Security konfiguriert.

2 years ago · 406331d33e
parent d9333851cf
commit 406331d33e
6 changed files with 210 additions and 212 deletions
--- a/pom.xml
+++ b/pom.xml
@ -116,7 +116,6 @@
 		<dependency>
 		    <groupId>javax.servlet</groupId>
 		    <artifactId>javax.servlet-api</artifactId>
 <!-- 		    <version>4.0.1</version> -->
 		    <scope>provided</scope>
 		</dependency>
@ -163,6 +162,11 @@
 			<artifactId>spring-boot-starter-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-test</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>com.vaadin</groupId>
 			<artifactId>vaadin-testbench</artifactId>
--- a/src/main/java/de/kreth/invoice/config/SecurityUtils.java
+++ b/src/main/java/de/kreth/invoice/config/SecurityUtils.java
@ -11,6 +11,10 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import com.vaadin.flow.shared.ApplicationConstants;
 public class SecurityUtils {
    private SecurityUtils() {
    }
    /**
     * Tests if the request is an internal framework request. The test consists of
     * checking if the request parameter is present and if its value is consistent
--- a/src/main/java/de/kreth/invoice/config/UiSecurityConfig.java
+++ b/src/main/java/de/kreth/invoice/config/UiSecurityConfig.java
@ -47,12 +47,10 @@ public class UiSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
 	@Override
 	public void configure(HttpSecurity http) throws Exception {
 		super.configure(http);
-	http.cors().disable()
+		http.cors().disable().csrf().disable().anonymous().disable().sessionManagement()
-		.csrf().disable()
+				.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and().authorizeRequests()
-		.anonymous().disable()
+				.requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll().anyRequest()
-		.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and()
+				.hasAnyRole("admin", "INVOICE_USER");
 		.authorizeRequests().requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll()
 		.anyRequest().hasAnyRole("ROLE_trainer", "ROLE_admin");
 	}
 	@Override
--- a/src/main/java/de/kreth/invoice/views/View.java
+++ b/src/main/java/de/kreth/invoice/views/View.java
@ -5,7 +5,6 @@ import java.util.Iterator;
 import java.util.List;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import com.vaadin.flow.component.ClickEvent;
 import com.vaadin.flow.component.Text;
@ -42,7 +41,6 @@ import de.kreth.invoice.views.user.UserDetailsDialog;
@PageTitle("")
@Route(value = "")
@PreAuthorize("hasRole('INVOICE_USER')")
 public class View extends VerticalLayout implements BeforeEnterObserver {
    private static final long serialVersionUID = 1L;
--- a/src/main/java/de/kreth/invoice/views/user/UserDetailsDialog.java
+++ b/src/main/java/de/kreth/invoice/views/user/UserDetailsDialog.java
@ -88,15 +88,13 @@ public class UserDetailsDialog extends Dialog {
 		bankName = new TextField();
 		bankName.setLabel("Name der Bank");
-	bankBinder.forField(bankName)
+		bankBinder.forField(bankName).asRequired("Der BankName darf nicht leer sein.").bind(UserBank::getBankName,
-		.asRequired("Der BankName darf nicht leer sein.")
+				UserBank::setBankName);
 		.bind(UserBank::getBankName, UserBank::setBankName);
 		iban = new TextField();
 		iban.setLabel("IBAN");
-	bankBinder.forField(iban)
+		bankBinder.forField(iban).asRequired("Die IBAN darf nicht leer sein.").bind(UserBank::getIban,
-		.asRequired("Die IBAN darf nicht leer sein.")
+				UserBank::setIban);
 		.bind(UserBank::getIban, UserBank::setIban);
 		bic = new TextField();
 		bic.setLabel("BIC");
@ -104,26 +102,22 @@ public class UserDetailsDialog extends Dialog {
 		adress1 = new TextField();
 		adress1.setLabel("Straße");
-	adressBinder.forField(adress1)
+		adressBinder.forField(adress1).asRequired("Die Straße muss angegeben sein.").bind(UserAdress::getAdress1,
-		.asRequired("Die Straße muss angegeben sein.")
+				UserAdress::setAdress1);
 		.bind(UserAdress::getAdress1, UserAdress::setAdress1);
 		adress2 = new TextField();
 		adress2.setLabel("Adresszusatz");
-	adressBinder.forField(adress2)
+		adressBinder.forField(adress2).bind(UserAdress::getAdress2, UserAdress::setAdress2);
 		.bind(UserAdress::getAdress2, UserAdress::setAdress2);
 		zipCode = new TextField();
 		zipCode.setLabel("Postleitzahl");
-	adressBinder.forField(zipCode)
+		adressBinder.forField(zipCode).asRequired("Die Postleitzahl muss angegeben sein.").bind(UserAdress::getZip,
-		.asRequired("Die Postleitzahl muss angegeben sein.")
+				UserAdress::setZip);
 		.bind(UserAdress::getZip, UserAdress::setZip);
 		city = new TextField();
 		city.setLabel("Ort");
-	adressBinder.forField(city)
+		adressBinder.forField(city).asRequired("Der Ort muss angegeben sein.").bind(UserAdress::getCity,
-		.asRequired("Der Ort muss angegeben sein.")
+				UserAdress::setCity);
 		.bind(UserAdress::getCity, UserAdress::setCity);
 		signatureImage = new Image();
 		signatureImage.setAlt("Keine Unterschrift konfiguriert");