separate principal

spring-security-custom-permission/src/main/java/org/baeldung/persistence/model/User.java

@@ -1,8 +1,5 @@
 package org.baeldung.persistence.model;
 
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
 import java.util.Set;
 
 import javax.persistence.Column;
@@ -16,14 +13,8 @@ import javax.persistence.JoinTable;
 import javax.persistence.ManyToMany;
 import javax.persistence.ManyToOne;
 
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.userdetails.UserDetails;
-
 @Entity
-public class User implements UserDetails {
+public class User {
-
-    private static final long serialVersionUID = 1L;
 
     @Id
     @GeneratedValue(strategy = GenerationType.AUTO)
@@ -57,7 +48,6 @@ public class User implements UserDetails {
         this.id = id;
     }
 
-    @Override
     public String getUsername() {
         return username;
     }
@@ -66,7 +56,6 @@ public class User implements UserDetails {
         this.username = username;
     }
 
-    @Override
     public String getPassword() {
         return password;
     }
@@ -93,37 +82,6 @@ public class User implements UserDetails {
 
     //
 
-    @Override
-    public Collection<? extends GrantedAuthority> getAuthorities() {
-        final List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
-        for (final Privilege privilege : this.getPrivileges()) {
-            authorities.add(new SimpleGrantedAuthority(privilege.getName()));
-        }
-        return authorities;
-    }
-
-    @Override
-    public boolean isAccountNonExpired() {
-        return true;
-    }
-
-    @Override
-    public boolean isAccountNonLocked() {
-        return true;
-    }
-
-    @Override
-    public boolean isCredentialsNonExpired() {
-        return true;
-    }
-
-    @Override
-    public boolean isEnabled() {
-        return true;
-    }
-
-    //
-
     @Override
     public String toString() {
         final StringBuilder builder = new StringBuilder();

spring-security-custom-permission/src/main/java/org/baeldung/security/CustomMethodSecurityExpressionRoot.java

@@ -16,7 +16,7 @@ public class CustomMethodSecurityExpressionRoot extends SecurityExpressionRoot i
 
     //
     public boolean isMember(Long OrganizationId) {
-        final User user = (User) this.getPrincipal();
+        final User user = ((MyUserPrincipal) this.getPrincipal()).getUser();
         return user.getOrganization().getId().longValue() == OrganizationId.longValue();
     }
 

spring-security-custom-permission/src/main/java/org/baeldung/security/MySecurityExpressionRoot.java

@@ -47,6 +47,14 @@ public class MySecurityExpressionRoot implements MethodSecurityExpressionOperati
         throw new RuntimeException("method hasAuthority() not allowed");
     }
 
+    //
+    public boolean isMember(Long OrganizationId) {
+        final User user = ((MyUserPrincipal) this.getPrincipal()).getUser();
+        return user.getOrganization().getId().longValue() == OrganizationId.longValue();
+    }
+
+    //
+
     @Override
     public final boolean hasAnyAuthority(String... authorities) {
         return hasAnyAuthorityName(null, authorities);
@@ -168,14 +176,6 @@ public class MySecurityExpressionRoot implements MethodSecurityExpressionOperati
         return defaultRolePrefix + role;
     }
 
-    //
-    public boolean isMember(Long OrganizationId) {
-        final User user = (User) this.getPrincipal();
-        return user.getOrganization().getId().longValue() == OrganizationId.longValue();
-    }
-
-    //
-
     @Override
     public Object getFilterObject() {
         return this.filterObject;

spring-security-custom-permission/src/main/java/org/baeldung/security/MyUserDetailsService.java

@@ -26,6 +26,6 @@ public class MyUserDetailsService implements UserDetailsService {
         if (user == null) {
             throw new UsernameNotFoundException(username);
         }
-        return user;
+        return new MyUserPrincipal(user);
     }
 }

spring-security-custom-permission/src/main/java/org/baeldung/security/MyUserPrincipal.java

@@ -0,0 +1,72 @@
+package org.baeldung.security;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import org.baeldung.persistence.model.Privilege;
+import org.baeldung.persistence.model.User;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+public class MyUserPrincipal implements UserDetails {
+
+    private static final long serialVersionUID = 1L;
+
+    private final User user;
+
+    //
+
+    public MyUserPrincipal(User user) {
+        this.user = user;
+    }
+
+    //
+
+    @Override
+    public String getUsername() {
+        return user.getUsername();
+    }
+
+    @Override
+    public String getPassword() {
+        return user.getPassword();
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        final List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
+        for (final Privilege privilege : user.getPrivileges()) {
+            authorities.add(new SimpleGrantedAuthority(privilege.getName()));
+        }
+        return authorities;
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+
+    //
+
+    public User getUser() {
+        return user;
+    }
+
+}