Spring Security @PreAuthorize based on custom boolean property value [closed]
up vote
1
down vote
favorite
I have an application where the user enters custom roles name and privileges.
Example, the user can create a role named "Human Resources" that has the following properties :
showDashboard = true;
showSuppliers = false;
showEmployees = true;
I want to restrict getSuppliers service based on the showSuppliers property.
@PreAuthorize("WHEN showSuppliers IS TRUE")
public Page<Supplier> getSuppliers();
Role entity :
@Entity
public class Role {
@Id
@GeneratedValue(strategy = GenerationType.AUTO, generator = "native")
@GenericGenerator(name = "native", strategy = "native")
private Long id;
private String name;
private boolean showDashboard;
private boolean showSuppliers;
private boolean showEmployees;
}
java spring spring-boot spring-security user-roles
asked Nov 11 at 11:28
androniennn
1,626103589
closed as too broad by dur, ekad, eyllanesc, sideshowbarker, AdrianHHH Nov 11 at 22:01
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |
up vote
1
down vote
favorite
I have an application where the user enters custom roles name and privileges.
Example, the user can create a role named "Human Resources" that has the following properties :
showDashboard = true;
showSuppliers = false;
showEmployees = true;
I want to restrict getSuppliers service based on the showSuppliers property.
@PreAuthorize("WHEN showSuppliers IS TRUE")
public Page<Supplier> getSuppliers();
Role entity :
@Entity
public class Role {
@Id
@GeneratedValue(strategy = GenerationType.AUTO, generator = "native")
@GenericGenerator(name = "native", strategy = "native")
private Long id;
private String name;
private boolean showDashboard;
private boolean showSuppliers;
private boolean showEmployees;
}
java spring spring-boot spring-security user-roles
asked Nov 11 at 11:28
androniennn
1,626103589
closed as too broad by dur, ekad, eyllanesc, sideshowbarker, AdrianHHH Nov 11 at 22:01
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I have an application where the user enters custom roles name and privileges.
Example, the user can create a role named "Human Resources" that has the following properties :
showDashboard = true;
showSuppliers = false;
showEmployees = true;
I want to restrict getSuppliers service based on the showSuppliers property.
@PreAuthorize("WHEN showSuppliers IS TRUE")
public Page<Supplier> getSuppliers();
Role entity :
@Entity
public class Role {
@Id
@GeneratedValue(strategy = GenerationType.AUTO, generator = "native")
@GenericGenerator(name = "native", strategy = "native")
private Long id;
private String name;
private boolean showDashboard;
private boolean showSuppliers;
private boolean showEmployees;
}
java spring spring-boot spring-security user-roles
asked Nov 11 at 11:28
androniennn
1,626103589
I have an application where the user enters custom roles name and privileges.
Example, the user can create a role named "Human Resources" that has the following properties :
showDashboard = true;
showSuppliers = false;
showEmployees = true;
I want to restrict getSuppliers service based on the showSuppliers property.
@PreAuthorize("WHEN showSuppliers IS TRUE")
public Page<Supplier> getSuppliers();
Role entity :
@Entity
public class Role {
@Id
@GeneratedValue(strategy = GenerationType.AUTO, generator = "native")
@GenericGenerator(name = "native", strategy = "native")
private Long id;
private String name;
private boolean showDashboard;
private boolean showSuppliers;
private boolean showEmployees;
}
java spring spring-boot spring-security user-roles
java spring spring-boot spring-security user-roles
asked Nov 11 at 11:28
androniennn
1,626103589
asked Nov 11 at 11:28
androniennn
1,626103589
edited Nov 12 at 7:46
asked Nov 11 at 11:28
androniennn
1,626103589
asked Nov 11 at 11:28
androniennn
1,626103589
asked Nov 11 at 11:28
androniennn
1,626103589
1,626103589
closed as too broad by dur, ekad, eyllanesc, sideshowbarker, AdrianHHH Nov 11 at 22:01
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
closed as too broad by dur, ekad, eyllanesc, sideshowbarker, AdrianHHH Nov 11 at 22:01
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
You can reference a bean in the PreAuthorize expression. First this bean/component:
@Component("authorityChecker")
public class AuthorityChecker {
public boolean canShowSuppliers(Authentication authentication) {
for (Authority authority : authentication.getAuthorites()) {
Role role = (Role)authority; // may want to check type before to avoid ClassCastException
if (role.isShowSuppliers()) {
return true;
}
}
return false;
}
}
And the annotation to this will be:
@PreAuthorize("@authorityChecker.canShowSuppliers(authentication)")
public Page<Supplier> getSuppliers();
It will pass the current user's Authentication object to the bean/component above.
answered Nov 11 at 20:07
holmis83
9,25523956
I've based on your answer to create a component that returns the whole role object from the authenticated user, and then I check every property on the @PreAuthorize.
