Java PostAuthorize类代码示例

import org.springframework.security.access.prepost.PostAuthorize; //导入依赖的package包/类
@Test
public void testAuthorizationDefined() throws NoSuchMethodException {
	assertTrue(PictureController.class.getMethod("getPicture", String.class, String.class, String.class).isAnnotationPresent(
			PreAuthorize.class));
	assertTrue(PictureController.class.getMethod("latestPicturesMetaByUserLimit", String.class, Integer.class,
               Integer.class).isAnnotationPresent(PostFilter.class));
	assertTrue(PictureController.class.getMethod("getPictureMeta", String.class, String.class).isAnnotationPresent(
			PreAuthorize.class));
	assertTrue(PictureController.class.getMethod("deletePicture", String.class, String.class).isAnnotationPresent(
			PreAuthorize.class));
       assertTrue(PictureController.class.getMethod("getNext", String.class, String.class).isAnnotationPresent(
               PostAuthorize.class));
       assertTrue(PictureController.class.getMethod("getNext", String.class, String.class).isAnnotationPresent(
               PreAuthorize.class));
       assertTrue(PictureController.class.getMethod("getPrevious", String.class, String.class).isAnnotationPresent(
               PostAuthorize.class));
       assertTrue(PictureController.class.getMethod("getPrevious", String.class, String.class).isAnnotationPresent(
               PreAuthorize.class));
}
 

import org.springframework.security.access.prepost.PostAuthorize; //导入依赖的package包/类
/**
 * Reads a data point.
 *
 * @param id the identifier of the data point to read
 * @return a matching data point, if found
 */
// TODO can identifiers be relative, e.g. to a namespace?
// TODO confirm if HEAD handling needs anything additional
// only allow clients with read scope to read a data point
@PreAuthorize("#oauth2.clientHasRole('" + CLIENT_ROLE + "') and #oauth2.hasScope('" + DATA_POINT_READ_SCOPE + "')")
// ensure that the returned data point belongs to the user associated with the access token
@PostAuthorize("returnObject.body == null || returnObject.body.header.userId == principal.username")
@RequestMapping(value = "/dataPoints/{id}", method = {HEAD, GET}, produces = APPLICATION_JSON_VALUE)
public
@ResponseBody
ResponseEntity<DataPoint> readDataPoint(@PathVariable String id) {

    Optional<DataPoint> dataPoint = dataPointService.findOne(id);

    if (!dataPoint.isPresent()) {
        return new ResponseEntity<>(NOT_FOUND);
    }

    // FIXME test @PostAuthorize
    return new ResponseEntity<>(dataPoint.get(), OK);
}
 

import org.springframework.security.access.prepost.PostAuthorize; //导入依赖的package包/类
@PostAuthorize("hasPermission(returnObject,'read')")
public SmartSenseSubscription getDefaultForUser(IdentityUser cbUser) {
    SmartSenseSubscription subscription = null;
    subscription = repository.findByAccountAndOwner(cbUser.getAccount(), cbUser.getUserId());
    if (subscription != null && !StringUtils.isEmpty(defaultSmartsenseId) && !defaultSmartsenseId.equals(subscription.getSubscriptionId())) {
        LOGGER.info("Upgrading default SmartSense subscription");
        subscription.setSubscriptionId(defaultSmartsenseId);
        repository.save(subscription);
    }
    return Optional.ofNullable(subscription).orElseGet(() -> {
        SmartSenseSubscription newSubscription = null;
        if (!StringUtils.isEmpty(defaultSmartsenseId)) {
            LOGGER.info("Generating default SmartSense subscription");
            newSubscription = new SmartSenseSubscription();
            newSubscription.setSubscriptionId(defaultSmartsenseId);
            newSubscription.setAccount(cbUser.getAccount());
            newSubscription.setOwner(cbUser.getUserId());
            newSubscription.setPublicInAccount(true);
            repository.save(newSubscription);
        }
        return newSubscription;
    });
}
 

import org.springframework.security.access.prepost.PostAuthorize; //导入依赖的package包/类
@PostAuthorize("hasAnyRole('ROLE_ADMIN,ROLE_USER')")
@Override
public Step getStep(Long suid) throws ApplicationException {
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    String name = auth.getName();
    User user = userDao.getUserByLogin(name);

    Step step = null;

