Security fixed

droodev · droodev · commit 8dc512c50820 · 2015-10-28T07:37:07.000+01:00
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
@@ -1,49 +1,80 @@
 <web-app xmlns="http://java.sun.com/xml/ns/javaee" version="2.5">
-    <filter>
-        <filter-name>CorsFilter</filter-name>
-        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
-        <init-param>
-            <param-name>cors.allowed.headers</param-name>
-            <param-value>Accept,Accept-Encoding,Accept-Language,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization,Connection,Content-Type,Host,Origin,Referer,Token-Id,User-Agent, X-Requested-With</param-value>
-        </init-param>
-        <init-param>
-            <param-name>cors.allowed.origins</param-name>
-            <param-value>*</param-value>
-        </init-param>
-        <init-param>
-            <param-name>cors.allowed.methods</param-name>
-            <param-value>GET, POST, PUT, DELETE, OPTIONS, HEAD</param-value>
-        </init-param>
-        <init-param>
-            <param-name>cors.support.credentials</param-name>
-            <param-value>true</param-value>
-        </init-param>
-    </filter>
-    <filter-mapping>
-        <filter-name>CorsFilter</filter-name>
-        <url-pattern>/rest/*</url-pattern>
-    </filter-mapping>
+  <filter>
+    <filter-name>CorsFilter</filter-name>
+    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
+    <init-param>
+      <param-name>cors.allowed.headers</param-name>
+      <param-value>
+        Accept,Accept-Encoding,Accept-Language,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization,Connection,Content-Type,Host,Origin,Referer,Token-Id,User-Agent,
+        X-Requested-With
+      </param-value>
+    </init-param>
+    <init-param>
+      <param-name>cors.allowed.origins</param-name>
+      <param-value>*</param-value>
+    </init-param>
+    <init-param>
+      <param-name>cors.allowed.methods</param-name>
+      <param-value>GET, POST, PUT, DELETE, OPTIONS, HEAD</param-value>
+    </init-param>
+    <init-param>
+      <param-name>cors.support.credentials</param-name>
+      <param-value>true</param-value>
+    </init-param>
+  </filter>
+  <filter-mapping>
+    <filter-name>CorsFilter</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
 
