Simplify AuthorizeReturnObject Usage

While the proxy factory feature is cool, it's not needed for
this sample. We can point folks to the documentation to understand
when something like that is needed.
This commit is contained in:
Josh Cummings
2024-08-23 16:57:20 -06:00
parent bfbc4d0d9a
commit 9700368ca3
4 changed files with 8 additions and 15 deletions

View File

@@ -21,11 +21,8 @@ import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Role;
import org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory;
import org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor;
import org.springframework.security.authorization.method.PrePostTemplateDefaults;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@@ -36,14 +33,8 @@ public class DataApplication {
@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
static Customizer<AuthorizationAdvisorProxyFactory> skipValueTypes() {
return (f) -> f.setTargetVisitor(TargetVisitor.defaultsSkipValueTypes());
}
@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
static PrePostTemplateDefaults templateDefaults() {
return new PrePostTemplateDefaults();
static AnnotationTemplateExpressionDefaults templateDefaults() {
return new AnnotationTemplateExpressionDefaults();
}
@Bean

View File

@@ -29,7 +29,6 @@ import org.springframework.security.authorization.method.AuthorizeReturnObject;
@Entity
@JsonSerialize(as = Message.class)
@AuthorizeReturnObject
public class Message {
@Id
@@ -45,6 +44,7 @@ public class Message {
@ManyToOne
private User to;
@AuthorizeReturnObject
public User getTo() {
return this.to;
}

View File

@@ -27,7 +27,7 @@ import jakarta.persistence.Id;
* @author Rob Winch
*/
@Entity(name = "users")
@JsonSerialize(as = User.class, contentUsing = JsonSerializer.class)
@JsonSerialize(as = User.class)
public class User {
@Id