diff --git a/servlet/spring-boot/java/data/src/main/java/example/AuthorizeRead.java b/servlet/spring-boot/java/data/src/main/java/example/AuthorizeRead.java index b2a4257fc..7440ca081 100644 --- a/servlet/spring-boot/java/data/src/main/java/example/AuthorizeRead.java +++ b/servlet/spring-boot/java/data/src/main/java/example/AuthorizeRead.java @@ -26,8 +26,10 @@ @Target(ElementType.METHOD) @Retention(RetentionPolicy.RUNTIME) -@PreAuthorize(value = "hasAuthority('{value}:read')") +@PreAuthorize("hasAuthority('{value}:read')") @HandleAuthorizationDenied(handlerClass = Null.class) public @interface AuthorizeRead { + String value(); + } diff --git a/servlet/spring-boot/java/data/src/main/java/example/DataApplication.java b/servlet/spring-boot/java/data/src/main/java/example/DataApplication.java index 9ff92528d..5c4193980 100644 --- a/servlet/spring-boot/java/data/src/main/java/example/DataApplication.java +++ b/servlet/spring-boot/java/data/src/main/java/example/DataApplication.java @@ -49,17 +49,16 @@ static PrePostTemplateDefaults templateDefaults() { @Bean public UserDetailsService userDetailsService() { return new InMemoryUserDetailsManager( - User.withDefaultPasswordEncoder() - .username("rob") - .password("password") - .authorities("message:read", "user:read") - .build(), - User.withDefaultPasswordEncoder() - .username("luke") - .password("password") - .authorities("message:read") - .build() - ); + User.withDefaultPasswordEncoder() + .username("rob") + .password("password") + .authorities("message:read", "user:read") + .build(), + User.withDefaultPasswordEncoder() + .username("luke") + .password("password") + .authorities("message:read") + .build()); } public static void main(String[] args) { diff --git a/servlet/spring-boot/java/data/src/main/java/example/MessageController.java b/servlet/spring-boot/java/data/src/main/java/example/MessageController.java index 45b0f21b2..261c2b833 100644 --- a/servlet/spring-boot/java/data/src/main/java/example/MessageController.java +++ b/servlet/spring-boot/java/data/src/main/java/example/MessageController.java @@ -24,6 +24,7 @@ @RestController public class MessageController { + private final MessageRepository messages; public MessageController(MessageRepository messages) { diff --git a/servlet/spring-boot/java/data/src/main/java/example/Null.java b/servlet/spring-boot/java/data/src/main/java/example/Null.java index bdb89469c..2455e95c3 100644 --- a/servlet/spring-boot/java/data/src/main/java/example/Null.java +++ b/servlet/spring-boot/java/data/src/main/java/example/Null.java @@ -24,8 +24,10 @@ @Component public class Null implements MethodAuthorizationDeniedHandler { + @Override public Object handleDeniedInvocation(MethodInvocation methodInvocation, AuthorizationResult authorizationResult) { return null; } + } diff --git a/servlet/spring-boot/java/data/src/test/java/example/DataApplicationTests.java b/servlet/spring-boot/java/data/src/test/java/example/DataApplicationTests.java index cf4f6ba46..50e892deb 100644 --- a/servlet/spring-boot/java/data/src/test/java/example/DataApplicationTests.java +++ b/servlet/spring-boot/java/data/src/test/java/example/DataApplicationTests.java @@ -22,12 +22,9 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.security.access.AccessDeniedException; import org.springframework.security.test.context.support.WithMockUser; import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatExceptionOfType; -import static org.assertj.core.api.Assertions.assertThatNoException; /** * @author Rob Winch @@ -44,43 +41,44 @@ void findAllOnlyToCurrentUserCantReadMessage() { List messages = this.repository.findAll(); assertThat(messages).hasSize(3); for (Message message : messages) { - assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(message::getSummary); - assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(message::getText); + assertThat(message.getSummary()).isNull(); + assertThat(message.getText()).isNull(); } } @Test - @WithMockUser(username="rob", authorities="message:read") + @WithMockUser(username = "rob", authorities = "message:read") void findAllOnlyToCurrentUserCanReadMessage() { List messages = this.repository.findAll(); assertThat(messages).hasSize(3); for (Message message : messages) { - assertThatNoException().isThrownBy(message::getSummary); - assertThatNoException().isThrownBy(message::getText); + assertThat(message.getSummary()).isNotNull(); + assertThat(message.getText()).isNotNull(); } } @Test - @WithMockUser(username="rob", authorities="message:read") + @WithMockUser(username = "rob", authorities = "message:read") void findAllOnlyToCurrentUserCantReadUserDetails() { List messages = this.repository.findAll(); assertThat(messages).hasSize(3); for (Message message : messages) { User user = message.getTo(); - assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(user::getFirstName); - assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(user::getLastName); + assertThat(user.getFirstName()).isNull(); + assertThat(user.getLastName()).isNull(); } } @Test - @WithMockUser(username="rob", authorities={ "message:read", "user:read" }) + @WithMockUser(username = "rob", authorities = { "message:read", "user:read" }) void findAllOnlyToCurrentUserCanReadUserDetails() { List messages = this.repository.findAll(); assertThat(messages).hasSize(3); for (Message message : messages) { User user = message.getTo(); - assertThatNoException().isThrownBy(user::getFirstName); - assertThatNoException().isThrownBy(user::getLastName); + assertThat(user.getFirstName()).isNotNull(); + assertThat(user.getLastName()).isNotNull(); } } + }