Projekt

Obecné

Profil

« Předchozí | Další » 

Revize a1306c71

Přidáno uživatelem Jakub Danek před více než 5 roky(ů)

re #37 support for custom permission evaluators based on type

Zobrazit rozdíly:

server/src/main/java/org/danekja/ymanager/MethodSecurityConfiguration.java
1 1 
package org.danekja.ymanager;
2 2 

  		




  
  3
  
    
import org.danekja.ymanager.business.auth.permissions.DelegatingPermissionEvaluator;


  		




  
  4
  
    
import org.danekja.ymanager.business.auth.permissions.TypedPermissionEvaluator;


  		




  
  5
  
    
import org.springframework.beans.factory.annotation.Autowired;


  		




  
  6
  
    
import org.springframework.context.annotation.Bean;


  		




  3
  7
  
    
import org.springframework.context.annotation.Configuration;


  		




  
  8
  
    
import org.springframework.security.access.PermissionEvaluator;


  		




  
  9
  
    
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;


  		




  
  10
  
    
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;


  		




  4
  11
  
    
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;


  		




  5
  12
  
    
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;


  		




  6
  13
  
    

  		




  
  14
  
    
import java.util.HashMap;


  		




  
  15
  
    
import java.util.List;


  		




  
  16
  
    
import java.util.Map;


  		




  
  17
  
    

  		




  7
  18
  
    
@Configuration


  		




  8
  19
  
    
@EnableGlobalMethodSecurity (jsr250Enabled = true, prePostEnabled = true)


  		




  9
  20
  
    
public class MethodSecurityConfiguration extends GlobalMethodSecurityConfiguration {


  		




  
  21
  
    

  		




  
  22
  
    
    private final List<TypedPermissionEvaluator> permissionEvaluators;


  		




  
  23
  
    

  		




  
  24
  
    
    @Autowired


  		




  
  25
  
    
    public MethodSecurityConfiguration(List<TypedPermissionEvaluator> permissionEvaluators) {


  		




  
  26
  
    
        this.permissionEvaluators = permissionEvaluators;


  		




  
  27
  
    
    }


  		




  
  28
  
    

  		




  
  29
  
    
    @Override


  		




  
  30
  
    
    protected MethodSecurityExpressionHandler createExpressionHandler() {


  		




  
  31
  
    
        DefaultMethodSecurityExpressionHandler methodSecurityExpressionHandler = new DefaultMethodSecurityExpressionHandler();


  		




  
  32
  
    
        methodSecurityExpressionHandler.setPermissionEvaluator(permissionEvaluator());


  		




  
  33
  
    

  		




  
  34
  
    
        return methodSecurityExpressionHandler;


  		




  
  35
  
    
    }


  		




  
  36
  
    

  		




  
  37
  
    
    @Bean


  		




  
  38
  
    
    public PermissionEvaluator permissionEvaluator() {


  		




  
  39
  
    
        Map<String, PermissionEvaluator> map = new HashMap<>();


  		




  
  40
  
    

  		




  
  41
  
    
        // Build lookup table of PermissionEvaluator by supported target type


  		




  
  42
  
    
        for (TypedPermissionEvaluator permissionEvaluator : permissionEvaluators) {


  		




  
  43
  
    
            map.put(permissionEvaluator.getTargetType(), permissionEvaluator);


  		




  
  44
  
    
        }


  		




  
  45
  
    

  		




  
  46
  
    
        return new DelegatingPermissionEvaluator(map);


  		




  
  47
  
    
    }


  		




  10
  48
  
    
}


  		












  

    
      server/src/main/java/org/danekja/ymanager/business/auth/permissions/DelegatingPermissionEvaluator.java
    
  





  
  1
  
    
package org.danekja.ymanager.business.auth.permissions;


  		




  
  2
  
    

  		




  
  3
  
    
import org.springframework.security.access.PermissionEvaluator;


  		




  
  4
  
    
import org.springframework.security.access.expression.DenyAllPermissionEvaluator;


  		




  
  5
  
    
import org.springframework.security.core.Authentication;


  		




  
  6
  
    

  		




  
  7
  
    
import java.io.Serializable;


  		




  
  8
  
    
import java.util.Map;


  		




  
  9
  
    

  		




  
  10
  
    
/**


  		




  
  11
  
    
 * Custom permission evaluator which delegates permission check to other custom evaluators based on


  		




  
  12
  
    
 * target type.