    Collection<SimpleGrantedAuthority> authorities =
            (Collection<SimpleGrantedAuthority>) SecurityContextHolder.getContext().getAuthentication().getAuthorities();

    if(authorities.contains(Consts.ROLE_ADMIN)){
        step = stepDao.getStep(suid);
    } else if(authorities.contains(Consts.ROLE_USER)){
        step = stepDao.getStep(suid);

        if(!(step.getGame().getBlackUuid() == user.getUuid() || step.getGame().getWhiteUuid() == user.getUuid())){
            throw new ApplicationException(1L, "You are not involved in game.");
        }
    }

    return step;
}
 

import org.springframework.security.access.prepost.PostAuthorize; //导入依赖的package包/类
/**
 * Scan for {@link PreAuthorize} and {@link PostAuthorize} annotations
 * and create {@link Set} of {@link Privilege}.
 *
 * @return set of privileges
 */
public Set<Privilege> scan() {
    StopWatch stopWatch = StopWatch.createStarted();
    Set<Privilege> preAuthPrivileges = reflections.getMethodsAnnotatedWith(PreAuthorize.class).stream()
        .map(element -> element.getAnnotation(PreAuthorize.class))
        .map(PreAuthorize::value)
        .map(this::parse)
        .collect(Collectors.toSet());

    Set<Privilege> postAuthPrivileges = reflections.getMethodsAnnotatedWith(PostAuthorize.class).stream()
        .map(element -> element.getAnnotation(PostAuthorize.class))
        .map(PostAuthorize::value)
        .map(this::parse)
        .collect(Collectors.toSet());

    Set<Privilege> findPrivileges = reflections.getMethodsAnnotatedWith(FindWithPermission.class).stream()
        .map(element -> element.getAnnotation(FindWithPermission.class))
        .map(FindWithPermission::value)
        .map(this::parse)
        .peek(privilege -> privilege.getResources().add("returnObject"))
        .collect(Collectors.toSet());

    Set<Privilege> postFilterPrivileges = reflections.getMethodsAnnotatedWith(PostFilter.class).stream()
        .map(element -> element.getAnnotation(PostFilter.class))
        .map(PostFilter::value)
        .map(this::parse)
        .peek(privilege -> privilege.getResources().add("returnObject"))
        .collect(Collectors.toSet());

    preAuthPrivileges.addAll(postAuthPrivileges);
    preAuthPrivileges.addAll(findPrivileges);
    preAuthPrivileges.addAll(postFilterPrivileges);
    log.info("Found {} privileges in {} ms", preAuthPrivileges.size(), stopWatch.getTime());
    return preAuthPrivileges;
}
 

import org.springframework.security.access.prepost.PostAuthorize; //导入依赖的package包/类
@ApiOperation(value="获取用户", notes="根据url的id来获取用户详细信息")
@ApiImplicitParam(name = "id", value = "用户ID", required = true, dataType = "String", paramType = "path")
@PostAuthorize("returnObject.username == principal.username or hasRole('ROLE_ADMIN')")
@RequestMapping(value = "/{id}", method = RequestMethod.GET)
public User getUser(@PathVariable String id) {
    return repository.findOne(id);
}
 

import org.springframework.security.access.prepost.PostAuthorize; //导入依赖的package包/类
@RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = {"application/json"})
@ResponseStatus(HttpStatus.OK)
@PostAuthorize("hasPermission(returnObject,'PROJECTS_VIEW')")
public Project getProject(@PathVariable Integer id) {
	logger.info("[getProject({})] started ...", id);
	Project result = projectsService.getProject(id);
	logger.info("[getProject({})] done, result: {}", id, result);
	return result;
}
 

import org.springframework.security.access.prepost.PostAuthorize; //导入依赖的package包/类
@PreAuthorize("isAuthenticated() && #id != null")
@PostAuthorize("returnObject == null || hasPermission(returnObject, 'READ')")
private UserViewModel findUserById(Long id) {
    User one = userRepository.findOne(id);
    UserBuilder userBuilder = Builders.of(one);
    UserViewModel userViewModel = userBuilder.buildViewModel();
    String ownerOfObject = customSecurityService.getOwnerOfObject(one);
    List<String> acls = customSecurityService.getMyAclForObject(one);
    userViewModel.setOwner(ownerOfObject);
    userViewModel.setAcls(acls);
    return userViewModel;
}
 

import org.springframework.security.access.prepost.PostAuthorize; //导入依赖的package包/类
/**
 * Finds and returns a layer by it's URL and the layerNames parameter.
 *
 * @param url
 * @param layerNames
 * @return
 */
@PostAuthorize("hasRole(@configHolder.getSuperAdminRoleName()) or hasPermission(returnObject, 'READ')")
@Transactional(readOnly = true)
public E findByUrlAndLayerNames(String url, String layerNames) {
	if (url == null || layerNames == null) {
		return null;
	}
	return dao.findByUrlAndLayerNames(url, layerNames);
}
 

