#107 - Added example for Spring Security Integration in MongoDB.

Initial project and with example for dynamic data filtering based on current security context information.

Relies on DATAMONGO-1244 to be resolved.

Original pull request: #108.
This commit is contained in:
Thomas Darimont
2015-06-20 17:37:17 +02:00
committed by Oliver Gierke
parent cc6e232ac3
commit d95ed268b2
8 changed files with 263 additions and 0 deletions

View File

@@ -21,6 +21,7 @@
<module>example</module>
<module>text-search</module>
<module>java8</module>
<module>security</module>
<module>util</module>
<module>geo-json</module>
</modules>

View File

@@ -0,0 +1,18 @@
# Spring Data MongoDB - Spring Security integration.
This project contains samples of the Spring Security integration in Spring Data (MongoDB).
## Support for SpEL Expression based filtering
```java
public interface PersonRepository extends CrudRepository<Person, String> {
@Override
List<Person> findAll();
//Custom Query method with filtering based on Spring Security context information
@Query("{id: ?#{ hasRole('ROLE_ADMIN') ? {$exists:true} : principal.id}}")
List<Person> findAllForCurrentUserById();
}
```

39
mongodb/security/pom.xml Normal file
View File

@@ -0,0 +1,39 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.data.examples</groupId>
<artifactId>spring-data-mongodb-examples</artifactId>
<version>1.0.0.BUILD-SNAPSHOT</version>
</parent>
<artifactId>spring-data-mongodb-security</artifactId>
<name>Spring Data MongoDB - Spring Security Integration</name>
<dependencies>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>spring-data-mongodb-utils</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-mongodb</artifactId>
<version>1.8.0.DATAMONGO-1244-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-data</artifactId>
</dependency>
</dependencies>
</project>

View File

@@ -0,0 +1,41 @@
/*
* Copyright 2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example.springdata.mongodb.people;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.data.mongodb.core.mapping.event.LoggingEventListener;
import org.springframework.data.repository.query.spi.EvaluationContextExtension;
import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
/**
* Simple configuration that registers a {@link LoggingEventListener} to demonstrate mapping behaviour when Java 8
* Streams are used.
*
* @author Thomas Darimont
*/
@SpringBootApplication
class ApplicationConfiguration {
public @Bean LoggingEventListener mongoEventListener() {
return new LoggingEventListener();
}
@Bean
public EvaluationContextExtension securityExtension() {
return new SecurityEvaluationContextExtension();
}
}

View File

@@ -0,0 +1,35 @@
/*
* Copyright 2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example.springdata.mongodb.people;
import lombok.Data;
import lombok.RequiredArgsConstructor;
import org.springframework.data.annotation.Id;
/**
* An entity to represent a Person.
*
* @author Thomas Darimont
*/
@Data
@RequiredArgsConstructor
public class Person {
private @Id String id;
private final String firstname;
private final String lastname;
}

View File

@@ -0,0 +1,34 @@
/*
* Copyright 2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example.springdata.mongodb.people;
import java.util.List;
import org.springframework.data.mongodb.repository.Query;
import org.springframework.data.repository.CrudRepository;
/**
* Repository interface to manage {@link Person} instances.
*
* @author Thomas Darimont
*/
public interface PersonRepository extends CrudRepository<Person, String> {
List<Person> findAll();
@Query("{id: ?#{ hasRole('ROLE_ADMIN') ? {$exists:true} : principal.id}}")
List<Person> findAllForCurrentUserById();
}

View File

@@ -0,0 +1,90 @@
/*
* Copyright 2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example.springdata.mongodb.people;
import static org.hamcrest.CoreMatchers.*;
import static org.junit.Assert.*;
import static org.hamcrest.Matchers.*;
import java.util.Collections;
import java.util.List;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.SpringApplicationConfiguration;
import org.springframework.data.mongodb.core.MongoOperations;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import example.springdata.mongodb.util.RequiresMongoDB;
/**
* Integration test for {@link PersonRepository}.
*
* @author Thomas Darimont
* @authot Oliver Gierke
*/
@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration(classes = ApplicationConfiguration.class)
public class PersonRepositoryIntegrationTest {
@ClassRule public static RequiresMongoDB mongodbAvailable = RequiresMongoDB.anyVersion();
@Autowired PersonRepository repository;
@Autowired MongoOperations operations;
Person dave, oliver, carter, admin;
@Before
public void setUp() {
repository.deleteAll();
admin = repository.save(new Person("Admin", "Boss"));
dave = repository.save(new Person("Dave", "Matthews"));
oliver = repository.save(new Person("Oliver August", "Matthews"));
carter = repository.save(new Person("Carter", "Beauford"));
}
@Test
public void nonAdminCallingShouldReturnOnlyItSelfAsPerson() throws Exception {
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(dave, "x"));
List<Person> persons = repository.findAllForCurrentUserById();
assertThat(persons, hasSize(1));
assertThat(persons, contains(dave));
}
@Test
public void adminCallingShouldReturnAllUsers() throws Exception {
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(admin, "x",
Collections.singleton(new SimpleGrantedAuthority("ROLE_ADMIN")));
SecurityContextHolder.getContext().setAuthentication(auth);
List<Person> persons = repository.findAllForCurrentUserById();
assertThat(persons, hasSize(4));
assertThat(persons, containsInAnyOrder(admin, dave, carter, oliver));
}
}

View File

@@ -0,0 +1,5 @@
/**
* Package showing usage of Spring Data MongoDB Repositories with Java 8.
*/
package example.springdata.mongodb.people;