work

Author: thomaswoehlke

src/main/java/org/woehlke/java/simpleworklist/config/WebSecurityConfig.java

@@ -62,7 +62,9 @@ protected void configure(HttpSecurity http) throws Exception {
             .headers()
             .disable()
             .authorizeRequests()
-            .antMatchers(HttpMethod.GET,simpleworklistProperties.getWebSecurity().getAntPatternsPublic())
+            .antMatchers(
+                simpleworklistProperties.getWebSecurity().getAntPatternsPublic()
+            )
             .permitAll()
             .anyRequest()
             .fullyAuthenticated()

src/main/java/org/woehlke/java/simpleworklist/domain/PagesController.java

@@ -21,7 +21,7 @@ public final String renderPageInformation(
     @NotNull @ModelAttribute("userSession") UserSessionBean userSession,
     Locale locale, Model model
   ) {
-    log.info("addNewTaskToInboxGet");
+    log.info("renderPageInformation");
     return "pages/information";
   }
 }

src/main/java/org/woehlke/java/simpleworklist/domain/UserPasswordRecoveryController.java

@@ -1,6 +1,7 @@
 package org.woehlke.java.simpleworklist.domain;
 
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.validation.BindingResult;
@@ -40,6 +41,7 @@ public UserPasswordRecoveryController(UserAccountService userAccountService, Use
      * @param model
      * @return a Formular for entering the email-adress.
      */
+    @PreAuthorize("isAnonymous()")
     @RequestMapping(path="/resetPassword", method = RequestMethod.GET)
     public final String passwordForgottenForm(Model model) {
         UserAccountRegistrationForm userAccountRegistrationForm = new UserAccountRegistrationForm();
@@ -55,6 +57,7 @@ public final String passwordForgottenForm(Model model) {
      * @param model
      * @return info page if without errors or formular again displaying error messages.
      */
+    @PreAuthorize("isAnonymous()")
     @RequestMapping(path="/resetPassword", method = RequestMethod.POST)
     public final String passwordForgottenPost(
         @Valid UserAccountRegistrationForm userAccountRegistrationForm,
@@ -93,6 +96,7 @@ public final String passwordForgottenPost(
      * @param model
      * @return a Formular for entering the new Password.
      */
+    @PreAuthorize("isAnonymous()")
     @RequestMapping(path = "/resetPassword/confirm/{confirmId}", method = RequestMethod.GET)
     public final String enterNewPasswordFormular(
         @PathVariable String confirmId,
@@ -121,6 +125,7 @@ public final String enterNewPasswordFormular(
      * @param model
      * @return Info Page for success or back to formular with error messages.
      */
+    @PreAuthorize("isAnonymous()")
     @RequestMapping(path =  "/resetPassword/confirm/{confirmId}", method = RequestMethod.POST)
     public final String enterNewPasswordPost(
         @Valid UserAccountForm userAccountForm,

src/main/java/org/woehlke/java/simpleworklist/domain/UserRegistrationController.java

@@ -2,6 +2,7 @@
 
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.validation.BindingResult;
@@ -38,6 +39,7 @@ public UserRegistrationController(UserAccountService userAccountService, UserAcc
      * @param model Model
      * @return Formular for entering Email-Address for Registration
      */
+    @PreAuthorize("isAnonymous()")
     @RequestMapping(path = "/", method = RequestMethod.GET)
     public final String registerGet(Model model) {
         log.info("registerGet");
@@ -54,6 +56,7 @@ public final String registerGet(Model model) {
      * @param model Model
      * @return info page at success or return to form with error messages.
      */
+    @PreAuthorize("isAnonymous()")
     @RequestMapping(path = "/", method = RequestMethod.POST)
     public final String registerPost(
             @Valid UserAccountRegistrationForm userAccountRegistrationForm,
@@ -95,6 +98,7 @@ public final String registerPost(
      * @param model Model
      * @return Formular for Entering Account Task or Error Messages.
      */
+    @PreAuthorize("isAnonymous()")
     @RequestMapping(path = "/confirm/{confirmId}", method = RequestMethod.GET)
     public final String registerConfirmGet(
         @PathVariable String confirmId,
@@ -123,6 +127,7 @@ public final String registerConfirmGet(
      * @param model Model
      * @return login page at success or page with error messages.
      */
+    @PreAuthorize("isAnonymous()")
     @RequestMapping(path = "/confirm/{confirmId}", method = RequestMethod.POST)
     public final String registerConfirmPost(
         @PathVariable String confirmId,

src/main/resources/application.yml

@@ -112,6 +112,7 @@ org:
             - "/pages/information"
             - "/pages/information*"
             - "/pages/information/**"
+            - "/pages/**"
             - "/user/login*"
             - "/user/register*"
             - "/user/register/**"