK)
+    public String entryPointSmtp() throws Exception {
+        return "log/smtplog";
+    }
+
     @RequestMapping(value = "/log/uebersicht/{typ}", method = RequestMethod.GET)
     @ResponseStatus(value = HttpStatus.OK)
     public String uebersicht(Model model, @PathVariable EnumLogTyp typ) throws Exception {

diff --git a/src/main/java/net/sberg/openkim/pipeline/operation/test/PipelineOperationTestController.java b/src/main/java/net/sberg/openkim/pipeline/operation/test/PipelineOperationTestController.java
@@ -48,6 +48,12 @@ public class PipelineOperationTestController {
     @Autowired
     private KonfigurationService konfigurationService;
 
+    @RequestMapping(value = "/pipelineoperationtest", method = RequestMethod.GET)
+    @ResponseStatus(value = HttpStatus.OK)
+    public String entryPoint() throws Exception {
+        return "pipelineoperationtest/pipelineoperationtest";
+    }
+
     @RequestMapping(value = "/pipelineoperationtest/uebersicht", method = RequestMethod.GET)
     @ResponseStatus(value = HttpStatus.OK)
     public String uebersicht(Model model) throws Exception {

diff --git a/src/main/resources/templates/dashboard/dashboard.html b/src/main/resources/templates/dashboard/dashboard.html
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML>
-<html xmlns:th="http://www.thymeleaf.org">
+<html xmlns:th="http://www.thymeleaf.org" lang="de">
 <head>
     <meta charset="UTF-8"/>
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">

diff --git a/src/main/resources/templates/fragments/menue.html b/src/main/resources/templates/fragments/menue.html
@@ -13,55 +13,55 @@
                 <ul class="nav flex-column">
                     <li class="nav-item" sec:authorize="hasAnyRole('ADMIN','MONITORING')">
                         <a class="nav-link"
-                           th:classappend="${#ctx.springRequestContext.requestUri.endsWith('/') ? 'active':''}"
+                           th:classappend="${requestPath.endsWith('/') ? 'active':''}"
                            th:href="@{/}">
                             <span data-feather="settings"></span>
                             Minimale Konfiguration
                         </a>
                     </li>
                     <li class="nav-item" sec:authorize="hasAnyRole('ADMIN','MONITORING')">
                         <a class="nav-link"
-                           th:classappend="${#ctx.springRequestContext.requestUri.endsWith('/dashboard') ? 'active':''}"
+                           th:classappend="${requestPath.endsWith('/dashboard') ? 'active':''}"
                            th:href="@{/dashboard}">
                             <span data-feather="activity"></span>
                             Dashboard
                         </a>
                     </li>
                     <li class="nav-item" sec:authorize="hasAnyRole('ADMIN')">
                       <a class="nav-link"
-                         th:classappend="${#ctx.springRequestContext.requestUri.endsWith('/user/settings') ? 'active':''}"
+                         th:classappend="${requestPath.endsWith('/user/settings') ? 'active':''}"
                          th:href="@{/user/settings}">
                         <span data-feather="user"></span>
                         Benutzereinstellungen
                       </a>
                     </li>
                     <li class="nav-item" sec:authorize="hasRole('ADMIN')">
                         <a class="nav-link"
-                           th:classappend="${#ctx.springRequestContext.requestUri.endsWith('/konfiguration') ? 'active':''}"
+                           th:classappend="${requestPath.endsWith('/konfiguration') ? 'active':''}"
                            th:href="@{/konfiguration}">
                             <span data-feather="settings"></span>
                             Konfiguration
                         </a>
                     </li>
                     <li class="nav-item" sec:authorize="hasRole('ADMIN')">
                         <a class="nav-link"
-                           th:classappend="${#ctx.springRequestContext.requestUri.endsWith('/pop3log') ? 'active':''}"
+                           th:classappend="${requestPath.endsWith('/pop3log') ? 'active':''}"
                            th:href="@{/pop3log}">
                             <span data-feather="info"></span>
                             POP3 Gateway Logs
                         </a>
                     </li>
                     <li class="nav-item" sec:authorize="hasRole('ADMIN')">
                         <a class="nav-link"
-                           th:classappend="${#ctx.springRequestContext.requestUri.endsWith('/smtplog') ? 'active':''}"
+                           th:classappend="${requestPath.endsWith('/smtplog') ? 'active':''}"
                            th:href="@{/smtplog}">
                             <span data-feather="info"></span>
                             SMTP Gateway Logs
                         </a>
                     </li>
                     <li class="nav-item" sec:authorize="hasRole('ADMIN')">
                       <a class="nav-link"
-                         th:classappend="${#ctx.springRequestContext.requestUri.endsWith('/pipelineoperationtest') ? 'active':''}"
+                         th:classappend="${requestPath.endsWith('/pipelineoperationtest') ? 'active':''}"
                          th:href="@{/pipelineoperationtest}">
                         <span data-feather="info"></span>
                         Test der Pipeline-Operationen