From ae02203dabbf60d17b50305e2383f94e9f748bc6 Mon Sep 17 00:00:00 2001
From: Michael Pratt <prattm@gmail.com>
Date: Mon, 19 Feb 2024 22:56:21 -0700
Subject: [PATCH] [BAEL-7438] Custom Spring AuthorizationManager example

---
 .../authorizationmanager/DemoController.java  | 28 ++++++++
 .../DemoSecurityConfig.java                   | 65 +++++++++++++++++++
 ...ingSecurityAuthManagerDemoApplication.java | 14 ++++
 3 files changed, 107 insertions(+)
 create mode 100644 spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authorizationmanager/DemoController.java
 create mode 100644 spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authorizationmanager/DemoSecurityConfig.java
 create mode 100644 spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authorizationmanager/SpringSecurityAuthManagerDemoApplication.java

diff --git a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authorizationmanager/DemoController.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authorizationmanager/DemoController.java
new file mode 100644
index 0000000000..9d9e7fd245
--- /dev/null
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authorizationmanager/DemoController.java
@@ -0,0 +1,28 @@
+package com.baeldung.authorizationmanager;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class DemoController {
+    @GetMapping("/anonymous")
+    public String anonymousResource() {
+        return "anonymous";
+    }
+
+    @GetMapping("/adminonly")
+    public String adminResource() {
+        return "admin only";
+    }
+
+    @GetMapping("/authororeditor")
+    public String authorOrEditorResource() {
+        return "author or editor";
+    }
+
+    @GetMapping("/custom")
+    public String customResource() {
+        return "custom";
+    }
+}
+
diff --git a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authorizationmanager/DemoSecurityConfig.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authorizationmanager/DemoSecurityConfig.java
new file mode 100644
index 0000000000..63a3f04365
--- /dev/null
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authorizationmanager/DemoSecurityConfig.java
@@ -0,0 +1,65 @@
+package com.baeldung.authorizationmanager;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authorization.AuthorizationDecision;
+import org.springframework.security.authorization.AuthorizationManager;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
+
+import java.util.Random;
+import java.util.function.Supplier;
+
+import static org.springframework.security.config.Customizer.withDefaults;
+
+@Configuration
+@EnableMethodSecurity
+public class DemoSecurityConfig {
+
+    @Bean
+    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http.authorizeHttpRequests((authorize) -> authorize
+            .requestMatchers("/custom/**").access(customAuthManager())
+            .requestMatchers("/adminonly/**").hasRole("ADMIN")
+            .requestMatchers("/editororauthor/**").hasAnyRole("EDITOR","AUTHOR")
+            .anyRequest().permitAll())
+            .formLogin(withDefaults());
+        return http.build();
+    }
+
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService() {
+        UserDetails admin = User.withUsername("admin")
+            .password(passwordEncoder().encode("admin"))
+            .roles("ADMIN")
+            .build();
+        UserDetails author = User.withUsername("author")
+            .password(passwordEncoder().encode("author"))
+            .roles("AUTHOR")
+            .build();
+        UserDetails editor = User.withUsername("editor")
+            .password(passwordEncoder().encode("editor"))
+            .roles("EDITOR")
+            .build();
+        return new InMemoryUserDetailsManager(admin, author, editor);
+    }
+
+    @Bean
+    PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Bean
+    AuthorizationManager<RequestAuthorizationContext> customAuthManager() {
+        return (authentication, object) -> new AuthorizationDecision(new Random().nextBoolean());
+    }
+}
+
diff --git a/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authorizationmanager/SpringSecurityAuthManagerDemoApplication.java b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authorizationmanager/SpringSecurityAuthManagerDemoApplication.java
new file mode 100644
index 0000000000..fc3f2657fe
--- /dev/null
+++ b/spring-security-modules/spring-security-core-2/src/main/java/com/baeldung/authorizationmanager/SpringSecurityAuthManagerDemoApplication.java
@@ -0,0 +1,14 @@
+package com.baeldung.authorizationmanager;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class SpringSecurityAuthManagerDemoApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(SpringSecurityAuthManagerDemoApplication.class, args);
+    }
+}
+
+