org.springframework.security.access.prepost.PostAuthorize Java Examples

@Override
protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
    Annotation[] annotations = AnnotationUtils.getAnnotations(method);
    List<ConfigAttribute> attributes = new ArrayList<>();

    // if the class is annotated as @Controller we should by default deny access to every method
    if (AnnotationUtils.findAnnotation(targetClass, Controller.class) != null) {
        attributes.add(DENY_ALL_ATTRIBUTE);
    }

    if (annotations != null) {
        for (Annotation a : annotations) {
            // but not if the method has at least a PreAuthorize or PostAuthorize annotation
            if (a instanceof PreAuthorize || a instanceof PostAuthorize) {
                return null;
            }
        }
    }
    return attributes;
}
 

/**
 * Reads a data point.
 *
 * @param id the identifier of the data point to read
 * @return a matching data point, if found
 */
// TODO can identifiers be relative, e.g. to a namespace?
// TODO confirm if HEAD handling needs anything additional
// only allow clients with read scope to read a data point
@PreAuthorize("#oauth2.clientHasRole('" + CLIENT_ROLE + "') and #oauth2.hasScope('" + DATA_POINT_READ_SCOPE + "')")
// ensure that the returned data point belongs to the user associated with the access token
@PostAuthorize("returnObject.body == null || returnObject.body.header.userId == principal.username")
@RequestMapping(value = "/dataPoints/{id}", method = {HEAD, GET}, produces = APPLICATION_JSON_VALUE)
public
@ResponseBody
ResponseEntity<DataPoint> readDataPoint(@PathVariable String id) {

    Optional<DataPoint> dataPoint = dataPointService.findOne(id);

    if (!dataPoint.isPresent()) {
        return new ResponseEntity<>(NOT_FOUND);
    }

    // FIXME test @PostAuthorize
    return new ResponseEntity<>(dataPoint.get(), OK);
}
 

@PostAuthorize("hasPermission(#applicationName, 'APPLICATION', 'READ')")
@ApiOperation(value = "", notes = "Fetch a single application by name")
@RequestMapping(method = RequestMethod.GET, value = "/{applicationName:.+}")
public Application get(@PathVariable final String applicationName) {
  Application app = applicationDAO.findByName(applicationName.toUpperCase());

  try {
    Application.Permission perm =
        applicationPermissionDAO.map(it -> it.findById(app.getName())).orElse(null);
    if (perm != null && perm.getPermissions().isRestricted()) {
      app.details().put("permissions", perm.getPermissions());
    } else {
      app.details().remove("permissions");
    }
  } catch (NotFoundException nfe) {
    // ignored.
  }

  return app;
}
 

@PostAuthorize("hasPermission(#name, 'APPLICATION', 'READ')")
@RequestMapping(value = "{type}/{name}", method = RequestMethod.GET)
public Notification listByApplication(
    @PathVariable(value = "type") String type, @PathVariable(value = "name") String name) {
  HierarchicalLevel level = getLevel(type);
  final Notification notification = notificationDAO.get(level, name);

  if (level.equals(HierarchicalLevel.APPLICATION)) {
    final Object global = getGlobal();

    NotificationDAO.NOTIFICATION_FORMATS.forEach(
        it -> {
          if (UntypedUtils.hasProperty(global, it)) {
            if (!UntypedUtils.hasProperty(notification, it)) {
              UntypedUtils.setProperty(notification, it, new ArrayList<>());
            }

            ((List) UntypedUtils.getProperty(notification, it))
                .addAll((List) UntypedUtils.getProperty(global, it));
          }
        });
  }

  return notification;
}
 

@Override
@EntityGraph(attributePaths = {"dashboardBoxes"})
@PostAuthorize("hasRole('POWER_ADMIN_USER') or hasAuthority('DASHBOARD_READ')")
Dashboard findOne(Predicate predicate);
 

@Override
@EntityGraph(attributePaths = {"dashboardBoxType", "width", "height"})
@PostAuthorize("hasRole('POWER_ADMIN_USER') or hasAuthority('DASHBOARD_BOX_READ')")
DashboardBox findOne(Predicate predicate);
 

@RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = {"application/json"})
@ResponseStatus(HttpStatus.OK)
@PostAuthorize("hasPermission(returnObject,'PROJECTS_VIEW')")
public Project getProject(@PathVariable Integer id) {
	logger.info("[getProject({})] started ...", id);
	Project result = projectsService.getProject(id);
	logger.info("[getProject({})] done, result: {}", id, result);
	return result;
}
 

@PostAuthorize("hasPermission(returnObject.application, 'APPLICATION', 'READ')")
@RequestMapping(value = "/{id:.+}/{timestamp:.+}", method = RequestMethod.GET)
public Snapshot getVersionByTimestamp(
    @PathVariable String id,
    @PathVariable String timestamp,
    @RequestParam(value = "limit", defaultValue = "20") int limit) {
  final Long creationTime = Long.parseLong(timestamp);
  return snapshotDAO.history(id, limit).stream()
      .filter(it -> Objects.equals(it.getTimestamp(), creationTime))
      .findFirst()
      .orElseThrow(() -> new NotFoundException("Snapshot not found"));
}
 