-    <security-constraint>
-        <web-resource-collection>
-            <web-resource-name>whole_app</web-resource-name>
-            <url-pattern>/*</url-pattern>
-            <http-method>GET</http-method>
-            <http-method>POST</http-method>
-            <http-method>PUT</http-method>
-            <http-method>DELETE</http-method>
-        </web-resource-collection>
-        <auth-constraint>
-            <role-name>adminRole</role-name>
-        </auth-constraint>
-        <user-data-constraint>
-            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
-        </user-data-constraint>
-    </security-constraint>
-    <login-config>
-        <auth-method>BASIC</auth-method>
-    </login-config>
-    <security-role>
-        <role-name>adminRole</role-name>
-    </security-role>
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>restAdding</web-resource-name>
+      <url-pattern>/rest/papers/*</url-pattern>
+      <http-method>GET</http-method>
+      <http-method>POST</http-method>
+    </web-resource-collection>
+  </security-constraint>
+
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>restJournalsTaking</web-resource-name>
+      <url-pattern>/rest/journals/*</url-pattern>
+      <http-method>GET</http-method>
+    </web-resource-collection>
+  </security-constraint>
+
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>angular</web-resource-name>
+      <url-pattern>/adding.html/*</url-pattern>
+      <url-pattern>/bower_components/*</url-pattern>
+      <url-pattern>/scripts/*</url-pattern>
+      <url-pattern>/views/papers/*</url-pattern>
+      <url-pattern>/styles/*</url-pattern>
+    </web-resource-collection>
+  </security-constraint>
+
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>whole_app</web-resource-name>
+      <url-pattern>/*</url-pattern>
+      <http-method>GET</http-method>
+      <http-method>POST</http-method>
+      <http-method>PUT</http-method>
+      <http-method>DELETE</http-method>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>adminRole</role-name>
+    </auth-constraint>
+    <user-data-constraint>
+      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+    </user-data-constraint>
+  </security-constraint>
+  <login-config>
+    <auth-method>BASIC</auth-method>
+  </login-config>
+  <security-role>
+    <role-name>adminRole</role-name>
+  </security-role>
 </web-app>
diff --git a/src/main/webapp/adding.html b/src/main/webapp/adding.html
@@ -0,0 +1,85 @@
+<!doctype html>
+<html class="no-js">
+  <head>
+    <meta charset="utf-8">
+    <title>CFP</title>
+    <meta name="description" content="">
+    <meta name="viewport" content="width=device-width">
+    <!-- Place favicon.ico and apple-touch-icon.png in the root directory -->
+    <!-- build:css(.) styles/vendor.css -->
+    <!-- bower:css -->
+    <link rel="stylesheet" href="bower_components/bootstrap/dist/css/bootstrap.css" />
+    <link rel="stylesheet" href="bower_components/font-awesome/css/font-awesome.css" />
+    <link rel="stylesheet" href="bower_components/bootstrap-fileinput/css/fileinput.min.css" />
+    <!-- endbower -->
+    <!-- endbuild -->
+    <!-- build:css(.tmp) styles/main.css -->
+    <link rel="stylesheet" href="styles/main.css">
+    <!-- endbuild -->
+    <!--<base href="/">-->
+  </head>
+  <body ng-app="autorAppPapers">
+    <!--[if lt IE 7]>
+      <p class="browsehappy">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your experience.</p>
+    <![endif]-->
+
+    <!-- Add your site or application content here -->
+    <div class="header">
+      <div class="navbar navbar-inverse" role="navigation">
+        <div class="container">
+          <div class="navbar-header">
+          </div>
+        </div>
+      </div>
+    </div>
+
+    <div class="container" style="padding-bottom: 65px;">
+    <div ng-view=""></div>
+    </div>
+
+
+    <div class="navbar-default navbar-fixed-bottom">
+      <div class="container">
+        <p class="navbar-text">AGH</p>
+      </div>
+    </div>
+
+
+    <!-- Google Analytics: change UA-XXXXX-X to be your site's ID -->
+     <script>
+       !function(A,n,g,u,l,a,r){A.GoogleAnalyticsObject=l,A[l]=A[l]||function(){
+       (A[l].q=A[l].q||[]).push(arguments)},A[l].l=+new Date,a=n.createElement(g),
+       r=n.getElementsByTagName(g)[0],a.src=u,r.parentNode.insertBefore(a,r)
+       }(window,document,'script','//www.google-analytics.com/analytics.js','ga');
+
+       ga('create', 'UA-XXXXX-X');
+       ga('send', 'pageview');
+    </script>
+
+    <!-- build:js(.) scripts/vendor.js -->
+    <!-- bower:js -->
+    <script src="bower_components/jquery/dist/jquery.js"></script>
+    <script src="bower_components/angular/angular.js"></script>
+    <script src="bower_components/bootstrap/dist/js/bootstrap.js"></script>
+    <script src="bower_components/angular-animate/angular-animate.js"></script>
+    <script src="bower_components/angular-cookies/angular-cookies.js"></script>
+    <script src="bower_components/angular-resource/angular-resource.js"></script>
+    <script src="bower_components/angular-route/angular-route.js"></script>
+    <script src="bower_components/angular-sanitize/angular-sanitize.js"></script>
+    <script src="bower_components/angular-touch/angular-touch.js"></script>
+    <script src="bower_components/lodash/lodash.js"></script>
+    <script src="bower_components/restangular/dist/restangular.js"></script>
+    <script src="bower_components/angular-fontawesome/dist/angular-fontawesome.js"></script>
+    <script src="bower_components/angular-base64-upload/src/angular-base64-upload.js"></script>
+    <script src="bower_components/bootstrap-fileinput/js/fileinput.min.js"></script>
+    <script src="bower_components/angular-modal-service/dst/angular-modal-service.js"></script>
+    <!-- endbower -->
+    <!-- endbuild -->
+
+        <!-- build:js({.tmp,app}) scripts/scripts.js -->
+        <script src="scripts/appPapers.js"></script>
+        <script src="scripts/controllers/papers/new-paper.js"></script>
+        <script src="scripts/controllers/papers/confirmation.js"></script>
+        <!-- endbuild -->
+</body>
+</html>
diff --git a/src/main/webapp/index.html b/src/main/webapp/index.html
@@ -16,6 +16,7 @@
     <!-- build:css(.tmp) styles/main.css -->
     <link rel="stylesheet" href="styles/main.css">
     <!-- endbuild -->
+    <!--<base href="/">-->
   </head>
   <body ng-app="autorApp">
     <!--[if lt IE 7]>
@@ -93,8 +94,6 @@
         <!-- build:js({.tmp,app}) scripts/scripts.js -->
         <script src="scripts/app.js"></script>
         <script src="scripts/controllers/journals/new-journal.js"></script>
-        <script src="scripts/controllers/papers/new-paper.js"></script>
-        <script src="scripts/controllers/papers/confirmation.js"></script>
         <script src="scripts/controllers/journals/journals.js"></script>
         <script src="scripts/controllers/journals/journal-details.js"></script>
         <script src="scripts/controllers/modal/modalController.js"></script>
diff --git a/src/main/webapp/scripts/app.js b/src/main/webapp/scripts/app.js
@@ -13,7 +13,7 @@ angular
     'naif.base64',
     'angularModalService'
   ])
-  .config(function ($routeProvider, RestangularProvider) {
+  .config(function ($routeProvider, RestangularProvider,  $locationProvider) {
     $routeProvider
       .when('/', {
         redirectTo: '/journals'
@@ -30,16 +30,8 @@ angular
         templateUrl: 'views/journals/journal-details.html',
         controller: 'JournalDetailsController'
       })
-      .when('/journals/:id/new_paper', {
-        templateUrl: 'views/papers/new-paper.html',
-        controller: 'NewPaperController'
-      })
-      .when('/confirmation/:id', {
-        templateUrl: 'views/papers/confirmation.html',
-        controller: 'ConfirmationController'
-      })
       .otherwise({
-        redirectTo: '/'
+        redirectTo: '/journals'
       });
     RestangularProvider.setBaseUrl('/rest');
   });
diff --git a/src/main/webapp/scripts/appPapers.js b/src/main/webapp/scripts/appPapers.js
@@ -0,0 +1,27 @@
+'use strict';
+
+angular
+  .module('autorAppPapers', [
+    'ngAnimate',
+    'ngCookies',
+    'ngResource',
+    'ngRoute',
+    'ngSanitize',
+    'restangular',
+    'ngTouch',
+    'picardy.fontawesome',
+    'naif.base64',
+    'angularModalService'
+  ])
+  .config(function ($routeProvider, RestangularProvider,  $locationProvider) {
+    $routeProvider
+      .when('/:id', {
+        templateUrl: 'views/papers/new-paper.html',
+        controller: 'NewPaperController'
+      })
+      .when('/confirmation/:id', {
+        templateUrl: 'views/papers/confirmation.html',
+        controller: 'ConfirmationController'
+      })
+    RestangularProvider.setBaseUrl('/rest');
+  });
diff --git a/src/main/webapp/scripts/controllers/journals/journal-details.js b/src/main/webapp/scripts/controllers/journals/journal-details.js
@@ -7,6 +7,7 @@ angular.module('autorApp')
       function(ret){
         $scope.journal = ret;
         $scope.addingLink = getAddingLink();
+        $scope.notSecuredAddingLink = getNotSecuredAddingLink();
       }, function error(reason){
         alert(reason.status)
       });
@@ -45,7 +46,12 @@ angular.module('autorApp')
     }
 
