While the proxy factory feature is cool, it's not needed for this sample. We can point folks to the documentation to understand when something like that is needed.
53 lines
1.4 KiB
Plaintext
53 lines
1.4 KiB
Plaintext
= Spring Data Sample
|
|
|
|
After running this sample like so:
|
|
|
|
.Java
|
|
[source,java,role="primary"]
|
|
----
|
|
./gradlew :bootRun
|
|
----
|
|
|
|
Then you can query for messages using `luke/password` and `rob/password`.
|
|
|
|
Because the domain objects are secured, you will see a subset of fields with `luke`.
|
|
|
|
For example, querying `/` with `luke`, you'll see:
|
|
|
|
```json
|
|
...
|
|
{
|
|
"created": "2014-07-12T16:00:00Z",
|
|
"id": 112,
|
|
"summary": "Is this secure?",
|
|
"text": "This message is for Luke",
|
|
"to": {
|
|
"email": "luke@example.com",
|
|
"id": "luke",
|
|
"password": "password"
|
|
}
|
|
}
|
|
...
|
|
```
|
|
|
|
However, with `rob`, you'll also see `firstName` and `lastName` like so:
|
|
|
|
```json
|
|
...
|
|
{
|
|
"created": "2014-07-12T04:00:00Z",
|
|
"id": 102,
|
|
"summary": "Is this secure?",
|
|
"text": "This message is for Rob",
|
|
"to": {
|
|
"email": "rob@example.com",
|
|
"firstName": "Rob",
|
|
"id": "rob",
|
|
"lastName": "Winch",
|
|
"password": "password"
|
|
}
|
|
}
|
|
...
|
|
```
|
|
|
|
Read more about the https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html#authorize-object[`@AuthorizeReturnObject`] and https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html#fallback-values-authorization-denied[]`@DeniedHandler`] in the Spring Security Reference. |