working on F008 Add first new Project: broken #103

Author: thomaswoehlke

src/main/java/org/woehlke/simpleworklist/config/di/WebSecurityConfig.java

@@ -76,7 +76,12 @@ protected void configure(HttpSecurity http) throws Exception {
             .logoutUrl(logoutUrl)
             .deleteCookies(cookieNamesToClear)
             .invalidateHttpSession(invalidateHttpSession)
-            .permitAll();
+            .permitAll()
+            .and()
+            .csrf()
+            .and()
+            .exceptionHandling()
+            .accessDeniedPage("/error/error-403");
     }
 
     private final static String loginProcessingUrl =  "/j_spring_security_check";

src/main/resources/templates/error/error-403.html

@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<html>
+<body>
+<h1>(403) Access Denied.</h1>
+<a href="/">Please Return to Startpage</a>
+</body>
+</html>

src/main/resources/templates/project/add.html

@@ -1,67 +1,70 @@
-<!DOCTYPE html>
-<html th:lang="${#locale.language}"
-	  xmlns="http://www.w3.org/1999/xhtml"
-	  xmlns:th="http://www.thymeleaf.org"
-	  xmlns:sec="http://www.thymeleaf.org/extras/spring-security"
-	  xmlns:sd="http://www.thymeleaf.org/spring-data">
-<head th:replace="layout/page :: tw-page-head(headtitle=~{::title},links=~{},refreshMessages=false)">
-	<title th:text="'SimpleWorklist | ' + #{project.add.h1}">Title</title>
-</head>
-<body th:replace="layout/page :: tw-page-body(twcontent=~{::mytwcontent},twtitle=~{::mytwtitle},scripts=~{::script})">
-
-<div th:fragment="mytwtitle">
-	<!-- New Project Form -->
-	<h1>
-		<i class="fas fa-folder-open"></i> &nbsp;
-		<span th:utext="#{project.add.h1}">Add Project</span>
-	</h1>
-</div>
-
-<div th:fragment="mytwcontent">
-	<div>
-	<form id="formId" th:action="@{/project/addchild/{id}(id=${thisProjectId})}" th:object="${project}" method="post">
-		<div class="form-group">
-			<label th:for="${#ids.next('name')}" class="control-label">Name</label>
-			<input type="text" th:field="*{name}" class="form-control" />
-			<div>
-				<div th:each="err : ${#fields.errors('name')}" th:text="${err}" class="alert alert-danger"></div>
-			</div>
-		</div>
-		<div class="form-group">
-			<label th:for="textEditor"  class="control-label">
-				<span th:utext="#{project.add.description}">Description</span>
-			</label>
-			<textarea id="textEditor" name="textEditor" rows="10" cols="50" th:field="*{description}" class="form-control"></textarea>
-			<div>
-				<div th:each="err : ${#fields.errors('description')}" th:text="${err}" class="alert alert-danger"></div>
-			</div>
-		</div>
-		<div class="form-group">
-			<label th:for="${#ids.next('context.id')}" class="control-label">
-				<span th:utext="#{project.edit.context}">Area</span>
-			</label>
-			<select th:field="*{context.id}">
-				<option th:each="areaOption : ${contexts}"
-						th:value="${areaOption.id}"
-						th:text="${locale == 'de' ? areaOption.nameDe : areaOption.nameEn}">Wireframe</option>
-			</select>
-			<div>
-				<div th:each="err : ${#fields.errors('context.id')}" th:text="${err}" class="alert alert-danger"></div>
-			</div>
-		</div>