     var getAddingLink = function(){
-      return $location.protocol() + "://" + $location.host() + ":" + $location.port() + "/#/journals/" +
-          $scope.journal.id + "/new_paper"
+      return $location.protocol() + "://" + $location.host() + ":" + $location.port() + "/adding.html#/" +
+          $scope.journal.id
     }
-});
+
+    var getNotSecuredAddingLink = function(){
+      return "http://" + $location.host() + "/adding.html#/" +
+        $scope.journal.id
+    }
+});l
diff --git a/src/main/webapp/scripts/controllers/papers/confirmation.js b/src/main/webapp/scripts/controllers/papers/confirmation.js
@@ -1,6 +1,6 @@
 'use strict';
 
-angular.module('autorApp')
+angular.module('autorAppPapers')
 .controller('ConfirmationController', function ($scope, $routeParams, Restangular) {
 
   $scope.downloadPDF = function(){
diff --git a/src/main/webapp/scripts/controllers/papers/new-paper.js b/src/main/webapp/scripts/controllers/papers/new-paper.js
@@ -1,6 +1,6 @@
 'use strict';
 
-angular.module('autorApp')
+angular.module('autorAppPapers')
   .controller('NewPaperController', function ($scope, $location, $routeParams, $http, Restangular) {
 
     $scope.newPaper = {authors: [{}]};
diff --git a/src/main/webapp/views/journals/journal-details.html b/src/main/webapp/views/journals/journal-details.html
@@ -50,7 +50,7 @@ <h2>{{journal.name}}</h2>
         <h4 class="modal-title">Link to add new paper</h4>
       </div>
       <div class="modal-body">
-        <p>{{addingLink}}</p>
+        <p>{{notSecuredAddingLink}}</p>
       </div>
     </div>
 
diff --git a/src/main/webapp/views/papers/new-paper.html b/src/main/webapp/views/papers/new-paper.html
@@ -17,7 +17,7 @@ <h4>{{journal.name}}</h4>
 <form novalidate name="newpaperForm" class="form-horizontal" ng-submit="addPaper()">
   <div class="form-group">
     <label>Paper title</label>
-    <label ng-show="newpaperForm.$submitted || newpaperForm.paperName.$touched">
+    <label ng-show="newpaperForm.$submitted">
       <fa name="exclamation-circle" ng-show="newpaperForm.paperName.$error.required" style="color: #a94442"
           data-toggle="tooltip" title="Required field">
       </fa>
