Merge pull request #3697 from inception-project/feature/3602-Enable-S…

…pring-MVC-CSP #3602 - Enable Spring MVC CSP
inception-project · Jan 8, 2023 · f1bcc78 · f1bcc78
2 parents 65c211d + 005c5ab
commit f1bcc78
Show file tree

Hide file tree

Showing 10 changed files with 277 additions and 8 deletions.
diff --git a/inception/inception-pdf-editor2/pom.xml b/inception/inception-pdf-editor2/pom.xml
@@ -61,6 +61,10 @@
       <groupId>de.tudarmstadt.ukp.inception.app</groupId>
       <artifactId>inception-diam</artifactId>
     </dependency>
+    <dependency>
+      <groupId>de.tudarmstadt.ukp.inception.app</groupId>
+      <artifactId>inception-security</artifactId>
+    </dependency>
     <dependency>
       <groupId>de.tudarmstadt.ukp.inception.app</groupId>
       <artifactId>inception-external-editor</artifactId>
@@ -139,6 +143,10 @@
       <groupId>org.apache.wicket</groupId>
       <artifactId>wicket-spring</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.wicketstuff</groupId>
+      <artifactId>wicketstuff-annotation</artifactId>
+    </dependency>
 
     <dependency>
       <groupId>org.slf4j</groupId>

diff --git a/.../tudarmstadt/ukp/inception/pdfeditor2/config/PdfAnnotationEditor2WebMvcConfiguration.java b/.../tudarmstadt/ukp/inception/pdfeditor2/config/PdfAnnotationEditor2WebMvcConfiguration.java
@@ -21,6 +21,8 @@
  */
 package de.tudarmstadt.ukp.inception.pdfeditor2.config;
 
+import static de.tudarmstadt.ukp.inception.security.config.InceptionSecurityWebUIApiAutoConfiguration.BASE_VIEW_URL;
+
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@@ -29,10 +31,12 @@
 public class PdfAnnotationEditor2WebMvcConfiguration
     implements WebMvcConfigurer
 {
+    public static final String BASE_URL = BASE_VIEW_URL + "/pdfeditor2";
+
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry aRegistry)
     {
-        aRegistry.addResourceHandler("/resources/pdfanno2/**") //
+        aRegistry.addResourceHandler(BASE_URL + "/**") //
                 .addResourceLocations(
                         "classpath:/de/tudarmstadt/ukp/inception/pdfeditor2/resources/");
     }

