[BAEL-1411:tlinh2110] Add example for PostAuthorize

2018-01-08 01:27:53 +08:00 · 2018-01-08 01:27:53 +08:00 · b0d331f2dd
parent 2bac6f88e7
commit b0d331f2dd
2 changed files with 20 additions and 5 deletions
--- a/spring-security-core/src/main/java/org/baeldung/methodsecurity/service/UserRoleService.java
+++ b/spring-security-core/src/main/java/org/baeldung/methodsecurity/service/UserRoleService.java
@ -64,11 +64,13 @@ public class UserRoleService {
    @PreAuthorize("#username == authentication.principal.username")
    public String getMyRoles(String username) {
        SecurityContext securityContext = SecurityContextHolder.getContext();
-        return securityContext
-                .getAuthentication()
-                .getAuthorities()
-                .stream()
-                .map(auth -> auth.getAuthority()).collect(Collectors.joining(","));
+        return securityContext.getAuthentication().getAuthorities().stream().map(auth -> auth.getAuthority()).collect(Collectors.joining(","));
+    }
+
+    @PostAuthorize("#username == authentication.principal.username")
+    public String getMyRoles2(String username) {
+        SecurityContext securityContext = SecurityContextHolder.getContext();
+        return securityContext.getAuthentication().getAuthorities().stream().map(auth -> auth.getAuthority()).collect(Collectors.joining(","));
    }

    @PostAuthorize("returnObject.username == authentication.principal.nickName")
--- a/spring-security-core/src/test/java/org/baeldung/methodsecurity/TestMethodSecurity.java
+++ b/spring-security-core/src/test/java/org/baeldung/methodsecurity/TestMethodSecurity.java
@ -97,6 +97,19 @@ public class TestMethodSecurity {
    public void givenUserJane_whenCallGetMyRolesWithJane_thenAccessDenied() {
        userRoleService.getMyRoles("jane");
    }
+    
+    @Test
+    @WithMockUser(username = "john", roles = { "ADMIN", "USER", "VIEWER" })
+    public void givenUserJohn_whenCallGetMyRoles2WithJohn_thenReturnRoles() {
+        String roles = userRoleService.getMyRoles2("john");
+        assertEquals("ROLE_ADMIN,ROLE_USER,ROLE_VIEWER", roles);
+    }
+
+    @Test(expected = AccessDeniedException.class)
+    @WithMockUser(username = "john", roles = { "ADMIN", "USER", "VIEWER" })
+    public void givenUserJane_whenCallGetMyRoles2WithJane_thenAccessDenied() {
+        userRoleService.getMyRoles2("jane");
+    }

    @Test(expected = AccessDeniedException.class)
    @WithAnonymousUser