org.springframework.security.access.prepost.PostFilter Java Examples

The following examples show how to use org.springframework.security.access.prepost.PostFilter. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: CubeService.java    From Kylin with Apache License 2.0 6 votes vote down vote up
@PostFilter(Constant.ACCESS_POST_FILTER_READ)
public List<CubeInstance> listAllCubes(final String cubeName, final String projectName) {
    List<CubeInstance> cubeInstances = null;
    ProjectInstance project = (null != projectName) ? getProjectManager().getProject(projectName) : null;

    if (null == project) {
        cubeInstances = getCubeManager().listAllCubes();
    } else {
        cubeInstances = listAllCubes(projectName);
    }

    List<CubeInstance> filterCubes = new ArrayList<CubeInstance>();
    for (CubeInstance cubeInstance : cubeInstances) {
        boolean isCubeMatch = (null == cubeName) || cubeInstance.getName().toLowerCase().contains(cubeName.toLowerCase());

        if (isCubeMatch) {
            filterCubes.add(cubeInstance);
        }
    }

    return filterCubes;
}
 
Example #2
Source File: SampleController.java    From tutorial with MIT License 5 votes vote down vote up
/**
 * PreFilter/PostFilter这2个注解的作用是过滤参数/返回值的;PreFilter会按照注解参数设定,只保留符合规则的参数传给方法;
 * PostFilter则把方法返回值再次过滤,只保留符合规则的返回给客户端。
 * 例如下面的例子,PreFilter会过滤掉客户端传递过来的参数中所有不以a开头的字符串;而PostFilter则过滤掉返回数据中所有不以b结尾的字符串。
 * 执行时,客户端传递的字符串数组,只有以a开头的会被打印,并且只有以a开头并以b结尾的字符串才可以被返回给客户端;
 * PreFilter/PostFilter也和PreAuthorize/PostAuthorize一样必须用@EnableGlobalMethodSecurity(prePostEnabled = true打开才能用。
 */
@PostMapping("/children")
@PreFilter(filterTarget="list", value="filterObject.startsWith('a')")
@PostFilter("filterObject.endsWith('b')")
public List<String> echo(@RequestBody List<String> list){
    if(log.isTraceEnabled()) {
        log.trace("echo ... list.size()= " + list.size());
        for(String s : list) {
            log.trace("  " + s );
        }
    }
    return list;
}
 
Example #3
Source File: DefaultPersonService.java    From openregistry with Apache License 2.0 5 votes vote down vote up
@PostFilter("hasPermission(filterObject, 'read')")
public List<PersonMatch> searchForPersonBy(final SearchCriteria searchCriteria) {

    if (StringUtils.hasText(searchCriteria.getIdentifierValue())) {
        final String identifierValue = searchCriteria.getIdentifierValue();
                final Person person = this.findPersonByIdentifier(searchCriteria.getIdentifierType().getName(), identifierValue);
                if (person != null)
                    return new ArrayList<PersonMatch>(Arrays.asList(new PersonMatchImpl(person, 100, new ArrayList<FieldMatch>())));
                else  return new ArrayList<PersonMatch>();
    }
    final List<Person> persons = this.personRepository.searchByCriteria(searchCriteria);
    return createMatches(persons);
}
 
Example #4
Source File: SnapshotsController.java    From front50 with Apache License 2.0 5 votes vote down vote up
@PreAuthorize("@fiatPermissionEvaluator.storeWholePermission()")
@PostFilter("hasPermission(filterObject.application, 'APPLICATION', 'READ')")
@RequestMapping(value = "/{id:.+}/history", method = RequestMethod.GET)
public Collection<Snapshot> getHistory(
    @PathVariable String id, @RequestParam(value = "limit", defaultValue = "20") int limit) {
  return snapshotDAO.history(id, limit);
}
 
Example #5
Source File: PipelineController.java    From front50 with Apache License 2.0 5 votes vote down vote up
@PreAuthorize("@fiatPermissionEvaluator.storeWholePermission()")
@PostFilter("hasPermission(filterObject.application, 'APPLICATION', 'READ')")
@RequestMapping(value = "{id:.+}/history", method = RequestMethod.GET)
public Collection<Pipeline> getHistory(
    @PathVariable String id, @RequestParam(value = "limit", defaultValue = "20") int limit) {
  return pipelineDAO.history(id, limit);
}
 