-		<button id="createNewProject" type="submit" class="btn btn-primary">
-			<i class="fas fa-save"></i>
-			<span th:utext="#{project.add.button}">Add Project</span>
-		</button>
-	</form>
-	</div>
-	<!-- Document Window End -->
-
-</div>
-
-	<script th:src="@{/webjars/ckeditor/4.11.3/full/ckeditor.js}"></script>
-	<script th:inline="javascript">
-		CKEDITOR.replace( 'textEditor' );
-	</script>
-</body>
-</html>
+<!DOCTYPE html>
+<html th:lang="${#locale.language}"
+	  xmlns="http://www.w3.org/1999/xhtml"
+	  xmlns:th="http://www.thymeleaf.org"
+	  xmlns:sec="http://www.thymeleaf.org/extras/spring-security"
+	  xmlns:sd="http://www.thymeleaf.org/spring-data">
+<head th:replace="layout/page :: tw-page-head(headtitle=~{::title},links=~{},refreshMessages=false)">
+	<title th:text="'SimpleWorklist | ' + #{project.add.h1}">Title</title>
+</head>
+<body th:replace="layout/page :: tw-page-body(twcontent=~{::mytwcontent},twtitle=~{::mytwtitle},scripts=~{::script})">
+
+<div th:fragment="mytwtitle">
+	<!-- New Project Form -->
+	<h1>
+		<i class="fas fa-folder-open"></i> &nbsp;
+		<span th:utext="#{project.add.h1}">Add Project</span>
+	</h1>
+</div>
+
+<div th:fragment="mytwcontent">
+	<div>
+	<form id="formId" th:action="@{/project/addchild/{id}(id=${thisProjectId})}" th:object="${project}" method="post">
+		<div class="form-group">
+			<label th:for="${#ids.next('name')}" class="control-label">Name</label>
+			<input type="text" th:field="*{name}" class="form-control" />
+			<div>
+				<div th:each="err : ${#fields.errors('name')}" th:text="${err}" class="alert alert-danger"></div>
+			</div>
+		</div>
+		<div class="form-group">
+			<label th:for="textEditor"  class="control-label">
+				<span th:utext="#{project.add.description}">Description</span>
+			</label>
+			<textarea id="textEditor" name="textEditor" rows="10" cols="50" th:field="*{description}" class="form-control"></textarea>
+			<div>
+				<div th:each="err : ${#fields.errors('description')}" th:text="${err}" class="alert alert-danger"></div>
+			</div>
+		</div>
+		<div class="form-group">
+			<label th:for="${#ids.next('context.id')}" class="control-label">
+				<span th:utext="#{project.edit.context}">Area</span>
+			</label>
+			<select th:field="*{context.id}">
+				<option th:each="areaOption : ${contexts}"
+						th:value="${areaOption.id}"
+						th:text="${locale == 'de' ? areaOption.nameDe : areaOption.nameEn}">Wireframe</option>
+			</select>
+			<div>
+				<div th:each="err : ${#fields.errors('context.id')}" th:text="${err}" class="alert alert-danger"></div>
+			</div>
+		</div>
+        <input type="hidden"
+               name="${_csrf.parameterName}"
+               value="${_csrf.token}"/>
+		<button id="createNewProject" type="submit" class="btn btn-primary">
+			<i class="fas fa-save"></i>
+			<span th:utext="#{project.add.button}">Add Project</span>
+		</button>
+	</form>
+	</div>
+	<!-- Document Window End -->
+
+</div>
+
+	<script th:src="@{/webjars/ckeditor/4.11.3/full/ckeditor.js}"></script>
+	<script th:inline="javascript">
+		CKEDITOR.replace( 'textEditor' );
+	</script>
+</body>
+</html>

