Merge remote-tracking branch 'origin/master'

2016-07-31 10:49:46 +01:00 · 2016-07-31 10:49:46 +01:00 · 6f2ccdf187
parent 0a85d18792 883ec051b1
commit 6f2ccdf187
6 changed files with 85 additions and 55 deletions
--- a/spring-security-custom-permission/src/main/java/org/baeldung/persistence/model/User.java
+++ b/spring-security-custom-permission/src/main/java/org/baeldung/persistence/model/User.java
@ -1,8 +1,5 @@
 package org.baeldung.persistence.model;

-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
 import java.util.Set;

 import javax.persistence.Column;
@ -16,14 +13,8 @@ import javax.persistence.JoinTable;
 import javax.persistence.ManyToMany;
 import javax.persistence.ManyToOne;

-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.userdetails.UserDetails;
-
@Entity
-public class User implements UserDetails {
-
-    private static final long serialVersionUID = 1L;
+public class User {

    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
@ -57,7 +48,6 @@ public class User implements UserDetails {
        this.id = id;
    }

-    @Override
    public String getUsername() {
        return username;
    }
@ -66,7 +56,6 @@ public class User implements UserDetails {
        this.username = username;
    }

-    @Override
    public String getPassword() {
        return password;
    }
@ -93,37 +82,6 @@ public class User implements UserDetails {

    //

-    @Override
-    public Collection<? extends GrantedAuthority> getAuthorities() {
-        final List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
-        for (final Privilege privilege : this.getPrivileges()) {
-            authorities.add(new SimpleGrantedAuthority(privilege.getName()));
-        }
-        return authorities;
-    }
-
-    @Override
-    public boolean isAccountNonExpired() {
-        return true;
-    }
-
-    @Override
-    public boolean isAccountNonLocked() {
-        return true;
-    }
-
-    @Override
-    public boolean isCredentialsNonExpired() {
-        return true;
-    }
-
-    @Override
-    public boolean isEnabled() {
-        return true;
-    }
-
-    //
-
    @Override
    public String toString() {
        final StringBuilder builder = new StringBuilder();
--- a/spring-security-custom-permission/src/main/java/org/baeldung/security/CustomMethodSecurityExpressionRoot.java
+++ b/spring-security-custom-permission/src/main/java/org/baeldung/security/CustomMethodSecurityExpressionRoot.java
@ -16,7 +16,7 @@ public class CustomMethodSecurityExpressionRoot extends SecurityExpressionRoot i

    //
    public boolean isMember(Long OrganizationId) {
-        final User user = (User) this.getPrincipal();
+        final User user = ((MyUserPrincipal) this.getPrincipal()).getUser();
        return user.getOrganization().getId().longValue() == OrganizationId.longValue();
    }

--- a/spring-security-custom-permission/src/main/java/org/baeldung/security/MySecurityExpressionRoot.java
+++ b/spring-security-custom-permission/src/main/java/org/baeldung/security/MySecurityExpressionRoot.java
@ -47,6 +47,14 @@ public class MySecurityExpressionRoot implements MethodSecurityExpressionOperati
        throw new RuntimeException("method hasAuthority() not allowed");
    }

+    //
+    public boolean isMember(Long OrganizationId) {
+        final User user = ((MyUserPrincipal) this.getPrincipal()).getUser();
+        return user.getOrganization().getId().longValue() == OrganizationId.longValue();
+    }
+
+    //
+
    @Override
    public final boolean hasAnyAuthority(String... authorities) {
        return hasAnyAuthorityName(null, authorities);
@ -168,14 +176,6 @@ public class MySecurityExpressionRoot implements MethodSecurityExpressionOperati
        return defaultRolePrefix + role;
    }

-    //
-    public boolean isMember(Long OrganizationId) {
-        final User user = (User) this.getPrincipal();
-        return user.getOrganization().getId().longValue() == OrganizationId.longValue();
-    }
-
-    //
-
    @Override
    public Object getFilterObject() {
        return this.filterObject;
--- a/spring-security-custom-permission/src/main/java/org/baeldung/security/MyUserDetailsService.java
+++ b/spring-security-custom-permission/src/main/java/org/baeldung/security/MyUserDetailsService.java
@ -26,6 +26,6 @@ public class MyUserDetailsService implements UserDetailsService {
        if (user == null) {
            throw new UsernameNotFoundException(username);
        }
-        return user;
+        return new MyUserPrincipal(user);
    }
 }
--- a/spring-security-custom-permission/src/main/java/org/baeldung/security/MyUserPrincipal.java
+++ b/spring-security-custom-permission/src/main/java/org/baeldung/security/MyUserPrincipal.java
@ -0,0 +1,72 @@
+package org.baeldung.security;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import org.baeldung.persistence.model.Privilege;
+import org.baeldung.persistence.model.User;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+public class MyUserPrincipal implements UserDetails {
+
+    private static final long serialVersionUID = 1L;
+
+    private final User user;
+
+    //
+
+    public MyUserPrincipal(User user) {
+        this.user = user;
+    }
+
+    //
+
+    @Override
+    public String getUsername() {
+        return user.getUsername();
+    }
+
+    @Override
+    public String getPassword() {
+        return user.getPassword();
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        final List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
+        for (final Privilege privilege : user.getPrivileges()) {
+            authorities.add(new SimpleGrantedAuthority(privilege.getName()));
+        }
+        return authorities;
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+
+    //
+
+    public User getUser() {
+        return user;
+    }
+
+}
--- a/spring-security-custom-permission/src/main/java/org/baeldung/web/MainController.java
+++ b/spring-security-custom-permission/src/main/java/org/baeldung/web/MainController.java
@ -5,7 +5,6 @@ import org.baeldung.persistence.model.Foo;
 import org.baeldung.persistence.model.Organization;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
-import org.springframework.security.access.prepost.PostAuthorize;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
@ -22,7 +21,8 @@ public class MainController {
    @Autowired
    private OrganizationRepository organizationRepository;

-    @PostAuthorize("hasPermission(returnObject, 'read')")
+    // @PostAuthorize("hasPermission(returnObject, 'read')")
+    @PreAuthorize("hasPermission(#id, 'Foo', 'read')")
    @RequestMapping(method = RequestMethod.GET, value = "/foos/{id}")
    @ResponseBody
    public Foo findById(@PathVariable final long id) {