Merge pull request #140 from OsiriX-Foundation/fix/configuration_spri…

…ng_mvc_security_resources fix: resources handler spring mvc + configuration echo controller spr…
OsiriX-Foundation · May 5, 2021 · 3a89e41 · 3a89e41
2 parents cf94f33 + 1ffde21
commit 3a89e41
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 28 deletions.
diff --git a/src/main/java/org/karnak/backend/config/SecurityInMemoryConfig.java b/src/main/java/org/karnak/backend/config/SecurityInMemoryConfig.java
@@ -16,6 +16,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Conditional;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -49,6 +50,9 @@ protected void configure(HttpSecurity http) throws Exception {
         // Allows all internal traffic from the Vaadin framework
         .requestMatchers(SecurityUtil::isFrameworkInternalRequest)
         .permitAll()
+        // Allow get echo endpoint
+        .antMatchers(HttpMethod.GET, "/api/echo/destinations")
+        .permitAll()
         // Allows all authenticated traffic
         .antMatchers("/*")
         .hasRole(SecurityRole.ADMIN_ROLE.getType())
@@ -88,19 +92,20 @@ public void configure(WebSecurity web) {
             "/VAADIN/**",
             // the standard favicon URI
             "/favicon.ico",
-            // the robots exclusion standard
-            "/robots.txt",
             // web application manifest
             "/manifest.webmanifest",
             "/sw.js",
             "/offline.html",
             // icons and images
-            "/icons/**",
-            "/images/**",
-            "/styles/**",
-            "/img/**",
+            "/icons/logo**",
+            "/img/karnak.png" // ,
+            // "/img/**" // ,
+            // "/images/**",
+            // "/styles/**",
+            // the robots exclusion standard
+            // "/robots.txt",
             // (development mode) H2 debugging console
-            "/h2-console/**");
+            /*"/h2-console/**"*/ );
   }
 
   @Bean

diff --git a/src/main/java/org/karnak/backend/config/SecurityOpenIdConnectConfig.java b/src/main/java/org/karnak/backend/config/SecurityOpenIdConnectConfig.java
@@ -14,6 +14,7 @@
 import org.karnak.backend.util.SecurityUtil;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -41,6 +42,9 @@ protected void configure(HttpSecurity http) throws Exception {
         // Allows all internal traffic from the Vaadin framework
         .requestMatchers(SecurityUtil::isFrameworkInternalRequest)
         .permitAll()
+        // Allow get echo endpoint
+        .antMatchers(HttpMethod.GET, "/api/echo/destinations")
+        .permitAll()
         // Allows all authenticated traffic
         // .antMatchers("/*").hasAuthority(SecurityRole.ADMIN_ROLE.getType())
         .anyRequest()
@@ -62,18 +66,19 @@ public void configure(WebSecurity web) {
             "/VAADIN/**",
             // the standard favicon URI
             "/favicon.ico",
-            // the robots exclusion standard
-            "/robots.txt",
             // web application manifest
             "/manifest.webmanifest",
             "/sw.js",
             "/offline.html",
             // icons and images
-            "/icons/**",
-            "/images/**",
-            "/styles/**",
-            "/img/**",
+            "/icons/logo**",
+            "/img/karnak.png" // ,
+            // "/img/**" // ,
+            // "/images/**",
+            // "/styles/**",
+            // the robots exclusion standard
+            // "/robots.txt",
             // (development mode) H2 debugging console
-            "/h2-console/**");
+            /* "/h2-console/**" */ );
   }
 }
diff --git a/src/main/java/org/karnak/backend/config/WebConfig.java b/src/main/java/org/karnak/backend/config/WebConfig.java
@@ -9,17 +9,24 @@
  */
 package org.karnak.backend.config;
 
-// import org.springframework.context.annotation.Configuration;
-// import org.springframework.web.servlet.config.annotation.EnableWebMvc;
-// import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
-// import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
-//
-/// ** Configuration for the Spring MVC part */
-// @Configuration
-// @EnableWebMvc
-// public class WebConfig implements WebMvcConfigurer {
-//  @Override
-//  public void addResourceHandlers(ResourceHandlerRegistry registry) {
-//    registry.addResourceHandler("/resources/**");
-//  }
-// }
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+/** Configuration for the Spring MVC part */
+@Configuration
+@EnableWebMvc
+public class WebConfig implements WebMvcConfigurer {
+
+  @Override
+  public void addResourceHandlers(ResourceHandlerRegistry registry) {
+    // resource handler for images and icons
+    registry
+        .addResourceHandler("/img/**")
+        .addResourceLocations("classpath:META-INF/resources/img/");
+    registry
+        .addResourceHandler("/icons/**")
+        .addResourceLocations("classpath:META-INF/resources/icons/");
+  }
+}