Simplify AuthorizeReturnObject Usage
While the proxy factory feature is cool, it's not needed for this sample. We can point folks to the documentation to understand when something like that is needed.
This commit is contained in:
@@ -21,11 +21,8 @@ import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Role;
|
||||
import org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory;
|
||||
import org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor;
|
||||
import org.springframework.security.authorization.method.PrePostTemplateDefaults;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||
import org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
@@ -36,14 +33,8 @@ public class DataApplication {
|
||||
|
||||
@Bean
|
||||
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
|
||||
static Customizer<AuthorizationAdvisorProxyFactory> skipValueTypes() {
|
||||
return (f) -> f.setTargetVisitor(TargetVisitor.defaultsSkipValueTypes());
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
|
||||
static PrePostTemplateDefaults templateDefaults() {
|
||||
return new PrePostTemplateDefaults();
|
||||
static AnnotationTemplateExpressionDefaults templateDefaults() {
|
||||
return new AnnotationTemplateExpressionDefaults();
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
||||
@@ -29,7 +29,6 @@ import org.springframework.security.authorization.method.AuthorizeReturnObject;
|
||||
|
||||
@Entity
|
||||
@JsonSerialize(as = Message.class)
|
||||
@AuthorizeReturnObject
|
||||
public class Message {
|
||||
|
||||
@Id
|
||||
@@ -45,6 +44,7 @@ public class Message {
|
||||
@ManyToOne
|
||||
private User to;
|
||||
|
||||
@AuthorizeReturnObject
|
||||
public User getTo() {
|
||||
return this.to;
|
||||
}
|
||||
|
||||
@@ -27,7 +27,7 @@ import jakarta.persistence.Id;
|
||||
* @author Rob Winch
|
||||
*/
|
||||
@Entity(name = "users")
|
||||
@JsonSerialize(as = User.class, contentUsing = JsonSerializer.class)
|
||||
@JsonSerialize(as = User.class)
|
||||
public class User {
|
||||
|
||||
@Id
|
||||
|
||||
Reference in New Issue
Block a user