diff --git a/...main/java/de/tudarmstadt/ukp/inception/pdfeditor2/resources/PdfJsJavaScriptReference.java b/...main/java/de/tudarmstadt/ukp/inception/pdfeditor2/resources/PdfJsJavaScriptReference.java
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Technische Universität Darmstadt under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The Technische Universität Darmstadt 
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.
+ *  
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.tudarmstadt.ukp.inception.pdfeditor2.resources;
+
+import org.apache.wicket.request.resource.JavaScriptResourceReference;
+
+public class PdfJsJavaScriptReference
+    extends JavaScriptResourceReference
+{
+    private static final long serialVersionUID = 1L;
+
+    private static final PdfJsJavaScriptReference INSTANCE = new PdfJsJavaScriptReference();
+
+    /**
+     * Gets the instance of the resource reference
+     *
+     * @return the single instance of the resource reference
+     */
+    public static PdfJsJavaScriptReference get()
+    {
+        return INSTANCE;
+    }
+
+    /**
+     * Private constructor
+     */
+    private PdfJsJavaScriptReference()
+    {
+        super(PdfJsJavaScriptReference.class, "pdf.min.js");
+    }
+}
diff --git a/...n/java/de/tudarmstadt/ukp/inception/pdfeditor2/resources/PdfJsViewerJavaCssReference.java b/...n/java/de/tudarmstadt/ukp/inception/pdfeditor2/resources/PdfJsViewerJavaCssReference.java
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Technische Universität Darmstadt under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The Technische Universität Darmstadt 
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.
+ *  
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.tudarmstadt.ukp.inception.pdfeditor2.resources;
+
+import org.apache.wicket.request.resource.CssResourceReference;
+
+public class PdfJsViewerJavaCssReference
+    extends CssResourceReference
+{
+    private static final long serialVersionUID = 1L;
+
+    private static final PdfJsViewerJavaCssReference INSTANCE = new PdfJsViewerJavaCssReference();
+
+    /**
+     * Gets the instance of the resource reference
+     *
+     * @return the single instance of the resource reference
+     */
+    public static PdfJsViewerJavaCssReference get()
+    {
+        return INSTANCE;
+    }
+
+    /**
+     * Private constructor
+     */
+    private PdfJsViewerJavaCssReference()
+    {
+        super(PdfJsViewerJavaCssReference.class, "viewer.css");
+    }
+}
diff --git a/...ava/de/tudarmstadt/ukp/inception/pdfeditor2/resources/PdfJsViewerJavaScriptReference.java b/...ava/de/tudarmstadt/ukp/inception/pdfeditor2/resources/PdfJsViewerJavaScriptReference.java
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Technische Universität Darmstadt under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The Technische Universität Darmstadt 
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.
+ *  
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.tudarmstadt.ukp.inception.pdfeditor2.resources;
+
+import static java.util.Arrays.asList;
+
+import java.util.List;
+
+import org.apache.wicket.markup.head.CssContentHeaderItem;
+import org.apache.wicket.markup.head.HeaderItem;
+import org.apache.wicket.markup.head.JavaScriptHeaderItem;
+import org.apache.wicket.request.resource.JavaScriptResourceReference;
+
+public class PdfJsViewerJavaScriptReference
+    extends JavaScriptResourceReference
+{
+    private static final long serialVersionUID = 1L;
+
+    private static final PdfJsViewerJavaScriptReference INSTANCE = new PdfJsViewerJavaScriptReference();
+
+    /**
+     * Gets the instance of the resource reference
+     *
+     * @return the single instance of the resource reference
+     */
+    public static PdfJsViewerJavaScriptReference get()
+    {
+        return INSTANCE;
+    }
+
+    @Override
+    public List<HeaderItem> getDependencies()
+    {
+        return asList( //
+                CssContentHeaderItem.forReference(PdfJsViewerJavaCssReference.get()),
+                JavaScriptHeaderItem.forReference(PdfJsJavaScriptReference.get()));
+    }
+
+    /**
+     * Private constructor
+     */
+    private PdfJsViewerJavaScriptReference()
+    {
+        super(PdfJsViewerJavaScriptReference.class, "viewer.js");
+    }
+}
diff --git a/...or2/src/main/java/de/tudarmstadt/ukp/inception/pdfeditor2/view/PdfDocumentIFrameView.java b/...or2/src/main/java/de/tudarmstadt/ukp/inception/pdfeditor2/view/PdfDocumentIFrameView.java
@@ -50,6 +50,7 @@
 import de.tudarmstadt.ukp.clarin.webanno.support.JSONUtil;
 import de.tudarmstadt.ukp.inception.pdfeditor2.PdfAnnotationEditor;
 import de.tudarmstadt.ukp.inception.pdfeditor2.format.VisualPdfReader;
+import de.tudarmstadt.ukp.inception.pdfeditor2.view.pdfjs.PdfJsViewerPage;
 import de.tudarmstadt.ukp.inception.pdfeditor2.visual.VisualPDFTextStripper;
 import de.tudarmstadt.ukp.inception.pdfeditor2.visual.model.VModel;
 import de.tudarmstadt.ukp.inception.schema.adapter.AnnotationException;
@@ -162,8 +163,7 @@ private VModel visualModelFromPdfSource() throws IOException
     protected void onComponentTag(ComponentTag aTag)
     {
         UrlRenderer urlRenderer = RequestCycle.get().getUrlRenderer();
-
-        String viewerUrl = urlRenderer.renderContextRelativeUrl("resources/pdfanno2/viewer.html");
+        String viewerUrl = urlFor(PdfJsViewerPage.class, null).toString();
         String pdfUrl = urlRenderer.renderFullUrl(Url.parse(pdfProvider.getCallbackUrl()));
         String vModelUrl = urlRenderer.renderFullUrl(Url.parse(vModelProvider.getCallbackUrl()));
 