Example #6
Source File: PipelineController.java    From front50 with Apache License 2.0 5 votes vote down vote up
@PreAuthorize("#restricted ? @fiatPermissionEvaluator.storeWholePermission() : true")
@PostFilter("#restricted ? hasPermission(filterObject.name, 'APPLICATION', 'READ') : true")
@RequestMapping(value = "", method = RequestMethod.GET)
public Collection<Pipeline> list(
    @RequestParam(required = false, value = "restricted", defaultValue = "true")
        boolean restricted,
    @RequestParam(required = false, value = "refresh", defaultValue = "true") boolean refresh) {
  return pipelineDAO.all(refresh);
}
 
Example #7
Source File: BookRepository.java    From spring-data-rest-acl with Apache License 2.0 4 votes vote down vote up
@Override
   @PostFilter("hasPermission(filterObject, 'read') or hasPermission(filterObject, admin)")
Iterable<Book> findAll();
 
Example #8
Source File: NoticeMessageRepository.java    From tutorials with MIT License 4 votes vote down vote up
@PostFilter("hasPermission(filterObject, 'READ')")
List<NoticeMessage> findAll();
 
Example #9
Source File: TaskService.java    From tutorials with MIT License 4 votes vote down vote up
@PostFilter("hasRole('MANAGER') or filterObject.assignee == authentication.name")
public Iterable<Task> findAll() {
    return taskRepository.findAll();
}
 
Example #10
Source File: UserRoleService.java    From tutorials with MIT License 4 votes vote down vote up
@PostFilter("filterObject != authentication.principal.username")
public List<String> getAllUsernamesExceptCurrent() {
    return userRoleRepository.getAllUsernames();
}
 
Example #11
Source File: DeliveryController.java    From front50 with Apache License 2.0 4 votes vote down vote up
@PostFilter("hasPermission(filterObject.application, 'APPLICATION', 'READ')")
@ApiOperation(value = "", notes = "Get all delivery configs")
@RequestMapping(method = RequestMethod.GET, value = "/deliveries")
Collection<Delivery> getAllConfigs() {
  return deliveryRepository.getAllConfigs();
}
 
Example #12
Source File: StrategyController.java    From front50 with Apache License 2.0 4 votes vote down vote up
@PostFilter("hasPermission(filterObject.application, 'APPLICATION', 'READ')")
@RequestMapping(value = "{id:.+}/history", method = RequestMethod.GET)
public Collection<Pipeline> getHistory(
    @PathVariable String id, @RequestParam(value = "limit", defaultValue = "20") int limit) {
  return pipelineStrategyDAO.history(id, limit);
}
 
Example #13
Source File: StrategyController.java    From front50 with Apache License 2.0 4 votes vote down vote up
@PreAuthorize("@fiatPermissionEvaluator.storeWholePermission()")
@PostFilter("hasPermission(filterObject.application, 'APPLICATION', 'READ')")
@RequestMapping(value = "", method = RequestMethod.GET)
public Collection<Pipeline> list() {
  return pipelineStrategyDAO.all();
}
 
Example #14
Source File: ProjectService.java    From kylin-on-parquet-v2 with Apache License 2.0 4 votes vote down vote up
@PostFilter(Constant.ACCESS_POST_FILTER_READ)
public List<ProjectInstance> listProjects(final Integer limit, final Integer offset) {
    List<ProjectInstance> projects = listAllProjects(limit, offset);
    return projects;
}
 
Example #15
Source File: ProjectService.java    From kylin with Apache License 2.0 4 votes vote down vote up
@PostFilter(Constant.ACCESS_POST_FILTER_READ)
public List<ProjectInstance> listProjects(final Integer limit, final Integer offset) {
    List<ProjectInstance> projects = listAllProjects(limit, offset);
    return projects;
}
 
Example #16
Source File: ShortMessageService.java    From Spring-Boot-2-Fundamentals with MIT License 4 votes vote down vote up
@PostFilter("isAnonymous() || " +
        "filterObject.author.username == authentication.name")
public List<ShortMessage> findAll() {
    // If you want to use @PostFilter, use a modifiable copy!
    return new ArrayList<>(shortMessages);
}
 
Example #17
Source File: OverAnnotatedService.java    From Spring-Boot-2-Fundamentals with MIT License 4 votes vote down vote up
@PreFilter("filterObject.content.length() < 240 or hasRole('ADMIN')")
@PostFilter("filterObject.author.name == authentication.name")
public List<ShortMessage> saveAndReturnAll(List<ShortMessage> posts) {
    return posts;
}
 
