minor fix

spring-security-custom-permission/src/main/java/org/baeldung/security/CustomPermissionEvaluator.java

@@ -10,17 +10,10 @@ public class CustomPermissionEvaluator implements PermissionEvaluator {
 
     @Override
     public boolean hasPermission(Authentication auth, Object targetDomainObject, Object permission) {
-        System.out.println(auth);
         if ((auth == null) || (targetDomainObject == null) || !(permission instanceof String)) {
             return false;
         }
-        String targetType = "";
+        final String targetType = targetDomainObject.getClass().getSimpleName().toUpperCase();
-        if (targetDomainObject instanceof String) {
-            targetType = targetDomainObject.toString().toUpperCase();
-        } else {
-            targetType = targetDomainObject.getClass().getSimpleName().toUpperCase();
-            System.out.println(targetType);
-        }
         return hasPrivilege(auth, targetType, permission.toString().toUpperCase());
     }
 

spring-security-custom-permission/src/main/java/org/baeldung/web/MainController.java

@@ -5,6 +5,7 @@ import org.baeldung.persistence.model.Foo;
 import org.baeldung.persistence.model.Organization;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PostAuthorize;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -21,7 +22,7 @@ public class MainController {
     @Autowired
     private OrganizationRepository organizationRepository;
 
-    @PreAuthorize("hasPermission('Foo', 'read')")
+    @PostAuthorize("hasPermission(returnObject, 'read')")
     @RequestMapping(method = RequestMethod.GET, value = "/foos/{id}")
     @ResponseBody
     public Foo findById(@PathVariable final long id) {