From a8046a12270c98f5a6efb4415596b21fb149178a Mon Sep 17 00:00:00 2001 From: Florian THIERRY Date: Thu, 30 Nov 2023 15:45:16 +0100 Subject: [PATCH] Add annotations to allow or deny use-cases access. --- .../configuration/SecurityConfiguration.java | 7 ++----- .../security/annotation/AllowedToAdmins.java | 14 ++++++++++++++ .../security/annotation/AllowedToAnonymous.java | 14 ++++++++++++++ .../sportshub/application/user/UserUseCases.java | 2 ++ 4 files changed, 32 insertions(+), 5 deletions(-) create mode 100644 sportshub-application/src/main/java/org/sportshub/application/security/annotation/AllowedToAdmins.java create mode 100644 sportshub-application/src/main/java/org/sportshub/application/security/annotation/AllowedToAnonymous.java diff --git a/sportshub-application/src/main/java/org/sportshub/application/configuration/SecurityConfiguration.java b/sportshub-application/src/main/java/org/sportshub/application/configuration/SecurityConfiguration.java index c351f7e..b80f3b4 100644 --- a/sportshub-application/src/main/java/org/sportshub/application/configuration/SecurityConfiguration.java +++ b/sportshub-application/src/main/java/org/sportshub/application/configuration/SecurityConfiguration.java @@ -1,6 +1,5 @@ package org.sportshub.application.configuration; -import static org.sportshub.domain.user.model.UserRole.ADMIN; import static org.springframework.http.HttpMethod.GET; import static org.springframework.http.HttpMethod.OPTIONS; import static org.springframework.http.HttpMethod.POST; @@ -9,6 +8,7 @@ import org.sportshub.application.security.JwtAuthenticationFilter; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.Customizer; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; @@ -23,6 +23,7 @@ import static jakarta.servlet.http.HttpServletResponse.SC_UNAUTHORIZED; @Configuration @EnableWebSecurity +@EnableMethodSecurity(securedEnabled = true) public class SecurityConfiguration { @Bean public SecurityFilterChain securityFilterChain( @@ -45,10 +46,6 @@ public class SecurityConfiguration { "/api/health/check", "/error" ).permitAll() - .requestMatchers( - GET, - "/api/users" - ).hasAuthority(ADMIN.name()) .requestMatchers( POST, "/api/users/login" diff --git a/sportshub-application/src/main/java/org/sportshub/application/security/annotation/AllowedToAdmins.java b/sportshub-application/src/main/java/org/sportshub/application/security/annotation/AllowedToAdmins.java new file mode 100644 index 0000000..cf660b3 --- /dev/null +++ b/sportshub-application/src/main/java/org/sportshub/application/security/annotation/AllowedToAdmins.java @@ -0,0 +1,14 @@ +package org.sportshub.application.security.annotation; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +import org.springframework.security.access.prepost.PreAuthorize; + +@Target(ElementType.METHOD) +@Retention(RetentionPolicy.RUNTIME) +@PreAuthorize("hasAuthority('ROLE_' + T(org.sportshub.domain.user.model.UserRole).ADMIN.name())") +public @interface AllowedToAdmins { +} diff --git a/sportshub-application/src/main/java/org/sportshub/application/security/annotation/AllowedToAnonymous.java b/sportshub-application/src/main/java/org/sportshub/application/security/annotation/AllowedToAnonymous.java new file mode 100644 index 0000000..1f7cf4c --- /dev/null +++ b/sportshub-application/src/main/java/org/sportshub/application/security/annotation/AllowedToAnonymous.java @@ -0,0 +1,14 @@ +package org.sportshub.application.security.annotation; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +import org.springframework.security.access.prepost.PreAuthorize; + +@Target(ElementType.METHOD) +@Retention(RetentionPolicy.RUNTIME) +@PreAuthorize("permitAll()") +public @interface AllowedToAnonymous { +} diff --git a/sportshub-application/src/main/java/org/sportshub/application/user/UserUseCases.java b/sportshub-application/src/main/java/org/sportshub/application/user/UserUseCases.java index 6956dad..f981850 100644 --- a/sportshub-application/src/main/java/org/sportshub/application/user/UserUseCases.java +++ b/sportshub-application/src/main/java/org/sportshub/application/user/UserUseCases.java @@ -5,6 +5,7 @@ import java.util.Optional; import java.util.UUID; import org.sportshub.application.security.JwtService; +import org.sportshub.application.security.annotation.AllowedToAdmins; import org.sportshub.domain.exception.LoginFailureException; import org.sportshub.domain.user.model.User; import org.sportshub.domain.user.port.UserPort; @@ -31,6 +32,7 @@ public class UserUseCases { return userPort.findById(userId); } + @AllowedToAdmins public List findAll() { return userPort.findAll(); }