Examples with PostAuthorize org.springframework.security.access.prepost.PostAuthorize used on opensource projects

Search in sources :

Example 1 with PostAuthorize

use of org.springframework.security.access.prepost.PostAuthorize in project ArachneCentralAPI by OHDSI.

the class BaseSubmissionInsightServiceImpl method getSubmissionInsight.

@Override
@PostAuthorize("@ArachnePermissionEvaluator.addPermissions(principal, returnObject )")
public SubmissionInsight getSubmissionInsight(Long submissionId) throws NotExistException {
    final SubmissionInsight insight = submissionInsightRepository.findOneBySubmissionId(submissionId);
    throwNotExistExceptionIfNull(insight, submissionId);
    return insight;
}
Also used : SubmissionInsight(com.odysseusinc.arachne.portal.model.SubmissionInsight) PostAuthorize(org.springframework.security.access.prepost.PostAuthorize)

Example 2 with PostAuthorize

use of org.springframework.security.access.prepost.PostAuthorize in project ArachneCentralAPI by OHDSI.

the class BasePaperServiceImpl method update.

@PreAuthorize("hasPermission(#paper.id, 'Paper', " + "T(com.odysseusinc.arachne.portal.security.ArachnePermission).EDIT_PAPER)")
@PostAuthorize("@ArachnePermissionEvaluator.processPermissions(principal, returnObject )")
@Override
public P update(P paper) {
    final P exists = getPaperByIdOrThrow(paper.getId());
    final PublishState publishState = paper.getPublishState();
    if (publishState != null && validatePublishStateTransition(publishState, exists)) {
        exists.setPublishState(publishState);
        exists.setPublishedDate(publishState == PublishState.PUBLISHED ? new Date() : null);
    }
    beforePaperUpdate(exists, paper);
    P save = paperRepository.save(exists);
    afterPaperUpdate(exists, paper);
    return save;
}
Also used : Date(java.util.Date) PublishState(com.odysseusinc.arachne.portal.model.PublishState) PostAuthorize(org.springframework.security.access.prepost.PostAuthorize) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 3 with PostAuthorize

use of org.springframework.security.access.prepost.PostAuthorize in project motech by motech.

the class SecurityAnnotationBeanPostProcessor method postProcessAfterInitialization.

/**
 * Searches for {@link org.springframework.security.access.prepost.PreAuthorize}
 * and {@link org.springframework.security.access.prepost.PostAuthorize} annotations
 * representing permissions and parses them. Parsed annotations are used
 * to find permissions. After that those permissions are added to
 * {@link org.motechproject.security.service.MotechPermissionService}
 *
 * @param bean to be processed
 * @param beanName name of the bean
 * @return processed bean
 */
@Override
public Object postProcessAfterInitialization(final Object bean, final String beanName) {
    LOGGER.debug("Searching for security annotations in: {}", beanName);
    doWithMethods(bean.getClass(), new MethodCallback() {

        @Override
        public void doWith(Method method) throws IllegalAccessException {
            Method methodOfOriginalClassIfProxied = findMethod(getTargetClass(bean), method.getName(), method.getParameterTypes());
            if (methodOfOriginalClassIfProxied != null) {
                PreAuthorize preAuthorize = findAnnotation(methodOfOriginalClassIfProxied, PreAuthorize.class);
                PostAuthorize postAuthorize = findAnnotation(methodOfOriginalClassIfProxied, PostAuthorize.class);
                List<String> annotations = new ArrayList<>(2);
                List<String> permissions = new ArrayList<>();
                if (preAuthorize != null) {
                    annotations.add(preAuthorize.value());
                }
                if (postAuthorize != null) {
                    annotations.add(postAuthorize.value());
                }
                for (String annotation : annotations) {
                    SpelExpression expression = (SpelExpression) annotationParser.parseExpression(annotation);
                    permissions.addAll(findPermissions(expression.getAST()));
                }
                addRoleAndPermissions(permissions);
            }
        }
    });
    LOGGER.debug("Searched for security annotations in: {}", beanName);
    return bean;
}
Also used : SpelExpression(org.springframework.expression.spel.standard.SpelExpression) ArrayList(java.util.ArrayList) List(java.util.List) ReflectionUtils.findMethod(org.springframework.util.ReflectionUtils.findMethod) Method(java.lang.reflect.Method) PostAuthorize(org.springframework.security.access.prepost.PostAuthorize) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) MethodCallback(org.springframework.util.ReflectionUtils.MethodCallback)

Example 4 with PostAuthorize

use of org.springframework.security.access.prepost.PostAuthorize in project xm-ms-entity by xm-online.

the class XmEntitySpecResource method getTypeSpec.