Example #18
Source File: CalendarService.java    From Spring-Security-Third-Edition with MIT License 2 votes vote down vote up
/**
     * Gets all the available {@link Event}'s.
     *
     * @return a non-null {@link List} of {@link Event}'s
     */
//    @RolesAllowed({"ROLE_ADMIN"})
    @PostFilter("principal.id == filterObject.owner.id or " +
                "principal.id == filterObject.attendee.id")
    List<Event> getEvents();
 
Example #19
Source File: CalendarService.java    From Spring-Security-Third-Edition with MIT License 2 votes vote down vote up
/**
 * Gets all the available {@link Event}'s.
 *
 * @return a non-null {@link List} of {@link Event}'s
 */
@PostFilter("hasPermission(filterObject, 'read') " +
        "or hasPermission(filterObject, 'admin_read')")
List<Event> getEvents();
 
Example #20
Source File: CalendarService.java    From Spring-Security-Third-Edition with MIT License 2 votes vote down vote up
/**
 * Gets all the available {@link Event}'s.
 *
 * @return a non-null {@link List} of {@link Event}'s
 */
@PostFilter("hasPermission(filterObject, 'read') " +
        "or hasPermission(filterObject, 'admin_read')")
List<Event> getEvents();
 
Example #21
Source File: CalendarService.java    From Spring-Security-Third-Edition with MIT License 2 votes vote down vote up
/**
 * Gets all the available {@link Event}'s.
 *
 * @return a non-null {@link List} of {@link Event}'s
 */
@PostFilter("hasPermission(filterObject, 'read')")
List<Event> getEvents();
 
Example #22
Source File: CalendarService.java    From Spring-Security-Third-Edition with MIT License 2 votes vote down vote up
/**
 * Gets all the available {@link Event}'s.
 *
 * @return a non-null {@link List} of {@link Event}'s
 */
@PostFilter("hasPermission(filterObject, 'read') " +
        "or hasPermission(filterObject, 'admin_read')")
List<Event> getEvents();
 
Example #23
Source File: CategoryService.java    From attic-rave with Apache License 2.0 2 votes vote down vote up
/**
 * @return a {@link java.util.List} with all {@link org.apache.rave.model.Category}'s
 */
@PostFilter("hasPermission(filterObject, 'read')")
List<Category> getAllList();
 
Example #24
Source File: PageService.java    From attic-rave with Apache License 2.0 2 votes vote down vote up
/**
 * Gets the set of pages for the given user and context
 *
 * @since 0.22
 * @param context the context for the pages ex: "portal", "profile", etc.
 * @param contextId the identifier of the item in the context that matches the page.
 *                  examples:
 *                      context: "person_profile", contextId: "profile owner's id"
 *                      context: "group", contextId: "group id"
 *                      context: "project", contextId: "project number"
 *                      context: "dashboard", contextId: "subject"
 *                      context: "portal", contextId: "owner's id"
 *
 * @return A non-null, possibly empty list of page for the given user.
 */
@PostFilter("hasPermission(filterObject, 'read')")
List<Page> getPages(String context, String contextId);
 
Example #25
Source File: CalendarService.java    From Spring-Security-Third-Edition with MIT License 2 votes vote down vote up
/**
 * Gets all the available {@link Event}'s.
 *
 * @return a non-null {@link List} of {@link Event}'s
 */
@PostFilter("hasPermission(filterObject, 'read')")
List<Event> getEvents();
 
Example #26
Source File: CalendarService.java    From Spring-Security-Third-Edition with MIT License 2 votes vote down vote up
/**
 * Gets all the available {@link Event}'s.
 *
 * @return a non-null {@link List} of {@link Event}'s
 */
@PostFilter("hasPermission(filterObject, 'read')")
List<Event> getEvents();
 
Example #27
Source File: ContactService.java    From JavaSecurity with Apache License 2.0 2 votes vote down vote up
/**
 * This method loads all contacts from the database and removes those contacts from the resulting list that don't
 * belong to the currently authenticated user. In a real application the select query would already contain the
 * user id and return only those contacts that the user is allowed to see. However to demonstrate some Spring
 * Security capabilities, all filtering is done via the {@code PostFilter} annotation.
 *
 * @return The list of contacts for the currently authenticated user
 */
@PreAuthorize("hasRole('USER')")
@PostFilter("filterObject.username == principal.username")
List<Contact> getContacts() {
    return jdbcTemplate.query("SELECT * FROM contacts", (rs, rowNum) -> createContact(rs));
}