forked from spring-projects/spring-security
-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This API allows for hint registration based on Spring Security's infrastructural beans
- Loading branch information
Showing
13 changed files
with
628 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
37 changes: 37 additions & 0 deletions
37
.../security/config/annotation/method/configuration/AuthorizationProxyDataConfiguration.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| /* | ||
| * Copyright 2002-2024 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.springframework.security.config.annotation.method.configuration; | ||
|
|
||
| import org.springframework.aop.framework.AopInfrastructureBean; | ||
| import org.springframework.beans.factory.config.BeanDefinition; | ||
| import org.springframework.context.annotation.Bean; | ||
| import org.springframework.context.annotation.Configuration; | ||
| import org.springframework.context.annotation.Role; | ||
| import org.springframework.security.aot.hint.SecurityHintsRegistrar; | ||
| import org.springframework.security.authorization.AuthorizationProxyFactory; | ||
| import org.springframework.security.data.aot.hint.AuthorizeReturnObjectDataHintsRegistrar; | ||
|
|
||
| @Configuration(proxyBeanMethods = false) | ||
| final class AuthorizationProxyDataConfiguration implements AopInfrastructureBean { | ||
|
|
||
| @Bean | ||
| @Role(BeanDefinition.ROLE_INFRASTRUCTURE) | ||
| static SecurityHintsRegistrar authorizeReturnObjectDataHintsRegistrar(AuthorizationProxyFactory proxyFactory) { | ||
| return new AuthorizeReturnObjectDataHintsRegistrar(proxyFactory); | ||
| } | ||
|
|
||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
107 changes: 107 additions & 0 deletions
107
...ork/security/config/annotation/method/configuration/aot/EnableMethodSecurityAotTests.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,107 @@ | ||
| /* | ||
| * Copyright 2002-2024 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.springframework.security.config.annotation.method.configuration.aot; | ||
|
|
||
| import java.util.ArrayList; | ||
| import java.util.Collection; | ||
|
|
||
| import javax.sql.DataSource; | ||
|
|
||
| import org.junit.jupiter.api.Test; | ||
| import org.junit.jupiter.api.extension.ExtendWith; | ||
|
|
||
| import org.springframework.aot.generate.GenerationContext; | ||
| import org.springframework.aot.hint.RuntimeHints; | ||
| import org.springframework.beans.factory.annotation.Autowired; | ||
| import org.springframework.beans.factory.aot.BeanFactoryInitializationCode; | ||
| import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; | ||
| import org.springframework.context.annotation.Bean; | ||
| import org.springframework.context.annotation.Configuration; | ||
| import org.springframework.data.jpa.repository.config.EnableJpaRepositories; | ||
| import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder; | ||
| import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseType; | ||
| import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean; | ||
| import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter; | ||
| import org.springframework.security.aot.hint.SecurityHintsAotProcessor; | ||
| import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; | ||
| import org.springframework.security.config.test.SpringTestContext; | ||
| import org.springframework.security.config.test.SpringTestContextExtension; | ||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||
|
|
||
| import static org.assertj.core.api.Assertions.assertThat; | ||
| import static org.mockito.BDDMockito.given; | ||
| import static org.mockito.Mockito.mock; | ||
|
|
||
| /** | ||
| * AOT Tests for {@code PrePostMethodSecurityConfiguration}. | ||
| * | ||
| * @author Evgeniy Cheban | ||
| * @author Josh Cummings | ||
| */ | ||
| @ExtendWith({ SpringExtension.class, SpringTestContextExtension.class }) | ||
| public class EnableMethodSecurityAotTests { | ||
|
|
||
| public final SpringTestContext spring = new SpringTestContext(this); | ||
|
|
||
| private final RuntimeHints hints = new RuntimeHints(); | ||
|
|
||
| private final GenerationContext context = mock(GenerationContext.class); | ||
|
|
||
| private final BeanFactoryInitializationCode code = mock(BeanFactoryInitializationCode.class); | ||
|
|
||
| private final SecurityHintsAotProcessor proxy = new SecurityHintsAotProcessor(); | ||
|
|
||
| @Autowired | ||
| ConfigurableListableBeanFactory beanFactory; | ||
|
|
||
| @Test | ||
| void findsAllNeededClassesToProxy() { | ||
| this.spring.register(AppConfig.class).autowire(); | ||
