[tlinh2110@gmail.com] Restructure to Method Security
This commit is contained in:
+15
@@ -0,0 +1,15 @@
|
||||
package org.baeldung.methodsecurity.annotation;
|
||||
|
||||
import java.lang.annotation.ElementType;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
|
||||
@Target(ElementType.METHOD)
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@PreAuthorize("hasRole('VIEWER')")
|
||||
public @interface IsViewer
|
||||
{
|
||||
}
|
||||
+2
-2
@@ -1,11 +1,11 @@
|
||||
package org.baeldung.testmethodsecurity.config;
|
||||
package org.baeldung.methodsecurity.config;
|
||||
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
|
||||
|
||||
@Configuration
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
|
||||
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
|
||||
|
||||
}
|
||||
+1
-1
@@ -1,4 +1,4 @@
|
||||
package org.baeldung.testmethodsecurity.entity;
|
||||
package org.baeldung.methodsecurity.entity;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
+18
-2
@@ -1,11 +1,11 @@
|
||||
package org.baeldung.testmethodsecurity.repository;
|
||||
package org.baeldung.methodsecurity.repository;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.baeldung.testmethodsecurity.entity.CustomUser;
|
||||
import org.baeldung.methodsecurity.entity.CustomUser;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
@@ -38,4 +38,20 @@ public class UserRoleRepository {
|
||||
throw new UsernameNotFoundException("User "+username+" cannot be found");
|
||||
}
|
||||
|
||||
public boolean isValidUsername(String username){
|
||||
return DB_BASED_USER_MAPPING.containsKey(username);
|
||||
}
|
||||
|
||||
public boolean isValidRole(String roleName){
|
||||
return roleName.startsWith("ROLE_");
|
||||
}
|
||||
|
||||
public List<String> getAllUsernames(){
|
||||
List<String> usernames = new ArrayList<>();
|
||||
usernames.add("jane");
|
||||
usernames.add("john");
|
||||
usernames.add("jack");
|
||||
return usernames;
|
||||
}
|
||||
|
||||
}
|
||||
+2
-2
@@ -1,6 +1,6 @@
|
||||
package org.baeldung.testmethodsecurity.service;
|
||||
package org.baeldung.methodsecurity.service;
|
||||
|
||||
import org.baeldung.testmethodsecurity.repository.UserRoleRepository;
|
||||
import org.baeldung.methodsecurity.repository.UserRoleRepository;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
+107
@@ -0,0 +1,107 @@
|
||||
package org.baeldung.methodsecurity.service;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import javax.annotation.security.RolesAllowed;
|
||||
|
||||
import org.baeldung.methodsecurity.annotation.IsViewer;
|
||||
import org.baeldung.methodsecurity.entity.CustomUser;
|
||||
import org.baeldung.methodsecurity.repository.UserRoleRepository;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.access.annotation.Secured;
|
||||
import org.springframework.security.access.prepost.PostAuthorize;
|
||||
import org.springframework.security.access.prepost.PostFilter;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.access.prepost.PreFilter;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
@Service
|
||||
public class UserRoleService {
|
||||
|
||||
@Autowired
|
||||
UserRoleRepository userRoleRepository;
|
||||
|
||||
@Secured("ROLE_VIEWER")
|
||||
public String getUsername(){
|
||||
SecurityContext securityContext = SecurityContextHolder.getContext();
|
||||
return securityContext.getAuthentication().getName();
|
||||
}
|
||||
|
||||
@Secured({"ROLE_VIEWER","ROLE_EDITOR"})
|
||||
public boolean isValidUsername(String username){
|
||||
return userRoleRepository.isValidUsername(username);
|
||||
}
|
||||
|
||||
@RolesAllowed("ROLE_VIEWER")
|
||||
public String getUsername2(){
|
||||
SecurityContext securityContext = SecurityContextHolder.getContext();
