Using Spring Security ACL with Spring Data REST

前端 未结 1 2008
情深已故
情深已故 2021-01-30 18:39

I am trying to authorize apis exposed by Spring Data REST. So far I am able to do role-based authorization i.e:

@RepositoryRestResource(path = \"book\")
public i         


        
相关标签:
1条回答
  • 2021-01-30 19:03

    using JpaRepository was shadowing List<Book> findAll() method. Then I used CrudRepository, and PostFilter got applied.

    For more details, a sample project is available on GitHub: https://github.com/charybr/spring-data-rest-acl

    ACL-based authorization is working for below entity exposed by Spring Data REST.

    import org.springframework.data.repository.CrudRepository;
    import org.springframework.data.rest.core.annotation.RepositoryRestResource;
    import org.springframework.security.access.method.P;
    import org.springframework.security.access.prepost.PostFilter;
    import org.springframework.security.access.prepost.PreAuthorize;
    
    @RepositoryRestResource(path = "book")
    public interface BookRepository extends CrudRepository<Book, Long> {
    
        @PreAuthorize("hasRole('ROLE_ADMIN') or hasPermission(#book, 'write')")
        <S extends Book> Book save(@P("book") Book book);
    
        @Override
        @PostFilter("hasPermission(filterObject, 'read') or hasPermission(filterObject, admin)")
        Iterable<Book> findAll();
    }
    
    0 讨论(0)
提交回复
热议问题