/**
 * GET  /xm-entity-specs/:key : get the "key" typeSpec.
 *
 * @param key the key of the typeSpec to retrieve
 * @return the ResponseEntity with status 200 (OK) and with body the typeSpec, or with status 404 (Not Found)
 */
@GetMapping("/xm-entity-specs/{key}")
@Timed
@PostAuthorize("hasPermission({'returnObject': returnObject.body}, 'XMENTITY_SPEC.GET_LIST.ITEM')")
public ResponseEntity<TypeSpec> getTypeSpec(@PathVariable String key) {
    log.debug("REST request to get TypeSpec : {}", key);
    TypeSpec typeSpec = xmEntitySpecService.findTypeByKey(key);
    return RespContentUtil.wrapOrNotFound(Optional.ofNullable(typeSpec));
}
Also used : TypeSpec(com.icthh.xm.ms.entity.domain.spec.TypeSpec) GetMapping(org.springframework.web.bind.annotation.GetMapping) Timed(com.codahale.metrics.annotation.Timed) PostAuthorize(org.springframework.security.access.prepost.PostAuthorize)

Example 5 with PostAuthorize

use of org.springframework.security.access.prepost.PostAuthorize in project ArachneCentralAPI by OHDSI.

the class BaseSubmissionServiceImpl method getSubmissionGroups.