src/main/resources/templates/project/edit.html

@@ -1,71 +1,74 @@
-<!DOCTYPE html>
-<html th:lang="${#locale.language}"
-	  xmlns="http://www.w3.org/1999/xhtml"
-	  xmlns:th="http://www.thymeleaf.org"
-	  xmlns:sec="http://www.thymeleaf.org/extras/spring-security"
-	  xmlns:sd="http://www.thymeleaf.org/spring-data">
-<head th:replace="layout/page :: tw-page-head(headtitle=~{::title},links=~{},refreshMessages=false)">
-	<title th:text="'SimpleWorklist | ' + #{project.edit.h1}">Title</title>
-</head>
-<body th:replace="layout/page :: tw-page-body(twcontent=~{::mytwcontent},twtitle=~{::mytwtitle},scripts=~{::script})">
-
-<div th:fragment="mytwtitle">
-	<!-- New Project Form -->
-	<h1>
-		<i class="fas fa-folder-open"></i>
-		<span th:utext="#{project.edit.h1}">Edit Project</span>
-	</h1>
-</div>
-
-<div th:fragment="mytwcontent">
-	<div>
-		<form id="formId" th:action="@{/project/{id}/edit(id=${thisProject.id})}" th:object="${project}" method="post">
-			<div class="form-group">
-				<label th:for="${#ids.next('name')}" class="control-label">Name</label>
-				<input type="text" th:field="*{name}" class="form-control" />
-				<div>
-					<div th:each="err : ${#fields.errors('name')}" th:text="${err}" class="alert alert-danger">
-					</div>
-				</div>
-			</div>
-			<div class="form-group">
-				<label th:for="textEditor" class="control-label">
-					<span th:utext="#{project.add.description}">Description</span>
-				</label>
-				<textarea id="textEditor" name="textEditor" rows="10" cols="50" th:field="*{description}" class="form-control"></textarea>
-				<div>
-					<div th:each="err : ${#fields.errors('description')}" th:text="${err}" class="alert alert-danger">
-					</div>
-				</div>
-			</div>
-			<div>
-				<div class="form-group">
-					<label th:for="${#ids.next('context.id')}" class="control-label">
-						<span th:utext="#{project.edit.context}">Area</span>
-					</label>
-					<select th:field="*{context.id}">
-						<option th:each="context : ${contexts}"
-								th:value="${context.id}"
-								th:text="${locale == 'de' ? context.nameDe : context.nameEn}">Wireframe</option>
-					</select>
-					<div>
-						<div th:each="err : ${#fields.errors('context.id')}" th:text="${err}" class="alert alert-danger"></div>
-					</div>
-				</div>
-			</div>
-			<input type="hidden" th:field="*{id}" />
-			<button id="saveEditedProject" type="submit" class="btn btn-primary">
-				<i class="fas fa-save"></i>
-				<span th:utext="#{project.edit.button}">Save Project</span>
-			</button>
-		</form>
-	</div>
-	<!-- Document Window End -->
-</div>
-
-	<script th:src="@{/webjars/ckeditor/4.11.3/full/ckeditor.js}"></script>
-	<script th:inline="javascript">
-		CKEDITOR.replace( 'textEditor' );
-	</script>
-</body>
-</html>
+<!DOCTYPE html>
+<html th:lang="${#locale.language}"
+	  xmlns="http://www.w3.org/1999/xhtml"
+	  xmlns:th="http://www.thymeleaf.org"
+	  xmlns:sec="http://www.thymeleaf.org/extras/spring-security"
+	  xmlns:sd="http://www.thymeleaf.org/spring-data">
+<head th:replace="layout/page :: tw-page-head(headtitle=~{::title},links=~{},refreshMessages=false)">
+	<title th:text="'SimpleWorklist | ' + #{project.edit.h1}">Title</title>
+</head>
+<body th:replace="layout/page :: tw-page-body(twcontent=~{::mytwcontent},twtitle=~{::mytwtitle},scripts=~{::script})">
+
+<div th:fragment="mytwtitle">
+	<!-- New Project Form -->
+	<h1>
+		<i class="fas fa-folder-open"></i>
+		<span th:utext="#{project.edit.h1}">Edit Project</span>
+	</h1>
+</div>
+
+<div th:fragment="mytwcontent">
+	<div>
+		<form id="formId" th:action="@{/project/{id}/edit(id=${thisProject.id})}" th:object="${project}" method="post">
+			<div class="form-group">
+				<label th:for="${#ids.next('name')}" class="control-label">Name</label>
+				<input type="text" th:field="*{name}" class="form-control" />
+				<div>
+					<div th:each="err : ${#fields.errors('name')}" th:text="${err}" class="alert alert-danger">
+					</div>
+				</div>
+			</div>
+			<div class="form-group">
+				<label th:for="textEditor" class="control-label">
+					<span th:utext="#{project.add.description}">Description</span>
+				</label>
+				<textarea id="textEditor" name="textEditor" rows="10" cols="50" th:field="*{description}" class="form-control"></textarea>
+				<div>
+					<div th:each="err : ${#fields.errors('description')}" th:text="${err}" class="alert alert-danger">
+					</div>
+				</div>
+			</div>
+			<div>
+				<div class="form-group">
+					<label th:for="${#ids.next('context.id')}" class="control-label">
+						<span th:utext="#{project.edit.context}">Area</span>
+					</label>
+					<select th:field="*{context.id}">
+						<option th:each="context : ${contexts}"
+								th:value="${context.id}"
+								th:text="${locale == 'de' ? context.nameDe : context.nameEn}">Wireframe</option>
+					</select>
+					<div>
+						<div th:each="err : ${#fields.errors('context.id')}" th:text="${err}" class="alert alert-danger"></div>
+					</div>
+				</div>
+			</div>
+            <input type="hidden"
+                   name="${_csrf.parameterName}"
+                   value="${_csrf.token}"/>
+			<input type="hidden" th:field="*{id}" />
+			<button id="saveEditedProject" type="submit" class="btn btn-primary">
+				<i class="fas fa-save"></i>
+				<span th:utext="#{project.edit.button}">Save Project</span>
+			</button>
+		</form>
+	</div>
+	<!-- Document Window End -->
+</div>
+
+	<script th:src="@{/webjars/ckeditor/4.11.3/full/ckeditor.js}"></script>
+	<script th:inline="javascript">
+		CKEDITOR.replace( 'textEditor' );
+	</script>
+</body>
+</html>

src/main/resources/templates/task/add.html

@@ -96,6 +96,9 @@ <h1>
 				</div>
 			</span>
 		</div>
+        <input type="hidden"
+               name="${_csrf.parameterName}"
+               value="${_csrf.token}"/>
 		<button id="createNewTask" type="submit" class="btn btn-primary">
 			<i class="fas fa-save"></i>
 			<span th:utext="#{task.add.button}">Add Task</span>