diff --git a/...or2/src/main/java/de/tudarmstadt/ukp/inception/pdfeditor2/view/pdfjs/PdfJsViewerPage.java b/...or2/src/main/java/de/tudarmstadt/ukp/inception/pdfeditor2/view/pdfjs/PdfJsViewerPage.java
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Technische Universität Darmstadt under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The Technische Universität Darmstadt 
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.
+ *  
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.tudarmstadt.ukp.inception.pdfeditor2.view.pdfjs;
+
+import static de.tudarmstadt.ukp.inception.pdfeditor2.config.PdfAnnotationEditor2WebMvcConfiguration.BASE_URL;
+import static org.apache.wicket.core.util.string.CssUtils.ATTR_LINK_HREF;
+import static org.apache.wicket.core.util.string.CssUtils.ATTR_LINK_REL;
+import static org.apache.wicket.core.util.string.CssUtils.ATTR_TYPE;
+
+import javax.servlet.ServletContext;
+
+import org.apache.wicket.MarkupContainer;
+import org.apache.wicket.markup.IMarkupCacheKeyProvider;
+import org.apache.wicket.markup.IMarkupResourceStreamProvider;
+import org.apache.wicket.markup.head.IHeaderResponse;
+import org.apache.wicket.markup.head.JavaScriptHeaderItem;
+import org.apache.wicket.markup.head.StringHeaderItem;
+import org.apache.wicket.markup.html.WebPage;
+import org.apache.wicket.request.UrlRenderer;
+import org.apache.wicket.request.cycle.RequestCycle;
+import org.apache.wicket.spring.injection.annot.SpringBean;
+import org.apache.wicket.util.resource.IResourceStream;
+import org.apache.wicket.util.value.AttributeMap;
+import org.wicketstuff.annotation.mount.MountPath;
+
+import de.tudarmstadt.ukp.clarin.webanno.support.wicket.InputStreamResourceStream;
+import de.tudarmstadt.ukp.inception.pdfeditor2.config.PdfAnnotationEditor2WebMvcConfiguration;
+import de.tudarmstadt.ukp.inception.pdfeditor2.resources.PdfJsViewerJavaScriptReference;
+
+@MountPath(PdfAnnotationEditor2WebMvcConfiguration.BASE_URL + "/viewer.html")
+public class PdfJsViewerPage
+    extends WebPage
+    implements IMarkupResourceStreamProvider, IMarkupCacheKeyProvider
+{
+    private static final long serialVersionUID = -6785521330117759815L;
+
+    private @SpringBean ServletContext servletContext;
+
+    @Override
+    public void renderHead(IHeaderResponse aResponse)
+    {
+        renderLocaleReference(aResponse);
+
+        aResponse.render(JavaScriptHeaderItem.forReference(PdfJsViewerJavaScriptReference.get()));
+        var script = String.join("\n", //
+                "window.addEventListener('DOMContentLoaded', function() {", //
+                "  PDFViewerApplicationOptions.set('defaultUrl', null);", //
+                "  PDFViewerApplicationOptions.set('disablePreferences', true);", //
+                "  PDFViewerApplicationOptions.set('workerSrc', 'pdf.worker.min.js');", //
+                "  PDFViewerApplicationOptions.set('enableScripting', false);", //
+                "  PDFViewerApplicationOptions.set('viewOnLoad', 1);", //
+                // Because when when we jump to a location in a different document it sucks when
+                // the sidebar automatically opens and causes a re-scaling which leads to a wrong
+                // scroll position!
+                "  PDFViewerApplicationOptions.set('sidebarViewOnLoad', 0);", //
+                "});");
+        aResponse.render(JavaScriptHeaderItem.forScript(script, "initialization"));
+    }
+
+    private void renderLocaleReference(IHeaderResponse aResponse)
+    {
+        UrlRenderer urlRenderer = RequestCycle.get().getUrlRenderer();
+        String localeUrl = urlRenderer
+                .renderContextRelativeUrl(BASE_URL + "/locale/locale.properties");
+
+        AttributeMap attributes = new AttributeMap();
+        attributes.putAttribute(ATTR_LINK_REL, "resource");
+        attributes.putAttribute(ATTR_TYPE, "application/l10n");
+        attributes.putAttribute(ATTR_LINK_HREF, localeUrl);
+        aResponse.render(new StringHeaderItem("<link" + attributes.toCharSequence() + " />"));
+    }
+
+    @Override
+    public String getCacheKey(MarkupContainer container, Class<?> containerClass)
+    {
+        return getClass().getName();
+    }
+
+    @Override
+    public IResourceStream getMarkupResourceStream(MarkupContainer aContainer,
+            Class<?> aContainerClass)
+    {
+        return new InputStreamResourceStream(getClass().getResourceAsStream(
+                "/de/tudarmstadt/ukp/inception/pdfeditor2/resources/viewer.html"));
+    }
+}
diff --git a/inception/inception-pdf-editor2/src/main/ts/pdfjs-web/viewer.html b/inception/inception-pdf-editor2/src/main/ts/pdfjs-web/viewer.html
@@ -26,9 +26,10 @@
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
     <meta name="google" content="notranslate">
     <title>INCEpTION PDF Editor</title>
-    <link rel="stylesheet" href="viewer.css">
     <!-- This snippet is used in production (included from viewer.html) -->
+    <!--
     <link rel="resource" type="application/l10n" href="locale/locale.properties">
+    <link rel="stylesheet" href="viewer.css">
     <script src="pdf.min.js"></script>
     <script src="viewer.js"></script>
     <script>
@@ -44,6 +45,7 @@
         PDFViewerApplicationOptions.set("sidebarViewOnLoad", 0);
       });
     </script>
+    -->
   </head>
 