| given(this.context.getRuntimeHints()).willReturn(this.hints); | ||
| this.proxy.processAheadOfTime(this.beanFactory).applyTo(this.context, this.code); | ||
| Collection<String> canonicalNames = new ArrayList<>(); | ||
| this.hints.reflection().typeHints().forEach((hint) -> canonicalNames.add(hint.getType().getCanonicalName())); | ||
| assertThat(canonicalNames).contains( | ||
| "org.springframework.security.config.annotation.method.configuration.aot.Message$$SpringCGLIB$$0", | ||
| "org.springframework.security.config.annotation.method.configuration.aot.User$$SpringCGLIB$$0"); | ||
| } | ||
|
|
||
| @Configuration | ||
| @EnableMethodSecurity | ||
| @EnableJpaRepositories | ||
| static class AppConfig { | ||
|
|
||
| @Bean | ||
| DataSource dataSource() { | ||
| EmbeddedDatabaseBuilder builder = new EmbeddedDatabaseBuilder(); | ||
| return builder.setType(EmbeddedDatabaseType.HSQL).build(); | ||
| } | ||
|
|
||
| @Bean | ||
| LocalContainerEntityManagerFactoryBean entityManagerFactory() { | ||
| HibernateJpaVendorAdapter vendorAdapter = new HibernateJpaVendorAdapter(); | ||
| vendorAdapter.setGenerateDdl(true); | ||
| LocalContainerEntityManagerFactoryBean factory = new LocalContainerEntityManagerFactoryBean(); | ||
| factory.setJpaVendorAdapter(vendorAdapter); | ||
| factory.setPackagesToScan("org.springframework.security.config.annotation.method.configuration.aot"); | ||
| factory.setDataSource(dataSource()); | ||
| return factory; | ||
| } | ||
|
|
||
| } | ||
|
|
||
| } |
89 changes: 89 additions & 0 deletions
89
...java/org/springframework/security/config/annotation/method/configuration/aot/Message.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,89 @@ | ||
| /* | ||
| * Copyright 2002-2024 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.springframework.security.config.annotation.method.configuration.aot; | ||
|
|
||
| import java.time.Instant; | ||
|
|
||
| import jakarta.persistence.Entity; | ||
| import jakarta.persistence.GeneratedValue; | ||
| import jakarta.persistence.GenerationType; | ||
| import jakarta.persistence.Id; | ||
| import jakarta.persistence.ManyToOne; | ||
|
|
||
| import org.springframework.security.access.prepost.PreAuthorize; | ||
| import org.springframework.security.authorization.method.AuthorizeReturnObject; | ||
|
|
||
| @Entity | ||
| public class Message { | ||
|
|
||
| @Id | ||
| @GeneratedValue(strategy = GenerationType.AUTO) | ||
| private Long id; | ||
|
|
||
| private String text; | ||
|
|
||
| private String summary; | ||
|
|
||
| private Instant created = Instant.now(); | ||
|
|
||
| @ManyToOne | ||
| private User to; | ||
|
|
||
| @AuthorizeReturnObject | ||
| public User getTo() { | ||
| return this.to; | ||
| } | ||
|
|
||
| public void setTo(User to) { | ||
| this.to = to; | ||
| } | ||
|
|
||
| public Long getId() { | ||
| return this.id; | ||
| } | ||
|
|
||
| public void setId(Long id) { | ||
| this.id = id; | ||
| } | ||
|
|
||
| public Instant getCreated() { | ||
| return this.created; | ||
| } | ||
|
|
||
| public void setCreated(Instant created) { | ||
| this.created = created; | ||
| } | ||
|
|
||
| @PreAuthorize("hasAuthority('message:read')") | ||
| public String getText() { | ||
| return this.text; | ||
| } | ||
|
|
||
| public void setText(String text) { | ||
| this.text = text; | ||
| } | ||
|
|
||
| @PreAuthorize("hasAuthority('message:read')") | ||
| public String getSummary() { | ||
| return this.summary; | ||
| } | ||
|
|
||
| public void setSummary(String summary) { | ||
| this.summary = summary; | ||
| } | ||
|
|
||
| } |
38 changes: 38 additions & 0 deletions
38
...pringframework/security/config/annotation/method/configuration/aot/MessageRepository.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| /* | ||
| * Copyright 2002-2024 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.springframework.security.config.annotation.method.configuration.aot; | ||
|
|
||
| import java.util.List; | ||
|
|
||
| import org.springframework.data.jpa.repository.Query; | ||
| import org.springframework.data.repository.CrudRepository; | ||
| import org.springframework.security.authorization.method.AuthorizeReturnObject; | ||
| import org.springframework.stereotype.Repository; | ||
|
|
||
| /** | ||
| * A repository for accessing {@link Message}s. | ||
| * | ||
| * @author Rob Winch | ||
| */ | ||
| @Repository | ||
| @AuthorizeReturnObject | ||
| public interface MessageRepository extends CrudRepository<Message, Long> { | ||
|
|
||
| @Query("select m from Message m where m.to.id = ?#{ authentication.name }") | ||
| List<Message> findAll(); | ||
|
|
||
| } |
Oops, something went wrong.