Use available RoleHierachy Bean for MethodSecurity Config

Closes gh-12783
This commit is contained in:
kandaguru17
2023-10-31 20:20:13 +13:00
committed by Josh Cummings
parent bb6b55aca3
commit b76f7c029d
6 changed files with 66 additions and 3 deletions

View File

@@ -50,7 +50,7 @@ public interface MethodSecurityService {
@PermitAll
String jsr250PermitAll();
@RolesAllowed("ADMIN")
@RolesAllowed({ "ADMIN", "USER" })
String jsr250RolesAllowed();
@Secured({ "ROLE_USER", "RUN_AS_SUPER" })
@@ -68,6 +68,9 @@ public interface MethodSecurityService {
@PreAuthorize("hasRole('ADMIN')")
void preAuthorizeAdmin();
@PreAuthorize("hasRole('USER')")
void preAuthorizeUser();
@PreAuthorize("hasPermission(#object,'read')")
String hasPermission(String object);

View File

@@ -73,6 +73,10 @@ public class MethodSecurityServiceImpl implements MethodSecurityService {
public void preAuthorizeAdmin() {
}
@Override
public void preAuthorizeUser() {
}
@Override
public String preAuthorizePermitAll() {
return null;

View File

@@ -46,6 +46,8 @@ import org.springframework.security.access.annotation.ExpressionProtectedBusines
import org.springframework.security.access.annotation.Jsr250BusinessServiceImpl;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationEventPublisher;
import org.springframework.security.authorization.AuthorizationManager;
@@ -447,6 +449,24 @@ public class PrePostMethodSecurityConfigurationTests {
.autowire();
}
@WithMockUser(roles = "ADMIN")
@Test
public void methodSecurityAdminWhenRoleHierarchyBeanAvailableThenUses() {
this.spring.register(RoleHierarchyConfig.class, MethodSecurityServiceConfig.class).autowire();
this.methodSecurityService.preAuthorizeAdmin();
this.methodSecurityService.secured();
this.methodSecurityService.jsr250RolesAllowed();
}
@WithMockUser
@Test
public void methodSecurityUserWhenRoleHierarchyBeanAvailableThenUses() {
this.spring.register(RoleHierarchyConfig.class, MethodSecurityServiceConfig.class).autowire();
this.methodSecurityService.preAuthorizeUser();
this.methodSecurityService.securedUser();
this.methodSecurityService.jsr250RolesAllowed();
}
private static Consumer<ConfigurableWebApplicationContext> disallowBeanOverriding() {
return (context) -> ((AnnotationConfigWebApplicationContext) context).setAllowBeanDefinitionOverriding(false);
}
@@ -627,4 +647,17 @@ public class PrePostMethodSecurityConfigurationTests {
}
@Configuration
@EnableMethodSecurity(jsr250Enabled = true, securedEnabled = true)
static class RoleHierarchyConfig {
@Bean
RoleHierarchy roleHierarchy() {
RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl();
roleHierarchyImpl.setHierarchy("ADMIN > USER");
return roleHierarchyImpl;
}
}
}