@Override
@PreAuthorize("hasPermission(#submissoinGroupSearch.analysisId,  'Analysis', " + "T(com.odysseusinc.arachne.portal.security.ArachnePermission).ACCESS_STUDY)")
@PostAuthorize("@ArachnePermissionEvaluator.addPermissionsToSubmissions(principal, returnObject )")
public Page<SubmissionGroup> getSubmissionGroups(SubmissionGroupSearch submissoinGroupSearch) {
    final SubmissionGroupSpecification submissionGroupSpecification = new SubmissionGroupSpecification(submissoinGroupSearch);
    final Integer page = submissoinGroupSearch.getPage();
    final PageRequest pageRequest = PageRequest.of(page == null ? 0 : page - 1, submissoinGroupSearch.getPageSize(), Sort.by(Sort.Direction.DESC, "created"));
    final Page<SubmissionGroup> submissionGroups = submissionGroupRepository.findAll(submissionGroupSpecification, pageRequest);
    final List<SubmissionGroup> content = submissionGroups.getContent();
    final Map<Long, SubmissionGroup> submissionGroupMap = content.stream().collect(Collectors.toMap(SubmissionGroup::getId, sg -> {
        sg.setSubmissions(new ArrayList<>());
        return sg;
    }));
    final Set<Long> submissionGroupIds = submissionGroupMap.keySet();
    if (!CollectionUtils.isEmpty(submissionGroupIds)) {
        final SubmissionSpecification<T> submissionSpecification = SubmissionSpecification.<T>builder(submissionGroupIds).withStatuses(submissoinGroupSearch.getSubmissionStatuses()).withDataSourceIds(submissoinGroupSearch.getDataSourceIds()).hasInsight(submissoinGroupSearch.getHasInsight()).showHidden(submissoinGroupSearch.getShowHidden()).build();
        submissionRepository.findAll(submissionSpecification).forEach(s -> submissionGroupMap.get(s.getSubmissionGroup().getId()).getSubmissions().add(s));
    }
    return submissionGroups;
}
Also used : Arrays(java.util.Arrays) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) ResultFile(com.odysseusinc.arachne.portal.model.ResultFile) FileSaveRequest(com.odysseusinc.arachne.storage.util.FileSaveRequest) FAILED_PUBLISHED(com.odysseusinc.arachne.portal.model.SubmissionStatus.FAILED_PUBLISHED) BaseDataSourceService(com.odysseusinc.arachne.portal.service.BaseDataSourceService) Analysis(com.odysseusinc.arachne.portal.model.Analysis) Map(java.util.Map) Sort(org.springframework.data.domain.Sort) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) Triple(org.apache.commons.lang3.tuple.Triple) Path(java.nio.file.Path) SubmissionStatusHistoryElement(com.odysseusinc.arachne.portal.model.SubmissionStatusHistoryElement) SubmissionHelper(com.odysseusinc.arachne.portal.util.SubmissionHelper) EXECUTE(com.odysseusinc.arachne.portal.service.impl.submission.SubmissionActionType.EXECUTE) ArachneMailSender(com.odysseusinc.arachne.portal.service.mail.ArachneMailSender) BaseSubmissionRepository(com.odysseusinc.arachne.portal.repository.submission.BaseSubmissionRepository) SubmissionGroupRepository(com.odysseusinc.arachne.portal.repository.SubmissionGroupRepository) PageRequest(org.springframework.data.domain.PageRequest) Set(java.util.Set) Page(org.springframework.data.domain.Page) IUser(com.odysseusinc.arachne.portal.model.IUser) SubmissionInsightRepository(com.odysseusinc.arachne.portal.repository.SubmissionInsightRepository) SimpMessagingTemplate(org.springframework.messaging.simp.SimpMessagingTemplate) Stream(java.util.stream.Stream) StringUtils.isNotBlank(org.apache.commons.lang3.StringUtils.isNotBlank) CollectionUtils(org.springframework.util.CollectionUtils) SubmissionStatus(com.odysseusinc.arachne.portal.model.SubmissionStatus) ZipOutputStream(java.util.zip.ZipOutputStream) PENDING(com.odysseusinc.arachne.portal.model.SubmissionStatus.PENDING) FAILED_REJECTED(com.odysseusinc.arachne.portal.model.SubmissionStatus.FAILED_REJECTED) StandardCopyOption(java.nio.file.StandardCopyOption) ArrayList(java.util.ArrayList) Value(org.springframework.beans.factory.annotation.Value) InvitationApprovalSubmissionArachneMailMessage(com.odysseusinc.arachne.portal.service.mail.InvitationApprovalSubmissionArachneMailMessage) ApproveDTO(com.odysseusinc.arachne.portal.api.v1.dto.ApproveDTO) ZipUtil(com.odysseusinc.arachne.portal.util.ZipUtil) UserService(com.odysseusinc.arachne.portal.service.UserService) FileHeader(net.lingala.zip4j.model.FileHeader) SubmissionFileRepository(com.odysseusinc.arachne.portal.repository.SubmissionFileRepository) Files(java.nio.file.Files) SubmissionGroupSpecification(com.odysseusinc.arachne.portal.model.search.SubmissionGroupSpecification) FileUtils(org.apache.commons.io.FileUtils) IOException(java.io.IOException) EntityManager(javax.persistence.EntityManager) DataNodeUtils(com.odysseusinc.arachne.portal.util.DataNodeUtils) File(java.io.File) ContentStorageHelper(com.odysseusinc.arachne.portal.util.ContentStorageHelper) AnalysisFile(com.odysseusinc.arachne.portal.model.AnalysisFile) QuerySpec(com.odysseusinc.arachne.storage.model.QuerySpec) Paths(java.nio.file.Paths) FAILED(com.odysseusinc.arachne.portal.model.SubmissionStatus.FAILED) PUBLISH(com.odysseusinc.arachne.portal.service.impl.submission.SubmissionActionType.PUBLISH) DataNodeUtils.isDataNodeOwner(com.odysseusinc.arachne.portal.util.DataNodeUtils.isDataNodeOwner) UpdateNotificationDTO(com.odysseusinc.arachne.portal.api.v1.dto.UpdateNotificationDTO) AnalysisHelper(com.odysseusinc.arachne.portal.util.AnalysisHelper) Date(java.util.Date) LoggerFactory(org.slf4j.LoggerFactory) EXECUTED_PUBLISHED(com.odysseusinc.arachne.portal.model.SubmissionStatus.EXECUTED_PUBLISHED) IDataSource(com.odysseusinc.arachne.portal.model.IDataSource) ResultFileSearch(com.odysseusinc.arachne.portal.model.search.ResultFileSearch) SubmissionFile(com.odysseusinc.arachne.portal.model.SubmissionFile) SubmissionStatusHistoryRepository(com.odysseusinc.arachne.portal.repository.SubmissionStatusHistoryRepository) BaseSubmissionService(com.odysseusinc.arachne.portal.service.submission.BaseSubmissionService) ContentStorageService(com.odysseusinc.arachne.storage.service.ContentStorageService) ArachneFileMeta(com.odysseusinc.arachne.storage.model.ArachneFileMeta) PostAuthorize(org.springframework.security.access.prepost.PostAuthorize) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) FileNotFoundException(java.io.FileNotFoundException) Objects(java.util.Objects) CommonFileUtils(com.odysseusinc.arachne.commons.utils.CommonFileUtils) SubmissionSpecification(com.odysseusinc.arachne.portal.model.search.SubmissionSpecification) List(java.util.List) ZipFile(net.lingala.zip4j.ZipFile) Optional(java.util.Optional) SubmissionActionType(com.odysseusinc.arachne.portal.service.impl.submission.SubmissionActionType) Queue(java.util.Queue) FilenameUtils(org.apache.commons.io.FilenameUtils) NOT_APPROVED(com.odysseusinc.arachne.portal.model.SubmissionStatus.NOT_APPROVED) EntityGraph(com.cosium.spring.data.jpa.entity.graph.domain.EntityGraph) DigestUtils(org.springframework.util.DigestUtils) LegacyAnalysisHelper(com.odysseusinc.arachne.portal.util.LegacyAnalysisHelper) Submission(com.odysseusinc.arachne.portal.model.Submission) SubmissionGroupSearch(com.odysseusinc.arachne.portal.model.search.SubmissionGroupSearch) ResultFileRepository(com.odysseusinc.arachne.portal.repository.ResultFileRepository) ValidationException(com.odysseusinc.arachne.portal.exception.ValidationException) EXECUTED_REJECTED(com.odysseusinc.arachne.portal.model.SubmissionStatus.EXECUTED_REJECTED) HashSet(java.util.HashSet) NoExecutableFileException(com.odysseusinc.arachne.portal.exception.NoExecutableFileException) EXECUTED(com.odysseusinc.arachne.portal.model.SubmissionStatus.EXECUTED) UserDetails(org.springframework.security.core.userdetails.UserDetails) LinkedList(java.util.LinkedList) UUIDGenerator(com.odysseusinc.arachne.commons.utils.UUIDGenerator) OutputStream(java.io.OutputStream) Logger(org.slf4j.Logger) SubmissionResultFileRepository(com.odysseusinc.arachne.portal.repository.SubmissionResultFileRepository) SequenceInputStream(java.io.SequenceInputStream) SubmissionAction(com.odysseusinc.arachne.portal.service.impl.submission.SubmissionAction) PermissionDeniedException(com.odysseusinc.arachne.portal.exception.PermissionDeniedException) WebSecurityConfig(com.odysseusinc.arachne.portal.config.WebSecurityConfig) NotExistException(com.odysseusinc.arachne.portal.exception.NotExistException) EntityUtils(com.odysseusinc.arachne.portal.util.EntityUtils) MultipartFile(org.springframework.web.multipart.MultipartFile) IN_PROGRESS(com.odysseusinc.arachne.portal.model.SubmissionStatus.IN_PROGRESS) SubmissionGroup(com.odysseusinc.arachne.portal.model.SubmissionGroup) Collections(java.util.Collections) Transactional(org.springframework.transaction.annotation.Transactional) InputStream(java.io.InputStream) SubmissionGroup(com.odysseusinc.arachne.portal.model.SubmissionGroup) ArrayList(java.util.ArrayList) PageRequest(org.springframework.data.domain.PageRequest) SubmissionGroupSpecification(com.odysseusinc.arachne.portal.model.search.SubmissionGroupSpecification) PostAuthorize(org.springframework.security.access.prepost.PostAuthorize) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Aggregations

