fixed configuration controller bug

rest-api/src/main/java/lcsb/mapviewer/api/configuration/ConfigurationController.java

@@ -4,6 +4,7 @@ import java.io.IOException;
 import java.util.List;
 import java.util.Map;
 import java.util.TreeMap;
+import java.util.stream.Collectors;
 
 import javax.servlet.ServletContext;
 
@@ -60,16 +61,10 @@ public class ConfigurationController extends BaseController {
 
   @GetMapping(value = "/options/")
   public List<Map<String, Object>> getOptions(Authentication authentication) {
-
     boolean isAdmin = authentication.getAuthorities().contains((GrantedAuthority) () -> "IS_ADMIN");
-    List<Map<String, Object>> options = configurationController.getAllValues();
-    for (Map option : options) {
-      if ((Boolean) option.get("isServerSide") || !isAdmin) {
-        options.remove(option);
-      }
-    }
-
-    return configurationController.getAllValues();
+    return configurationController.getAllValues().stream()
+        .filter(option -> !(Boolean) option.get("isServerSide") || isAdmin)
+        .collect(Collectors.toList());
   }
 
   @PreAuthorize("hasAuthority('IS_ADMIN')")

web/src/main/java/lcsb/mapviewer/web/config/SpringSecurityConfig.java

@@ -4,6 +4,7 @@ import javax.transaction.Transactional;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.*;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
@@ -82,7 +83,7 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
         .sessionManagement()
         .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
         .and()
-        .anonymous()
+        .anonymous().principal(lcsb.mapviewer.common.Configuration.ANONYMOUS_LOGIN)
         .and()
         .exceptionHandling()
         .authenticationEntryPoint(new Http403ForbiddenEntryPoint())
@@ -100,9 +101,10 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
         .deleteCookies(lcsb.mapviewer.common.Configuration.AUTH_TOKEN)
         .and()
         .authorizeRequests()
-        .antMatchers("/api/minervanet/submitError").permitAll()
-        .antMatchers("/api/convert/**").permitAll()
-        .antMatchers("/api/plugins/**").permitAll()
+        .antMatchers("/minervanet/submitError").permitAll()
+        .antMatchers("/convert/**").permitAll()
+        .antMatchers("/plugins/**").permitAll()
+        .antMatchers("/configuration/").permitAll()
         .anyRequest().authenticated()
         .and()
         .headers()

web/src/test/java/lcsb/mapviewer/web/ConfigurationControllerIntegrationTest.java

@@ -64,7 +64,7 @@ public class ConfigurationControllerIntegrationTest extends ControllerIntegratio
   }
 
   @Test
-  public void accessConfigurtionAsAnonymous() throws Exception {
+  public void accessConfigurationAsAnonymous() throws Exception {
     RequestBuilder request = get("/configuration/");
 
     mockMvc.perform(request)