[BAEL-1411:tlinh2110] Add example for PostAuthorize

This commit is contained in:
linhvovn 2018-01-08 01:27:53 +08:00
parent 2bac6f88e7
commit b0d331f2dd
2 changed files with 20 additions and 5 deletions

View File

@ -64,11 +64,13 @@ public class UserRoleService {
@PreAuthorize("#username == authentication.principal.username")
public String getMyRoles(String username) {
SecurityContext securityContext = SecurityContextHolder.getContext();
return securityContext
.getAuthentication()
.getAuthorities()
.stream()
.map(auth -> auth.getAuthority()).collect(Collectors.joining(","));
return securityContext.getAuthentication().getAuthorities().stream().map(auth -> auth.getAuthority()).collect(Collectors.joining(","));
}
@PostAuthorize("#username == authentication.principal.username")
public String getMyRoles2(String username) {
SecurityContext securityContext = SecurityContextHolder.getContext();
return securityContext.getAuthentication().getAuthorities().stream().map(auth -> auth.getAuthority()).collect(Collectors.joining(","));
}
@PostAuthorize("returnObject.username == authentication.principal.nickName")

View File

@ -98,6 +98,19 @@ public class TestMethodSecurity {
userRoleService.getMyRoles("jane");
}
@Test
@WithMockUser(username = "john", roles = { "ADMIN", "USER", "VIEWER" })
public void givenUserJohn_whenCallGetMyRoles2WithJohn_thenReturnRoles() {
String roles = userRoleService.getMyRoles2("john");
assertEquals("ROLE_ADMIN,ROLE_USER,ROLE_VIEWER", roles);
}
@Test(expected = AccessDeniedException.class)
@WithMockUser(username = "john", roles = { "ADMIN", "USER", "VIEWER" })
public void givenUserJane_whenCallGetMyRoles2WithJane_thenAccessDenied() {
userRoleService.getMyRoles2("jane");
}
@Test(expected = AccessDeniedException.class)
@WithAnonymousUser
public void givenAnomynousUser_whenCallGetUsername_thenAccessDenied() {