PostAuthorize (org.springframework.security.access.prepost.PostAuthorize)7 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)5 Date (java.util.Date)3 NotExistException (com.odysseusinc.arachne.portal.exception.NotExistException)2 ValidationException (com.odysseusinc.arachne.portal.exception.ValidationException)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2 Transactional (org.springframework.transaction.annotation.Transactional)2 Timed (com.codahale.metrics.annotation.Timed)1 EntityGraph (com.cosium.spring.data.jpa.entity.graph.domain.EntityGraph)1 TypeSpec (com.icthh.xm.ms.entity.domain.spec.TypeSpec)1 CommonFileUtils (com.odysseusinc.arachne.commons.utils.CommonFileUtils)1 UUIDGenerator (com.odysseusinc.arachne.commons.utils.UUIDGenerator)1 ApproveDTO (com.odysseusinc.arachne.portal.api.v1.dto.ApproveDTO)1 UpdateNotificationDTO (com.odysseusinc.arachne.portal.api.v1.dto.UpdateNotificationDTO)1 WebSecurityConfig (com.odysseusinc.arachne.portal.config.WebSecurityConfig)1 NoExecutableFileException (com.odysseusinc.arachne.portal.exception.NoExecutableFileException)1 NotUniqueException (com.odysseusinc.arachne.portal.exception.NotUniqueException)1 PermissionDeniedException (com.odysseusinc.arachne.portal.exception.PermissionDeniedException)1 Analysis (com.odysseusinc.arachne.portal.model.Analysis)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial