Commit 6fa65074 authored by Sascha Herzinger's avatar Sascha Herzinger
Browse files

fixed configuration controller bug

parent 5fbb906d
......@@ -4,6 +4,7 @@ import java.io.IOException;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.stream.Collectors;
import javax.servlet.ServletContext;
......@@ -60,16 +61,10 @@ public class ConfigurationController extends BaseController {
@GetMapping(value = "/options/")
public List<Map<String, Object>> getOptions(Authentication authentication) {
boolean isAdmin = authentication.getAuthorities().contains((GrantedAuthority) () -> "IS_ADMIN");
List<Map<String, Object>> options = configurationController.getAllValues();
for (Map option : options) {
if ((Boolean) option.get("isServerSide") || !isAdmin) {
options.remove(option);
}
}
return configurationController.getAllValues();
return configurationController.getAllValues().stream()
.filter(option -> !(Boolean) option.get("isServerSide") || isAdmin)
.collect(Collectors.toList());
}
@PreAuthorize("hasAuthority('IS_ADMIN')")
......
......@@ -4,6 +4,7 @@ import javax.transaction.Transactional;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.*;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
......@@ -82,7 +83,7 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.anonymous()
.anonymous().principal(lcsb.mapviewer.common.Configuration.ANONYMOUS_LOGIN)
.and()
.exceptionHandling()
.authenticationEntryPoint(new Http403ForbiddenEntryPoint())
......@@ -100,9 +101,10 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
.deleteCookies(lcsb.mapviewer.common.Configuration.AUTH_TOKEN)
.and()
.authorizeRequests()
.antMatchers("/api/minervanet/submitError").permitAll()
.antMatchers("/api/convert/**").permitAll()
.antMatchers("/api/plugins/**").permitAll()
.antMatchers("/minervanet/submitError").permitAll()
.antMatchers("/convert/**").permitAll()
.antMatchers("/plugins/**").permitAll()
.antMatchers("/configuration/").permitAll()
.anyRequest().authenticated()
.and()
.headers()
......
......@@ -64,7 +64,7 @@ public class ConfigurationControllerIntegrationTest extends ControllerIntegratio
}
@Test
public void accessConfigurtionAsAnonymous() throws Exception {
public void accessConfigurationAsAnonymous() throws Exception {
RequestBuilder request = get("/configuration/");
mockMvc.perform(request)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment