BAEL-127: @PreFilter and @PostFilter annotations (#898)
* BAEL-127: simple app with filters * removed data rest dependency, final adjustments * added first live test for the rest api * move filters code to new module * moved to root of module, create service layer, standard pom
This commit is contained in:
@@ -0,0 +1,17 @@
|
||||
package org.baeldung.app;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.boot.autoconfigure.domain.EntityScan;
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
|
||||
|
||||
@SpringBootApplication
|
||||
@EnableJpaRepositories("org.baeldung.repository")
|
||||
@ComponentScan("org.baeldung")
|
||||
@EntityScan("org.baeldung.entity")
|
||||
public class App {
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(App.class, args);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,23 @@
|
||||
package org.baeldung.config;
|
||||
|
||||
import org.baeldung.entity.Task;
|
||||
import org.baeldung.repository.TaskRepository;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.CommandLineRunner;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
@Component
|
||||
public class DatabaseLoader implements CommandLineRunner {
|
||||
|
||||
@Autowired
|
||||
private TaskRepository taskRepository;
|
||||
|
||||
@Override
|
||||
public void run(String... strings) throws Exception {
|
||||
this.taskRepository.save(new Task("Send a fax", "pam"));
|
||||
this.taskRepository.save(new Task("Print a document", "pam"));
|
||||
this.taskRepository.save(new Task("Answer the phone", "pam"));
|
||||
this.taskRepository.save(new Task("Call a client", "jim"));
|
||||
this.taskRepository.save(new Task("Organize a meeting", "michael"));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,39 @@
|
||||
package org.baeldung.config;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeRequests()
|
||||
.antMatchers("/css/**", "/js/**", "/loggedout").permitAll()
|
||||
.anyRequest().authenticated()
|
||||
.and()
|
||||
.httpBasic()
|
||||
.and()
|
||||
.logout().disable()
|
||||
.csrf().disable();
|
||||
}
|
||||
|
||||
@Autowired
|
||||
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth
|
||||
.inMemoryAuthentication()
|
||||
.withUser("jim").password("jim").roles("USER")
|
||||
.and()
|
||||
.withUser("pam").password("pam").roles("USER")
|
||||
.and()
|
||||
.withUser("michael").password("michael").roles("MANAGER");
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,32 @@
|
||||
package org.baeldung.controller;
|
||||
|
||||
import org.baeldung.entity.Task;
|
||||
import org.baeldung.service.TaskService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
|
||||
@Controller
|
||||
@RequestMapping("api/tasks")
|
||||
public class TaskController {
|
||||
|
||||
@Autowired
|
||||
private TaskService taskService;
|
||||
|
||||
@RequestMapping(method = RequestMethod.GET)
|
||||
public ResponseEntity<Iterable<Task>> findAllTasks() {
|
||||
Iterable<Task> tasks = taskService.findAll();
|
||||
|
||||
return ResponseEntity.ok().body(tasks);
|
||||
}
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST, consumes = "application/json")
|
||||
public ResponseEntity<Iterable<Task>> addTasks(@RequestBody Iterable<Task> newTasks) {
|
||||
Iterable<Task> tasks = taskService.save(newTasks);
|
||||
|
||||
return ResponseEntity.ok().body(tasks);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,46 @@
|
||||
package org.baeldung.entity;
|
||||
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.GeneratedValue;
|
||||
import javax.persistence.Id;
|
||||
|
||||
@Entity
|
||||
public class Task {
|
||||
private @Id @GeneratedValue Long id;
|
||||
private String description;
|
||||
|
||||
private String assignee;
|
||||
|
||||
public Task() {
|
||||
}
|
||||
|
||||
public Task(String description, String assignee) {
|
||||
this.description = description;
|
||||
this.assignee = assignee;
|
||||
}
|
||||
|
||||
public Long getId() {
|
||||
return id;
|
||||
}
|
||||
|
||||
public void setId(Long id) {
|
||||
this.id = id;
|
||||
}
|
||||
|
||||
public String getDescription() {
|
||||
return description;
|
||||
}
|
||||
|
||||
public void setDescription(String description) {
|
||||
this.description = description;
|
||||
}
|
||||
|
||||
public String getAssignee() {
|
||||
return assignee;
|
||||
}
|
||||
|
||||
public void setAssignee(String assignee) {
|
||||
this.assignee = assignee;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,8 @@
|
||||
package org.baeldung.repository;
|
||||
|
||||
import org.baeldung.entity.Task;
|
||||
import org.springframework.data.repository.CrudRepository;
|
||||
|
||||
public interface TaskRepository extends CrudRepository<Task, Long> {
|
||||
|
||||
}
|
||||
@@ -0,0 +1,26 @@
|
||||
package org.baeldung.service;
|
||||
|
||||
import org.baeldung.entity.Task;
|
||||
import org.baeldung.repository.TaskRepository;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.access.prepost.PostFilter;
|
||||
import org.springframework.security.access.prepost.PreFilter;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
@Service
|
||||
public class TaskService {
|
||||
|
||||
@Autowired
|
||||
private TaskRepository taskRepository;
|
||||
|
||||
@PostFilter("hasRole('MANAGER') or filterObject.assignee == authentication.name")
|
||||
public Iterable<Task> findAll() {
|
||||
return taskRepository.findAll();
|
||||
}
|
||||
|
||||
@PreFilter("hasRole('MANAGER') or filterObject.assignee == authentication.name")
|
||||
public Iterable<Task> save(Iterable<Task> entities) {
|
||||
return taskRepository.save(entities);
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user