   <body tabindex="1">

diff --git a/inception/inception-pdf-editor2/src/main/ts/src/pdfanno/pdfanno.ts b/inception/inception-pdf-editor2/src/main/ts/src/pdfanno/pdfanno.ts
@@ -85,7 +85,7 @@ export async function initPdfAnno (ajax: DiamAjax): Promise<void> {
 }
 
 function onPageRendered (ev) {
-  console.log('pagerendered:', ev.pageNumber)
+  // console.log('pagerendered:', ev.pageNumber)
 
   // No action, if the viewer is closed.
   if (!globalThis.PDFViewerApplication.pdfViewer.getPageView(0)) {
@@ -98,7 +98,6 @@ function onPageRendered (ev) {
 }
 
 function onScaleChange (ev) {
-  console.log('scalechanged')
   adjustPageGaps()
   removeAnnoLayer()
   renderAnno()

diff --git a/.../main/java/de/tudarmstadt/ukp/inception/recommendation/RecommendationEditorExtension.java b/.../main/java/de/tudarmstadt/ukp/inception/recommendation/RecommendationEditorExtension.java
@@ -145,10 +145,10 @@ public void handleAction(AnnotationActionHandler aActionHandler, AnnotatorState
             return;
         }
 
-        ((AnnotationPageBase) aTarget.getPage()).ensureIsEditable();
-
         // Create annotation
         if (SelectAnnotationHandler.COMMAND.equals(aAction) || AcceptActionResponse.is(aAction)) {
+            ((AnnotationPageBase) aTarget.getPage()).ensureIsEditable();
+
             VID recommendationVid = VID.parse(aVID.getExtensionPayload());
             var prediction = getPrediction(aState, recommendationVid);
             SourceDocument document = aState.getDocument();
@@ -172,6 +172,8 @@ public void handleAction(AnnotationActionHandler aActionHandler, AnnotatorState
             }
         }
         else if (DoActionResponse.is(aAction) || RejectActionResponse.is(aAction)) {
+            ((AnnotationPageBase) aTarget.getPage()).ensureIsEditable();
+
             actionRejectRecommendation(aActionHandler, aState, aTarget, aCas, aVID);
         }
         else if (ScrollToHandler.COMMAND.equals(aAction)) {