diff --git a/spring-security-custom-permission/src/main/java/org/baeldung/persistence/model/User.java b/spring-security-custom-permission/src/main/java/org/baeldung/persistence/model/User.java index 86b81cdcee..112d502105 100644 --- a/spring-security-custom-permission/src/main/java/org/baeldung/persistence/model/User.java +++ b/spring-security-custom-permission/src/main/java/org/baeldung/persistence/model/User.java @@ -1,8 +1,5 @@ package org.baeldung.persistence.model; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; import java.util.Set; import javax.persistence.Column; @@ -16,14 +13,8 @@ import javax.persistence.JoinTable; import javax.persistence.ManyToMany; import javax.persistence.ManyToOne; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.userdetails.UserDetails; - @Entity -public class User implements UserDetails { - - private static final long serialVersionUID = 1L; +public class User { @Id @GeneratedValue(strategy = GenerationType.AUTO) @@ -57,7 +48,6 @@ public class User implements UserDetails { this.id = id; } - @Override public String getUsername() { return username; } @@ -66,7 +56,6 @@ public class User implements UserDetails { this.username = username; } - @Override public String getPassword() { return password; } @@ -93,37 +82,6 @@ public class User implements UserDetails { // - @Override - public Collection getAuthorities() { - final List authorities = new ArrayList(); - for (final Privilege privilege : this.getPrivileges()) { - authorities.add(new SimpleGrantedAuthority(privilege.getName())); - } - return authorities; - } - - @Override - public boolean isAccountNonExpired() { - return true; - } - - @Override - public boolean isAccountNonLocked() { - return true; - } - - @Override - public boolean isCredentialsNonExpired() { - return true; - } - - @Override - public boolean isEnabled() { - return true; - } - - // - @Override public String toString() { final StringBuilder builder = new StringBuilder(); diff --git a/spring-security-custom-permission/src/main/java/org/baeldung/security/CustomMethodSecurityExpressionRoot.java b/spring-security-custom-permission/src/main/java/org/baeldung/security/CustomMethodSecurityExpressionRoot.java index a3f4644592..2d84536a14 100644 --- a/spring-security-custom-permission/src/main/java/org/baeldung/security/CustomMethodSecurityExpressionRoot.java +++ b/spring-security-custom-permission/src/main/java/org/baeldung/security/CustomMethodSecurityExpressionRoot.java @@ -16,7 +16,7 @@ public class CustomMethodSecurityExpressionRoot extends SecurityExpressionRoot i // public boolean isMember(Long OrganizationId) { - final User user = (User) this.getPrincipal(); + final User user = ((MyUserPrincipal) this.getPrincipal()).getUser(); return user.getOrganization().getId().longValue() == OrganizationId.longValue(); } diff --git a/spring-security-custom-permission/src/main/java/org/baeldung/security/MySecurityExpressionRoot.java b/spring-security-custom-permission/src/main/java/org/baeldung/security/MySecurityExpressionRoot.java index a09d166798..4d3561b325 100644 --- a/spring-security-custom-permission/src/main/java/org/baeldung/security/MySecurityExpressionRoot.java +++ b/spring-security-custom-permission/src/main/java/org/baeldung/security/MySecurityExpressionRoot.java @@ -47,6 +47,14 @@ public class MySecurityExpressionRoot implements MethodSecurityExpressionOperati throw new RuntimeException("method hasAuthority() not allowed"); } + // + public boolean isMember(Long OrganizationId) { + final User user = ((MyUserPrincipal) this.getPrincipal()).getUser(); + return user.getOrganization().getId().longValue() == OrganizationId.longValue(); + } + + // + @Override public final boolean hasAnyAuthority(String... authorities) { return hasAnyAuthorityName(null, authorities); @@ -168,14 +176,6 @@ public class MySecurityExpressionRoot implements MethodSecurityExpressionOperati return defaultRolePrefix + role; } - // - public boolean isMember(Long OrganizationId) { - final User user = (User) this.getPrincipal(); - return user.getOrganization().getId().longValue() == OrganizationId.longValue(); - } - - // - @Override public Object getFilterObject() { return this.filterObject; diff --git a/spring-security-custom-permission/src/main/java/org/baeldung/security/MyUserDetailsService.java b/spring-security-custom-permission/src/main/java/org/baeldung/security/MyUserDetailsService.java index 19276a906e..685219728f 100644 --- a/spring-security-custom-permission/src/main/java/org/baeldung/security/MyUserDetailsService.java +++ b/spring-security-custom-permission/src/main/java/org/baeldung/security/MyUserDetailsService.java @@ -26,6 +26,6 @@ public class MyUserDetailsService implements UserDetailsService { if (user == null) { throw new UsernameNotFoundException(username); } - return user; + return new MyUserPrincipal(user); } } diff --git a/spring-security-custom-permission/src/main/java/org/baeldung/security/MyUserPrincipal.java b/spring-security-custom-permission/src/main/java/org/baeldung/security/MyUserPrincipal.java new file mode 100644 index 0000000000..437bb02cdb --- /dev/null +++ b/spring-security-custom-permission/src/main/java/org/baeldung/security/MyUserPrincipal.java @@ -0,0 +1,72 @@ +package org.baeldung.security; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +import org.baeldung.persistence.model.Privilege; +import org.baeldung.persistence.model.User; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.userdetails.UserDetails; + +public class MyUserPrincipal implements UserDetails { + + private static final long serialVersionUID = 1L; + + private final User user; + + // + + public MyUserPrincipal(User user) { + this.user = user; + } + + // + + @Override + public String getUsername() { + return user.getUsername(); + } + + @Override + public String getPassword() { + return user.getPassword(); + } + + @Override + public Collection getAuthorities() { + final List authorities = new ArrayList(); + for (final Privilege privilege : user.getPrivileges()) { + authorities.add(new SimpleGrantedAuthority(privilege.getName())); + } + return authorities; + } + + @Override + public boolean isAccountNonExpired() { + return true; + } + + @Override + public boolean isAccountNonLocked() { + return true; + } + + @Override + public boolean isCredentialsNonExpired() { + return true; + } + + @Override + public boolean isEnabled() { + return true; + } + + // + + public User getUser() { + return user; + } + +} diff --git a/spring-security-custom-permission/src/main/java/org/baeldung/web/MainController.java b/spring-security-custom-permission/src/main/java/org/baeldung/web/MainController.java index 4a041a9fa6..4752f7bdd9 100644 --- a/spring-security-custom-permission/src/main/java/org/baeldung/web/MainController.java +++ b/spring-security-custom-permission/src/main/java/org/baeldung/web/MainController.java @@ -5,7 +5,6 @@ import org.baeldung.persistence.model.Foo; import org.baeldung.persistence.model.Organization; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; -import org.springframework.security.access.prepost.PostAuthorize; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.PathVariable; @@ -22,7 +21,8 @@ public class MainController { @Autowired private OrganizationRepository organizationRepository; - @PostAuthorize("hasPermission(returnObject, 'read')") + // @PostAuthorize("hasPermission(returnObject, 'read')") + @PreAuthorize("hasPermission(#id, 'Foo', 'read')") @RequestMapping(method = RequestMethod.GET, value = "/foos/{id}") @ResponseBody public Foo findById(@PathVariable final long id) {