import org.springframework.security.access.prepost.PostAuthorize; //导入依赖的package包/类
/**
 * Searches for {@link org.springframework.security.access.prepost.PreAuthorize}
 * and {@link org.springframework.security.access.prepost.PostAuthorize} annotations
 * representing permissions and parses them. Parsed annotations are used
 * to find permissions. After that those permissions are added to
 * {@link org.motechproject.security.service.MotechPermissionService}
 *
 * @param bean to be processed
 * @param beanName name of the bean
 * @return processed bean
 */
@Override
public Object postProcessAfterInitialization(final Object bean, final String beanName) {
    LOGGER.debug("Searching for security annotations in: {}", beanName);

    doWithMethods(bean.getClass(), new MethodCallback() {
        @Override
        public void doWith(Method method) throws IllegalAccessException {
            Method methodOfOriginalClassIfProxied = findMethod(getTargetClass(bean), method.getName(), method.getParameterTypes());

            if (methodOfOriginalClassIfProxied != null) {
                PreAuthorize preAuthorize = findAnnotation(methodOfOriginalClassIfProxied, PreAuthorize.class);
                PostAuthorize postAuthorize = findAnnotation(methodOfOriginalClassIfProxied, PostAuthorize.class);

                List<String> annotations = new ArrayList<>(2);
                List<String> permissions = new ArrayList<>();

                if (preAuthorize != null) {
                    annotations.add(preAuthorize.value());
                }

                if (postAuthorize != null) {
                    annotations.add(postAuthorize.value());
                }

                for (String annotation : annotations) {
                    SpelExpression expression = (SpelExpression) annotationParser.parseExpression(annotation);
                    permissions.addAll(findPermissions(expression.getAST()));
                }

                addRoleAndPermissions(permissions);
            }
        }
    });

    LOGGER.debug("Searched for security annotations in: {}", beanName);

    return bean;
}
 

import org.springframework.security.access.prepost.PostAuthorize; //导入依赖的package包/类
@ResponseBody
@RequestMapping( value = PICTURE_URI
    + "/_next", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE )
@PreAuthorize( "@paa.hasAccess(#id)" )
@PostAuthorize( "@paa.hasAccess(returnObject)" )
public ResponseEntity<Picture> getNext( @PathVariable( "user" ) String user, @PathVariable( "id" ) String id)
{
    return getAdjacentPicture( user, id, false );
}
 

import org.springframework.security.access.prepost.PostAuthorize; //导入依赖的package包/类
@ResponseBody
@RequestMapping( value = PICTURE_URI
    + "/_previous", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE )
@PreAuthorize( "@paa.hasAccess(#id)" )
@PostAuthorize( "@paa.hasAccess(returnObject)" )
public ResponseEntity<Picture> getPrevious( @PathVariable( "user" ) String user, @PathVariable( "id" ) String id)
{
    return getAdjacentPicture( user, id, true );
}
 

import org.springframework.security.access.prepost.PostAuthorize; //导入依赖的package包/类
@PreAuthorize("isAuthenticated()")
@PostAuthorize("hasRole('ROLE_ADMIN') or principal.username == returnObject.teamCode or hasPermission(@submissionEndpoint.getSubmissionGroupCodes(#id), 'submission_view')")
@RequestMapping(value = "/{id}", method = RequestMethod.GET)
public SubmissionDetailView getSubmission(@PathVariable Integer id) throws NotFoundException {
    final SubmissionDetailView submissionDetailView = submissionDetailDao.getSubmission(id);
    if (submissionDetailView == null) {
        throw new NotFoundException();
    }
    fillSourceCode(id, submissionDetailView);
    transformSubmissionResult(submissionDetailView);
    return submissionDetailView;
}
 

import org.springframework.security.access.prepost.PostAuthorize; //导入依赖的package包/类
@ApiOperation(value="获取用户", notes="通过用户名")
@PostAuthorize("hasRole('ROLE_USER')")
@RequestMapping(value = "/",method = RequestMethod.GET)
public JsonResult<User> getUserByUsername(@RequestParam(value="username") String username) {
    return JsonResult.<User>builder().data(repository.findByUsername(username)).build();
}
 

import org.springframework.security.access.prepost.PostAuthorize; //导入依赖的package包/类
@ApiOperation(value="获取当前用户")
@PostAuthorize("hasRole('ROLE_USER')")
@RequestMapping(value = "/current",method = RequestMethod.GET)
public JsonResult<User> getCurrentUser(HttpServletRequest request) {
    return userService.getCurrentUser(request);
}