diff --git a/servlet/spring-boot/java/data/README.adoc b/servlet/spring-boot/java/data/README.adoc index b2ca244..ecf3f4a 100644 --- a/servlet/spring-boot/java/data/README.adoc +++ b/servlet/spring-boot/java/data/README.adoc @@ -48,4 +48,6 @@ However, with `rob`, you'll also see `firstName` and `lastName` like so: } } ... -``` \ No newline at end of file +``` + +Read more about the https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html#authorize-object[`@AuthorizeReturnObject`] and https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html#fallback-values-authorization-denied[]`@DeniedHandler`] in the Spring Security Reference. \ No newline at end of file diff --git a/servlet/spring-boot/java/data/src/main/java/example/DataApplication.java b/servlet/spring-boot/java/data/src/main/java/example/DataApplication.java index 5c41939..7d8d5ed 100644 --- a/servlet/spring-boot/java/data/src/main/java/example/DataApplication.java +++ b/servlet/spring-boot/java/data/src/main/java/example/DataApplication.java @@ -21,11 +21,8 @@ import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Role; -import org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory; -import org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor; -import org.springframework.security.authorization.method.PrePostTemplateDefaults; -import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; +import org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; @@ -36,14 +33,8 @@ public class DataApplication { @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - static Customizer skipValueTypes() { - return (f) -> f.setTargetVisitor(TargetVisitor.defaultsSkipValueTypes()); - } - - @Bean - @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - static PrePostTemplateDefaults templateDefaults() { - return new PrePostTemplateDefaults(); + static AnnotationTemplateExpressionDefaults templateDefaults() { + return new AnnotationTemplateExpressionDefaults(); } @Bean diff --git a/servlet/spring-boot/java/data/src/main/java/example/Message.java b/servlet/spring-boot/java/data/src/main/java/example/Message.java index 0f60bee..f7e1e83 100644 --- a/servlet/spring-boot/java/data/src/main/java/example/Message.java +++ b/servlet/spring-boot/java/data/src/main/java/example/Message.java @@ -29,7 +29,6 @@ import org.springframework.security.authorization.method.AuthorizeReturnObject; @Entity @JsonSerialize(as = Message.class) -@AuthorizeReturnObject public class Message { @Id @@ -45,6 +44,7 @@ public class Message { @ManyToOne private User to; + @AuthorizeReturnObject public User getTo() { return this.to; } diff --git a/servlet/spring-boot/java/data/src/main/java/example/User.java b/servlet/spring-boot/java/data/src/main/java/example/User.java index 3eed6b6..192611c 100644 --- a/servlet/spring-boot/java/data/src/main/java/example/User.java +++ b/servlet/spring-boot/java/data/src/main/java/example/User.java @@ -27,7 +27,7 @@ import jakarta.persistence.Id; * @author Rob Winch */ @Entity(name = "users") -@JsonSerialize(as = User.class, contentUsing = JsonSerializer.class) +@JsonSerialize(as = User.class) public class User { @Id