– androniennn
Nov 12 at 7:45
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
You can reference a bean in the PreAuthorize expression. First this bean/component:
@Component("authorityChecker")
public class AuthorityChecker {
public boolean canShowSuppliers(Authentication authentication) {
for (Authority authority : authentication.getAuthorites()) {
Role role = (Role)authority; // may want to check type before to avoid ClassCastException
if (role.isShowSuppliers()) {
return true;
}
}
return false;
}
}
And the annotation to this will be:
@PreAuthorize("@authorityChecker.canShowSuppliers(authentication)")
public Page<Supplier> getSuppliers();
It will pass the current user's Authentication object to the bean/component above.
answered Nov 11 at 20:07
holmis83
9,25523956
I've based on your answer to create a component that returns the whole role object from the authenticated user, and then I check every property on the @PreAuthorize.
– androniennn
Nov 12 at 7:45
add a comment |
up vote
0
down vote
accepted
You can reference a bean in the PreAuthorize expression. First this bean/component:
@Component("authorityChecker")
public class AuthorityChecker {
public boolean canShowSuppliers(Authentication authentication) {
for (Authority authority : authentication.getAuthorites()) {
Role role = (Role)authority; // may want to check type before to avoid ClassCastException
if (role.isShowSuppliers()) {
return true;
}
}
return false;
}
}
And the annotation to this will be:
@PreAuthorize("@authorityChecker.canShowSuppliers(authentication)")
public Page<Supplier> getSuppliers();
It will pass the current user's Authentication object to the bean/component above.
answered Nov 11 at 20:07
holmis83
9,25523956
I've based on your answer to create a component that returns the whole role object from the authenticated user, and then I check every property on the @PreAuthorize.
– androniennn
Nov 12 at 7:45
add a comment |
up vote
0
down vote
accepted
up vote
0
down vote
accepted
You can reference a bean in the PreAuthorize expression. First this bean/component:
@Component("authorityChecker")
public class AuthorityChecker {
public boolean canShowSuppliers(Authentication authentication) {
for (Authority authority : authentication.getAuthorites()) {
Role role = (Role)authority; // may want to check type before to avoid ClassCastException
if (role.isShowSuppliers()) {
return true;
}
}
return false;
}
}
And the annotation to this will be:
@PreAuthorize("@authorityChecker.canShowSuppliers(authentication)")
public Page<Supplier> getSuppliers();
It will pass the current user's Authentication object to the bean/component above.
answered Nov 11 at 20:07
holmis83
9,25523956
You can reference a bean in the PreAuthorize expression. First this bean/component:
@Component("authorityChecker")
public class AuthorityChecker {
public boolean canShowSuppliers(Authentication authentication) {
for (Authority authority : authentication.getAuthorites()) {
Role role = (Role)authority; // may want to check type before to avoid ClassCastException
if (role.isShowSuppliers()) {
return true;
}
}
return false;
}
}
And the annotation to this will be:
@PreAuthorize("@authorityChecker.canShowSuppliers(authentication)")
public Page<Supplier> getSuppliers();
It will pass the current user's Authentication object to the bean/component above.
answered Nov 11 at 20:07
holmis83
9,25523956
answered Nov 11 at 20:07
holmis83
9,25523956
answered Nov 11 at 20:07
holmis83
9,25523956
answered Nov 11 at 20:07
holmis83
9,25523956
9,25523956
I've based on your answer to create a component that returns the whole role object from the authenticated user, and then I check every property on the @PreAuthorize.
– androniennn
Nov 12 at 7:45
add a comment |
I've based on your answer to create a component that returns the whole role object from the authenticated user, and then I check every property on the @PreAuthorize.
– androniennn
Nov 12 at 7:45
I've based on your answer to create a component that returns the whole role object from the authenticated user, and then I check every property on the @PreAuthorize.
– androniennn
Nov 12 at 7:45
I've based on your answer to create a component that returns the whole role object from the authenticated user, and then I check every property on the @PreAuthorize.
– androniennn
Nov 12 at 7:45
add a comment |