  		




  
  13
  
    
 * <p>


  		




  
  14
  
    
 * This mechanism allows for custom evaluator for each of domain classes -> different logic when evaluating permissions.


  		




  
  15
  
    
 * <p>


  		




  
  16
  
    
 * Documentation: <a href="https://insource.io/blog/articles/custom-authorization-with-spring-boot.html">Source</a>


  		




  
  17
  
    
 */


  		




  
  18
  
    
public class DelegatingPermissionEvaluator implements PermissionEvaluator {


  		




  
  19
  
    

  		




  
  20
  
    
    private static final PermissionEvaluator denyAll = new DenyAllPermissionEvaluator();


  		




  
  21
  
    
    private final Map<String, PermissionEvaluator> permissionEvaluators;


  		




  
  22
  
    

  		




  
  23
  
    
    public DelegatingPermissionEvaluator(Map<String, PermissionEvaluator> permissionEvaluators) {


  		




  
  24
  
    
        this.permissionEvaluators = permissionEvaluators;


  		




  
  25
  
    
    }


  		




  
  26
  
    

  		




  
  27
  
    
    @Override


  		




  
  28
  
    
    public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {


  		




  
  29
  
    
        PermissionEvaluator permissionEvaluator = permissionEvaluators.get(targetDomainObject.getClass().getSimpleName());


  		




  
  30
  
    
        if (permissionEvaluator == null) {


  		




  
  31
  
    
            permissionEvaluator = denyAll;


  		




  
  32
  
    
        }


  		




  
  33
  
    

  		




  
  34
  
    
        return permissionEvaluator.hasPermission(authentication, targetDomainObject, permission);


  		




  
  35
  
    
    }


  		




  
  36
  
    

  		




  
  37
  
    
    @Override


  		




  
  38
  
    
    public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) {


  		




  
  39
  
    
        PermissionEvaluator permissionEvaluator = permissionEvaluators.get(targetType);


  		




  
  40
  
    
        if (permissionEvaluator == null) {


  		




  
  41
  
    
            permissionEvaluator = denyAll;


  		




  
  42
  
    
        }


  		




  
  43
  
    

  		




  
  44
  
    
        return permissionEvaluator.hasPermission(authentication, targetId, targetType, permission);


  		




  
  45
  
    
    }


  		




  
  46
  
    
}


  		












  

    
      server/src/main/java/org/danekja/ymanager/business/auth/permissions/TypedPermissionEvaluator.java
    
  





  
  1
  
    
package org.danekja.ymanager.business.auth.permissions;


  		




  
  2
  
    

  		




  
  3
  
    
import org.springframework.security.access.PermissionEvaluator;


  		




  
  4
  
    

  		




  
  5
  
    
/**


  		




  
  6
  
    
 * Custom {@link PermissionEvaluator} which is capable of checking


  		




  
  7
  
    
 * user permissions for single type.


  		




  
  8
  
    
 */


  		




  
  9
  
    
public interface TypedPermissionEvaluator extends PermissionEvaluator {


  		




  
  10
  
    

  		




  
  11
  
    
    /**


  		




  
  12
  
    
     * @return simpleName of target type (class)


  		




  
  13
  
    
     */


  		




  
  14
  
    
    String getTargetType();


  		




  
  15
  
    

  		




  
  16
  
    
}


  		












Také k dispozici:  Unified diff