|
||||
return securityContext.getAuthentication().getName();
|
||||
}
|
||||
|
||||
@RolesAllowed({"ROLE_VIEWER","ROLE_EDITOR"})
|
||||
public boolean isValidUsername2(String username){
|
||||
return userRoleRepository.isValidUsername(username);
|
||||
}
|
||||
|
||||
@PreAuthorize("hasRole('ROLE_VIEWER')")
|
||||
public String getUsernameInUpperCase(){
|
||||
return getUsername().toUpperCase();
|
||||
}
|
||||
|
||||
@PreAuthorize("hasAuthority('SYS_ADMIN')")
|
||||
public String getUsernameInLowerCase(){
|
||||
return getUsername().toLowerCase();
|
||||
}
|
||||
|
||||
@PreAuthorize("hasRole('ROLE_VIEWER') or hasRole('ROLE_EDITOR')")
|
||||
public boolean isValidUsername3(String username){
|
||||
return userRoleRepository.isValidUsername(username);
|
||||
}
|
||||
|
||||
@PreAuthorize("#username == authentication.principal.username")
|
||||
public String getMyRoles(String username){
|
||||
SecurityContext securityContext = SecurityContextHolder.getContext();
|
||||
return securityContext
|
||||
.getAuthentication()
|
||||
.getAuthorities()
|
||||
.stream().map(auth -> auth.getAuthority())
|
||||
.collect(Collectors.joining(","));
|
||||
}
|
||||
|
||||
@PostAuthorize("returnObject.username == authentication.principal.nickName")
|
||||
public CustomUser loadUserDetail(String username){
|
||||
return userRoleRepository.loadUserByUserName(username);
|
||||
}
|
||||
|
||||
@PreFilter("filterObject != authentication.principal.username")
|
||||
public String joinUsernames(List<String> usernames){
|
||||
return usernames.stream().collect(Collectors.joining(";"));
|
||||
}
|
||||
|
||||
@PreFilter(value="filterObject != authentication.principal.username",filterTarget="usernames")
|
||||
public String joinUsernamesAndRoles(List<String> usernames,List<String> roles){
|
||||
return usernames.stream().collect(Collectors.joining(";"))
|
||||
+":"+roles.stream().collect(Collectors.joining(";"));
|
||||
}
|
||||
|
||||
@PostFilter("filterObject != authentication.principal.username")
|
||||
public List<String> getAllUsernamesExceptCurrent(){
|
||||
return userRoleRepository.getAllUsernames();
|
||||
}
|
||||
|
||||
@IsViewer
|
||||
public String getUsername4(){
|
||||
SecurityContext securityContext = SecurityContextHolder.getContext();
|
||||
return securityContext.getAuthentication().getName();
|
||||
}
|
||||
|
||||
@PreAuthorize("#username == authentication.principal.username")
|
||||
@PostAuthorize("returnObject.username == authentication.principal.nickName")
|
||||
public CustomUser securedLoadUserDetail(String username){
|
||||
return userRoleRepository.loadUserByUserName(username);
|
||||
}
|
||||
|
||||
}
|
||||
-29
@@ -1,29 +0,0 @@
|
||||
package org.baeldung.testmethodsecurity.service;
|
||||
|
||||
import org.baeldung.testmethodsecurity.entity.CustomUser;
|
||||
import org.baeldung.testmethodsecurity.repository.UserRoleRepository;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.access.prepost.PostAuthorize;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
@Service
|
||||
public class UserRoleService {
|
||||
|
||||
@Autowired
|
||||
UserRoleRepository userRoleRepository;
|
||||
|
||||
@PreAuthorize("hasRole('ROLE_VIEWER') or hasAuthority('SYS_ADMIN')")
|
||||
public String getUsername(){
|
||||
SecurityContext securityContext = SecurityContextHolder.getContext();
|
||||
return securityContext.getAuthentication().getName();
|
||||
}
|
||||
|
||||
@PostAuthorize("returnObject.username == authentication.principal.nickName")
|
||||
public CustomUser loadUserDetail(String username){
|
||||
return userRoleRepository.loadUserByUserName(username);
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user