Security konfiguriert.

2 years ago · 406331d33e
parent d9333851cf
commit 406331d33e
6 changed files with 210 additions and 212 deletions
--- a/pom.xml
+++ b/pom.xml
@ -116,7 +116,6 @@
 		<dependency>
 		    <groupId>javax.servlet</groupId>
 		    <artifactId>javax.servlet-api</artifactId>
-<!-- 		    <version>4.0.1</version> -->
 		    <scope>provided</scope>
 		</dependency>

@ -163,6 +162,11 @@
 			<artifactId>spring-boot-starter-test</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-test</artifactId>
+			<scope>test</scope>
+		</dependency>
 		<dependency>
 			<groupId>com.vaadin</groupId>
 			<artifactId>vaadin-testbench</artifactId>
--- a/src/main/java/de/kreth/invoice/config/SecurityUtils.java
+++ b/src/main/java/de/kreth/invoice/config/SecurityUtils.java
@ -11,6 +11,10 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import com.vaadin.flow.shared.ApplicationConstants;

 public class SecurityUtils {
+
+    private SecurityUtils() {
+    }
+
    /**
     * Tests if the request is an internal framework request. The test consists of
     * checking if the request parameter is present and if its value is consistent
--- a/src/main/java/de/kreth/invoice/config/UiSecurityConfig.java
+++ b/src/main/java/de/kreth/invoice/config/UiSecurityConfig.java
@ -47,12 +47,10 @@ public class UiSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
 	@Override
 	public void configure(HttpSecurity http) throws Exception {
 		super.configure(http);
-	http.cors().disable()
-		.csrf().disable()
-		.anonymous().disable()
-		.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and()
-		.authorizeRequests().requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll()
-		.anyRequest().hasAnyRole("ROLE_trainer", "ROLE_admin");
+		http.cors().disable().csrf().disable().anonymous().disable().sessionManagement()
+				.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and().authorizeRequests()
+				.requestMatchers(SecurityUtils::isFrameworkInternalRequest).permitAll().anyRequest()
+				.hasAnyRole("admin", "INVOICE_USER");
 	}

 	@Override
--- a/src/main/java/de/kreth/invoice/views/View.java
+++ b/src/main/java/de/kreth/invoice/views/View.java
@ -5,7 +5,6 @@ import java.util.Iterator;
 import java.util.List;

 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.access.prepost.PreAuthorize;

 import com.vaadin.flow.component.ClickEvent;
 import com.vaadin.flow.component.Text;
@ -42,7 +41,6 @@ import de.kreth.invoice.views.user.UserDetailsDialog;

@PageTitle("")
@Route(value = "")
-@PreAuthorize("hasRole('INVOICE_USER')")
 public class View extends VerticalLayout implements BeforeEnterObserver {

    private static final long serialVersionUID = 1L;
--- a/src/main/java/de/kreth/invoice/views/user/UserDetailsDialog.java
+++ b/src/main/java/de/kreth/invoice/views/user/UserDetailsDialog.java
@ -88,15 +88,13 @@ public class UserDetailsDialog extends Dialog {

 		bankName = new TextField();
 		bankName.setLabel("Name der Bank");
-	bankBinder.forField(bankName)
-		.asRequired("Der BankName darf nicht leer sein.")
-		.bind(UserBank::getBankName, UserBank::setBankName);
+		bankBinder.forField(bankName).asRequired("Der BankName darf nicht leer sein.").bind(UserBank::getBankName,
+				UserBank::setBankName);

 		iban = new TextField();
 		iban.setLabel("IBAN");
-	bankBinder.forField(iban)
-		.asRequired("Die IBAN darf nicht leer sein.")
-		.bind(UserBank::getIban, UserBank::setIban);
+		bankBinder.forField(iban).asRequired("Die IBAN darf nicht leer sein.").bind(UserBank::getIban,
+				UserBank::setIban);

 		bic = new TextField();
 		bic.setLabel("BIC");
@ -104,26 +102,22 @@ public class UserDetailsDialog extends Dialog {

 		adress1 = new TextField();
 		adress1.setLabel("Straße");
-	adressBinder.forField(adress1)
-		.asRequired("Die Straße muss angegeben sein.")
-		.bind(UserAdress::getAdress1, UserAdress::setAdress1);
+		adressBinder.forField(adress1).asRequired("Die Straße muss angegeben sein.").bind(UserAdress::getAdress1,
+				UserAdress::setAdress1);

 		adress2 = new TextField();
 		adress2.setLabel("Adresszusatz");
-	adressBinder.forField(adress2)
-		.bind(UserAdress::getAdress2, UserAdress::setAdress2);
+		adressBinder.forField(adress2).bind(UserAdress::getAdress2, UserAdress::setAdress2);

 		zipCode = new TextField();
 		zipCode.setLabel("Postleitzahl");
-	adressBinder.forField(zipCode)
-		.asRequired("Die Postleitzahl muss angegeben sein.")
-		.bind(UserAdress::getZip, UserAdress::setZip);
+		adressBinder.forField(zipCode).asRequired("Die Postleitzahl muss angegeben sein.").bind(UserAdress::getZip,
+				UserAdress::setZip);

 		city = new TextField();
 		city.setLabel("Ort");
-	adressBinder.forField(city)
-		.asRequired("Der Ort muss angegeben sein.")
-		.bind(UserAdress::getCity, UserAdress::setCity);
+		adressBinder.forField(city).asRequired("Der Ort muss angegeben sein.").bind(UserAdress::getCity,
+				UserAdress::setCity);

 		signatureImage = new Image();
 		signatureImage.setAlt("Keine Unterschrift konfiguriert");