fixed WebSecurityConfiguration.java and a missing /admin/ redirection…

… in collections.html
szabodanika · Mar 31, 2022 · 954ece2 · 954ece2
1 parent 5530b7f
commit 954ece2
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 38 deletions.
diff --git a/...c/main/java/uk/ac/uws/danielszabo/automodera/common/web/gui/WebSecurityConfiguration.java b/...c/main/java/uk/ac/uws/danielszabo/automodera/common/web/gui/WebSecurityConfiguration.java
@@ -42,28 +42,28 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
   private final Environment env;
 
   public WebSecurityConfiguration(Environment env) {
-    this.env = env;
+	this.env = env;
   }
 
   @Override
   protected void configure(HttpSecurity http) throws Exception {
-    // if web gui is disabled, only allow rest api access
-    if (env.getProperty("webgui.enable").equals("false")) {
-      log.info("Web GUI access DISABLED");
-      http.authorizeRequests()
-          .antMatchers(
-              // allow rest controllers
-              WebPaths.REST_BASE_PATH + "/**")
-          .permitAll()
-          .anyRequest()
-          .authenticated()
-          .and()
-          // custom login page
-          .formLogin()
-          .loginPage("/disabled")
-          .permitAll();
-    } else if (env.getProperty("webgui.enable").equals("true")) {
-      log.info("Web GUI access ENABLED");
+	// if web gui is disabled, only allow rest api access
+	if (env.getProperty("webgui.enable").equals("false")) {
+	  log.info("Web GUI access DISABLED");
+	  http.authorizeRequests()
+		  .antMatchers(
+			  // allow rest controllers
+			  WebPaths.REST_BASE_PATH + "/**")
+		  .permitAll()
+		  .anyRequest()
+		  .authenticated()
+		  .and()
+		  // custom login page
+		  .formLogin()
+		  .loginPage("/disabled")
+		  .permitAll();
+	} else if (env.getProperty("webgui.enable").equals("true")) {
+	  log.info("Web GUI access ENABLED");
       http.csrf()
           .ignoringAntMatchers(
               // don't request csrf token for rest endpoints
@@ -72,7 +72,8 @@ protected void configure(HttpSecurity http) throws Exception {
           .authorizeRequests()
           .antMatchers(
               // allow rest controllers
-              WebPaths.REST_BASE_PATH + "/**")
+              WebPaths.REST_BASE_PATH + "/**",
+			  WebPaths.GUI_BASE_PATH + "/**")
           .permitAll()
           .and()
           .authorizeRequests()
@@ -90,20 +91,9 @@ protected void configure(HttpSecurity http) throws Exception {
           .antMatchers(
               // allow only whitelisted ip addresses
               WebPaths.GUI_BASE_PATH + "/**")
-          .access(
-              "isAuthenticated() and "
-                  + Arrays.stream(env.getProperty("webgui.whitelist").split(";"))
-                      .map(ip -> "hasIpAddress('" + ip + "')")
-                      .collect(Collectors.joining(" or ")))
+		  .authenticated()
           .and()
           // custom login page
-          .authorizeRequests()
-          .anyRequest()
-          .access(
-              Arrays.stream(env.getProperty("webgui.whitelist").split(";"))
-                  .map(ip -> "hasIpAddress('" + ip + "')")
-                  .collect(Collectors.joining(" or ")))
-          .and()
           .formLogin()
           .loginPage("/admin/login")
           .loginProcessingUrl("/admin/login")
@@ -114,14 +104,14 @@ protected void configure(HttpSecurity http) throws Exception {
           .logoutUrl("/admin/logout")
           .logoutSuccessUrl("/admin/login")
           .permitAll();
-    }
+	}
   }
 
   @Override
   public void configure(AuthenticationManagerBuilder auth) throws Exception {
-    auth.inMemoryAuthentication()
-        .withUser(env.getProperty("webgui.admin.username"))
-        .password("{noop}" + env.getProperty("webgui.admin.password"))
-        .roles("ADMIN");
+	auth.inMemoryAuthentication()
+		.withUser(env.getProperty("webgui.admin.username"))
+		.password("{noop}" + env.getProperty("webgui.admin.password"))
+		.roles("ADMIN");
   }
 }
diff --git a/integrator/src/main/resources/templates/collections.html b/integrator/src/main/resources/templates/collections.html
@@ -75,7 +75,7 @@ <h5 class="mb-3">
                 <tr>
                     <td>
                         <a th:text="${collection.id}"
-                           th:href="${'/collection?nodeId=' + node.id +
+                           th:href="${'/admin/collection?nodeId=' + node.id +
                            '&collectionId=' + collection.id}"></a>
                     </td>
                     <td th:text="${collection.name}"></td>
@@ -84,7 +84,7 @@ <h5 class="mb-3">
                     <td>
                         <th:block th:each="topic, i : ${collection.topicList}">
                             <a th:text="${topic}"
-                               th:href="${'/topic?topic=' + topic}"></a>
+                               th:href="${'/admin/topic?topic=' + topic}"></a>
                         </th:block>
                     </td>
                 </tr>