Use available RoleHierachy Bean for MethodSecurity Config
Closes gh-12783
This commit is contained in:
committed by
Josh Cummings
parent
bb6b55aca3
commit
b76f7c029d
@@ -50,7 +50,7 @@ public interface MethodSecurityService {
|
||||
@PermitAll
|
||||
String jsr250PermitAll();
|
||||
|
||||
@RolesAllowed("ADMIN")
|
||||
@RolesAllowed({ "ADMIN", "USER" })
|
||||
String jsr250RolesAllowed();
|
||||
|
||||
@Secured({ "ROLE_USER", "RUN_AS_SUPER" })
|
||||
@@ -68,6 +68,9 @@ public interface MethodSecurityService {
|
||||
@PreAuthorize("hasRole('ADMIN')")
|
||||
void preAuthorizeAdmin();
|
||||
|
||||
@PreAuthorize("hasRole('USER')")
|
||||
void preAuthorizeUser();
|
||||
|
||||
@PreAuthorize("hasPermission(#object,'read')")
|
||||
String hasPermission(String object);
|
||||
|
||||
|
||||
@@ -73,6 +73,10 @@ public class MethodSecurityServiceImpl implements MethodSecurityService {
|
||||
public void preAuthorizeAdmin() {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void preAuthorizeUser() {
|
||||
}
|
||||
|
||||
@Override
|
||||
public String preAuthorizePermitAll() {
|
||||
return null;
|
||||
|
||||
@@ -46,6 +46,8 @@ import org.springframework.security.access.annotation.ExpressionProtectedBusines
|
||||
import org.springframework.security.access.annotation.Jsr250BusinessServiceImpl;
|
||||
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
|
||||
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
|
||||
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
|
||||
import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
|
||||
import org.springframework.security.authorization.AuthorizationDecision;
|
||||
import org.springframework.security.authorization.AuthorizationEventPublisher;
|
||||
import org.springframework.security.authorization.AuthorizationManager;
|
||||
@@ -447,6 +449,24 @@ public class PrePostMethodSecurityConfigurationTests {
|
||||
.autowire();
|
||||
}
|
||||
|
||||
@WithMockUser(roles = "ADMIN")
|
||||
@Test
|
||||
public void methodSecurityAdminWhenRoleHierarchyBeanAvailableThenUses() {
|
||||
this.spring.register(RoleHierarchyConfig.class, MethodSecurityServiceConfig.class).autowire();
|
||||
this.methodSecurityService.preAuthorizeAdmin();
|
||||
this.methodSecurityService.secured();
|
||||
this.methodSecurityService.jsr250RolesAllowed();
|
||||
}
|
||||
|
||||
@WithMockUser
|
||||
@Test
|
||||
public void methodSecurityUserWhenRoleHierarchyBeanAvailableThenUses() {
|
||||
this.spring.register(RoleHierarchyConfig.class, MethodSecurityServiceConfig.class).autowire();
|
||||
this.methodSecurityService.preAuthorizeUser();
|
||||
this.methodSecurityService.securedUser();
|
||||
this.methodSecurityService.jsr250RolesAllowed();
|
||||
}
|
||||
|
||||
private static Consumer<ConfigurableWebApplicationContext> disallowBeanOverriding() {
|
||||
return (context) -> ((AnnotationConfigWebApplicationContext) context).setAllowBeanDefinitionOverriding(false);
|
||||
}
|
||||
@@ -627,4 +647,17 @@ public class PrePostMethodSecurityConfigurationTests {
|
||||
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@EnableMethodSecurity(jsr250Enabled = true, securedEnabled = true)
|
||||
static class RoleHierarchyConfig {
|
||||
|
||||
@Bean
|
||||
RoleHierarchy roleHierarchy() {
|
||||
RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
|
||||
roleHierarchyImpl.setHierarchy("ADMIN > USER");
|
||||
return roleHierarchyImpl;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user