javier/Stirling-PDF
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

redact stuff, login page, lang and remember me

Browse Source
This commit is contained in:
Anthony Stirling
2023-08-25 23:39:18 +01:00
parent cd0e1a3962
commit 41bd801e0d
12 changed files with 324 additions and 209 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/stirling/software/SPDF/config/CleanUrlInterceptor.java
View File

@@ -24,7 +24,7 @@ import org.springframework.web.servlet.ModelAndView;
public class CleanUrlInterceptor implements HandlerInterceptor {
private static final List<String> ALLOWED_PARAMS = Arrays.asList("lang", "endpoint", "endpoints", "logout", "error");
private static final List<String> ALLOWED_PARAMS = Arrays.asList("lang", "endpoint", "endpoints", "logout", "error", "file");
@Override
@@ -40,11 +40,9 @@ public class CleanUrlInterceptor implements HandlerInterceptor {
String[] queryParameters = queryString.split("&");
for (String param : queryParameters) {
String[] keyValue = param.split("=");
System.out.print("astirli " + keyValue[0]);
if (keyValue.length != 2) {
continue;
}
System.out.print("astirli2 " + keyValue[0]);
if (ALLOWED_PARAMS.contains(keyValue[0])) {
parameters.put(keyValue[0], keyValue[1]);

22
src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
View File

@@ -15,7 +15,11 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import stirling.software.SPDF.repository.JPATokenRepositoryImpl;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
@Configuration
public class SecurityConfiguration {
@@ -43,7 +47,7 @@ public class SecurityConfiguration {
if(loginEnabledValue) {
http.csrf().disable();
http.csrf(csrf -> csrf.disable());
http
.formLogin(formLogin -> formLogin
.loginPage("/login")
@@ -55,8 +59,12 @@ public class SecurityConfiguration {
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout=true")
.invalidateHttpSession(true) // Invalidate session
.deleteCookies("JSESSIONID")
)
.deleteCookies("JSESSIONID", "remember-me")
).rememberMe(rememberMeConfigurer -> rememberMeConfigurer // Use the configurator directly
.key("uniqueAndSecret")
.tokenRepository(persistentTokenRepository())
.tokenValiditySeconds(1209600) // 2 weeks
)
.authorizeHttpRequests(authz -> authz
.requestMatchers(req -> req.getRequestURI().startsWith("/login") || req.getRequestURI().endsWith(".svg") || req.getRequestURI().startsWith("/register") || req.getRequestURI().startsWith("/error") || req.getRequestURI().startsWith("/images/") || req.getRequestURI().startsWith("/public/") || req.getRequestURI().startsWith("/css/") || req.getRequestURI().startsWith("/js/"))
.permitAll()
@@ -65,8 +73,7 @@ public class SecurityConfiguration {
.userDetailsService(userDetailsService)
.authenticationProvider(authenticationProvider());
} else {
http
.csrf().disable()
http.csrf(csrf -> csrf.disable())
.authorizeHttpRequests(authz -> authz
.anyRequest().permitAll()
);
@@ -84,7 +91,12 @@ public class SecurityConfiguration {
return authProvider;
}
@Bean
public PersistentTokenRepository persistentTokenRepository() {
return new JPATokenRepositoryImpl();
}
}