From c9d60e614f8ce2f545a7df2e0d66783b826fbaf3 Mon Sep 17 00:00:00 2001
From: DOHA <dohae243@gmail.com>
Date: Sat, 30 Jul 2016 13:47:31 +0200
Subject: [PATCH] minor fix

---
 .../org/baeldung/security/CustomPermissionEvaluator.java | 9 +--------
 .../src/main/java/org/baeldung/web/MainController.java   | 3 ++-
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/spring-security-custom-permission/src/main/java/org/baeldung/security/CustomPermissionEvaluator.java b/spring-security-custom-permission/src/main/java/org/baeldung/security/CustomPermissionEvaluator.java
index e81f9f8939..5d96673a8f 100644
--- a/spring-security-custom-permission/src/main/java/org/baeldung/security/CustomPermissionEvaluator.java
+++ b/spring-security-custom-permission/src/main/java/org/baeldung/security/CustomPermissionEvaluator.java
@@ -10,17 +10,10 @@ public class CustomPermissionEvaluator implements PermissionEvaluator {
 
     @Override
     public boolean hasPermission(Authentication auth, Object targetDomainObject, Object permission) {
-        System.out.println(auth);
         if ((auth == null) || (targetDomainObject == null) || !(permission instanceof String)) {
             return false;
         }
-        String targetType = "";
-        if (targetDomainObject instanceof String) {
-            targetType = targetDomainObject.toString().toUpperCase();
-        } else {
-            targetType = targetDomainObject.getClass().getSimpleName().toUpperCase();
-            System.out.println(targetType);
-        }
+        final String targetType = targetDomainObject.getClass().getSimpleName().toUpperCase();
         return hasPrivilege(auth, targetType, permission.toString().toUpperCase());
     }
 
diff --git a/spring-security-custom-permission/src/main/java/org/baeldung/web/MainController.java b/spring-security-custom-permission/src/main/java/org/baeldung/web/MainController.java
index 7e279907c6..4a041a9fa6 100644
--- a/spring-security-custom-permission/src/main/java/org/baeldung/web/MainController.java
+++ b/spring-security-custom-permission/src/main/java/org/baeldung/web/MainController.java
@@ -5,6 +5,7 @@ import org.baeldung.persistence.model.Foo;
 import org.baeldung.persistence.model.Organization;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PostAuthorize;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -21,7 +22,7 @@ public class MainController {
     @Autowired
     private OrganizationRepository organizationRepository;
 
-    @PreAuthorize("hasPermission('Foo', 'read')")
+    @PostAuthorize("hasPermission(returnObject, 'read')")
     @RequestMapping(method = RequestMethod.GET, value = "/foos/{id}")
     @ResponseBody
     public Foo findById(@PathVariable final long id) {