moved spring-security-web-jsonview module to spring-security-core (#10015)

* moved spring-security-web-jsonview module to spring-security-core

* removed deleted module from project build
This commit is contained in:
Amit Pandey
2020-09-14 21:51:24 +05:30
committed by GitHub
parent bd9ac72a7c
commit 540e719c11
15 changed files with 34 additions and 318 deletions
@@ -0,0 +1,13 @@
package com.baeldung.filterresponse;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class App {
public static void main(String[] args) {
SpringApplication.run(App.class, args);
}
}
@@ -0,0 +1,49 @@
package com.baeldung.filterresponse.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
@EnableWebMvc
@EnableWebSecurity
@ComponentScan("com.baeldung.filterresponse")
public class AppConfig extends WebSecurityConfigurerAdapter implements WebMvcConfigurer {
@Override
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password(passwordEncoder().encode("userPass")).roles("USER")
.and()
.withUser("admin").password(passwordEncoder().encode("adminPass")).roles("ADMIN");
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and().httpBasic();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
public enum Role {
ROLE_USER,
ROLE_ADMIN
}
}
@@ -0,0 +1,40 @@
package com.baeldung.filterresponse.config;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
import org.springframework.core.MethodParameter;
import org.springframework.http.MediaType;
import org.springframework.http.converter.json.MappingJacksonValue;
import org.springframework.http.server.ServerHttpRequest;
import org.springframework.http.server.ServerHttpResponse;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.AbstractMappingJacksonResponseBodyAdvice;
import com.baeldung.filterresponse.controller.View;
@RestControllerAdvice
public class SecurityJsonViewControllerAdvice extends AbstractMappingJacksonResponseBodyAdvice {
@Override
protected void beforeBodyWriteInternal(MappingJacksonValue bodyContainer, MediaType contentType,
MethodParameter returnType, ServerHttpRequest request, ServerHttpResponse response) {
if (SecurityContextHolder.getContext().getAuthentication() != null
&& SecurityContextHolder.getContext().getAuthentication().getAuthorities() != null) {
Collection<? extends GrantedAuthority> authorities = SecurityContextHolder.getContext().getAuthentication().getAuthorities();
List<Class> jsonViews = authorities.stream()
.map(GrantedAuthority::getAuthority)
.map(AppConfig.Role::valueOf)
.map(View.MAPPING::get)
.collect(Collectors.toList());
if (jsonViews.size() == 1) {
bodyContainer.setSerializationView(jsonViews.get(0));
return;
}
throw new IllegalArgumentException("Ambiguous @JsonView declaration for roles "+ authorities.stream().map(GrantedAuthority::getAuthority).collect(Collectors.joining(",")));
}
}
}
@@ -0,0 +1,19 @@
package com.baeldung.filterresponse.controller;
import java.util.Arrays;
import java.util.Collection;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import com.baeldung.filterresponse.model.Item;
@RestController
public class ItemsController {
@RequestMapping("/items")
public Collection<Item> getItems() {
return Arrays.asList(new Item(1, "Item 1", "Frank"), new Item(2, "Item 2", "Bob"));
}
}
@@ -0,0 +1,25 @@
package com.baeldung.filterresponse.controller;
import java.util.HashMap;
import java.util.Map;
import com.baeldung.filterresponse.config.AppConfig.Role;
public class View {
public static final Map<Role, Class> MAPPING = new HashMap<>();
static {
MAPPING.put(Role.ROLE_ADMIN, Admin.class);
MAPPING.put(Role.ROLE_USER, User.class);
}
public static class User {
}
public static class Admin extends User {
}
}
@@ -0,0 +1,32 @@
package com.baeldung.filterresponse.model;
import com.baeldung.filterresponse.controller.View;
import com.fasterxml.jackson.annotation.JsonView;
public class Item {
@JsonView(View.User.class)
private int id;
@JsonView(View.User.class)
private String name;
@JsonView(View.Admin.class)
private String ownerName;
public Item(int id, String name, String ownerName) {
this.id = id;
this.name = name;
this.ownerName = ownerName;
}
public int getId() {
return id;
}
public String getName() {
return name;
}
public String getOwnerName() {
return ownerName;
}
}