@ApiOperation(value="获取用户", notes="根据url的id来获取用户详细信息")
@ApiImplicitParam(name = "id", value = "用户ID", required = true, dataType = "String", paramType = "path")
@PostAuthorize("returnObject.username == principal.username or hasRole('ROLE_ADMIN')")
@RequestMapping(value = "/{id}", method = RequestMethod.GET)
public User getUser(@PathVariable String id) {
    return repository.findOne(id);
}
 

@EntityGraph(attributePaths = {"kind", "type"})
@PostAuthorize("hasRole('POWER_ADMIN_USER') or hasAuthority('DASHBOARD_BOX_TYPE_READ')")
DashboardBoxType findByName(@Param("name") String name);
 

@Override
@PostAuthorize("hasRole('POWER_ADMIN_USER') or hasAuthority('ADMIN_USER_ROLE_READ')")
Role findOne(Long id);
 

@PostAuthorize("hasPermission(returnObject.application, 'APPLICATION', 'READ')")
@RequestMapping(value = "/{id:.+}", method = RequestMethod.GET)
public Snapshot getCurrent(@PathVariable String id) {
  return snapshotDAO.findById(id);
}
 

@PostAuthorize("hasPermission(returnObject.application, 'APPLICATION', 'READ')")
@ApiOperation(value = "", notes = "Get a delivery config by id")
@RequestMapping(method = RequestMethod.GET, value = "deliveries/{id}")
Delivery getConfigById(@PathVariable String id) {
  return deliveryRepository.findById(id);
}
 

@PostAuthorize("hasPermission(returnObject, 'read')")
WidgetComment getWidgetComment(String widgetId, String id);
 

@PostAuthorize("#username == authentication.principal.username")
public String getMyRoles2(String username) {
    SecurityContext securityContext = SecurityContextHolder.getContext();
    return securityContext.getAuthentication().getAuthorities().stream().map(auth -> auth.getAuthority()).collect(Collectors.joining(","));
}
 

@PostAuthorize("returnObject.username == authentication.principal.nickName")
public CustomUser loadUserDetail(String username) {
    return userRoleRepository.loadUserByUserName(username);
}
 

@PreAuthorize("#username == authentication.principal.username")
@PostAuthorize("returnObject.username == authentication.principal.nickName")
public CustomUser securedLoadUserDetail(String username) {
    return userRoleRepository.loadUserByUserName(username);
}
 

@PreAuthorize("@fiatPermissionEvaluator.storeWholePermission()")
@PostAuthorize("hasPermission(returnObject.application, 'APPLICATION', 'READ')")
@RequestMapping(value = "{id:.+}/get", method = RequestMethod.GET)
public Pipeline get(@PathVariable String id) {
  return pipelineDAO.findById(id);
}
 

@Override
@EntityGraph(attributePaths = {"authorities"})
@PostAuthorize("hasRole('POWER_ADMIN_USER') or hasAuthority('GROUP_READ')")
Group findOne(Predicate predicate);
 

@Override
@EntityGraph(attributePaths = {"dashboards", "roles", "authorities", "groups", "salutation"})
@PostAuthorize("hasRole('POWER_ADMIN_USER') or (hasRole('ADMIN_USER') and hasAuthority('ADMIN_USER_READ'))")
User findOne(Predicate predicate);
 

@Override
@EntityGraph(attributePaths = {"dashboards", "roles", "authorities", "groups", "salutation"})
@PostAuthorize("hasRole('POWER_ADMIN_USER') or (hasRole('ADMIN_USER') and hasAuthority('ADMIN_USER_READ'))")
User findOne(Long id);
 

@Override
@PostAuthorize("hasRole('POWER_ADMIN_USER') or hasAuthority('AUTHORITY_READ')")
Authority findOne(Predicate predicate);
 

@PostAuthorize("hasRole('POWER_ADMIN_USER') or hasAuthority('AUTHORITY_READ')")
Authority findByName(@Param("name") String name);
 

@Override
@PostAuthorize("hasRole('POWER_ADMIN_USER') or hasAuthority('AUTHORITY_READ')")
Authority findOne(Long id);
 

@Override
@EntityGraph(attributePaths = {"customer"})
@PostAuthorize("hasRole('POWER_ADMIN_USER') or (hasRole('ADMIN_USER') and hasAuthority('CUSTOMER_USER_READ'))")
User findOne(Predicate predicate);
 

@Override
@PostAuthorize("hasRole('POWER_ADMIN_USER') or hasAuthority('ADMIN_USER_ROLE_READ')")
Role findOne(Predicate predicate);
 

@Override
@EntityGraph(attributePaths = {"authorities"})
@PostAuthorize("hasRole('POWER_ADMIN_USER') or hasAuthority('GROUP_READ')")
Group findOne(Long id);
 

@EntityGraph(attributePaths = {"authorities"})
@PostAuthorize("hasRole('POWER_ADMIN_USER') or hasAuthority('GROUP_READ')")
Group findByName(@Param("name") String name);
 

@PostAuthorize("hasRole('POWER_ADMIN_USER') or hasAuthority('ADMIN_USER_ROLE_READ')")
Role findByName(@Param("name") String name);
 

@PostAuthorize("returnObject.orElse(null)?.employee == authentication.name or hasRole('HR')")
public Optional<LeaveRequest> retrieve(UUID id) {
	return repo.findById(id);
}