org.springframework.security.access.prepost.PostFilter Java Examples
The following examples show how to use
org.springframework.security.access.prepost.PostFilter.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: CubeService.java From Kylin with Apache License 2.0 | 6 votes |
@PostFilter(Constant.ACCESS_POST_FILTER_READ) public List<CubeInstance> listAllCubes(final String cubeName, final String projectName) { List<CubeInstance> cubeInstances = null; ProjectInstance project = (null != projectName) ? getProjectManager().getProject(projectName) : null; if (null == project) { cubeInstances = getCubeManager().listAllCubes(); } else { cubeInstances = listAllCubes(projectName); } List<CubeInstance> filterCubes = new ArrayList<CubeInstance>(); for (CubeInstance cubeInstance : cubeInstances) { boolean isCubeMatch = (null == cubeName) || cubeInstance.getName().toLowerCase().contains(cubeName.toLowerCase()); if (isCubeMatch) { filterCubes.add(cubeInstance); } } return filterCubes; }
Example #2
Source File: SampleController.java From tutorial with MIT License | 5 votes |
/** * PreFilter/PostFilter这2个注解的作用是过滤参数/返回值的;PreFilter会按照注解参数设定,只保留符合规则的参数传给方法; * PostFilter则把方法返回值再次过滤,只保留符合规则的返回给客户端。 * 例如下面的例子,PreFilter会过滤掉客户端传递过来的参数中所有不以a开头的字符串;而PostFilter则过滤掉返回数据中所有不以b结尾的字符串。 * 执行时,客户端传递的字符串数组,只有以a开头的会被打印,并且只有以a开头并以b结尾的字符串才可以被返回给客户端; * PreFilter/PostFilter也和PreAuthorize/PostAuthorize一样必须用@EnableGlobalMethodSecurity(prePostEnabled = true打开才能用。 */ @PostMapping("/children") @PreFilter(filterTarget="list", value="filterObject.startsWith('a')") @PostFilter("filterObject.endsWith('b')") public List<String> echo(@RequestBody List<String> list){ if(log.isTraceEnabled()) { log.trace("echo ... list.size()= " + list.size()); for(String s : list) { log.trace(" " + s ); } } return list; }
Example #3
Source File: DefaultPersonService.java From openregistry with Apache License 2.0 | 5 votes |
@PostFilter("hasPermission(filterObject, 'read')") public List<PersonMatch> searchForPersonBy(final SearchCriteria searchCriteria) { if (StringUtils.hasText(searchCriteria.getIdentifierValue())) { final String identifierValue = searchCriteria.getIdentifierValue(); final Person person = this.findPersonByIdentifier(searchCriteria.getIdentifierType().getName(), identifierValue); if (person != null) return new ArrayList<PersonMatch>(Arrays.asList(new PersonMatchImpl(person, 100, new ArrayList<FieldMatch>()))); else return new ArrayList<PersonMatch>(); } final List<Person> persons = this.personRepository.searchByCriteria(searchCriteria); return createMatches(persons); }
Example #4
Source File: SnapshotsController.java From front50 with Apache License 2.0 | 5 votes |
@PreAuthorize("@fiatPermissionEvaluator.storeWholePermission()") @PostFilter("hasPermission(filterObject.application, 'APPLICATION', 'READ')") @RequestMapping(value = "/{id:.+}/history", method = RequestMethod.GET) public Collection<Snapshot> getHistory( @PathVariable String id, @RequestParam(value = "limit", defaultValue = "20") int limit) { return snapshotDAO.history(id, limit); }
Example #5
Source File: PipelineController.java From front50 with Apache License 2.0 | 5 votes |
@PreAuthorize("@fiatPermissionEvaluator.storeWholePermission()") @PostFilter("hasPermission(filterObject.application, 'APPLICATION', 'READ')") @RequestMapping(value = "{id:.+}/history", method = RequestMethod.GET) public Collection<Pipeline> getHistory( @PathVariable String id, @RequestParam(value = "limit", defaultValue = "20") int limit) { return pipelineDAO.history(id, limit); }
Example #6
Source File: PipelineController.java From front50 with Apache License 2.0 | 5 votes |
@PreAuthorize("#restricted ? @fiatPermissionEvaluator.storeWholePermission() : true") @PostFilter("#restricted ? hasPermission(filterObject.name, 'APPLICATION', 'READ') : true") @RequestMapping(value = "", method = RequestMethod.GET) public Collection<Pipeline> list( @RequestParam(required = false, value = "restricted", defaultValue = "true") boolean restricted, @RequestParam(required = false, value = "refresh", defaultValue = "true") boolean refresh) { return pipelineDAO.all(refresh); }
Example #7
Source File: BookRepository.java From spring-data-rest-acl with Apache License 2.0 | 4 votes |
@Override @PostFilter("hasPermission(filterObject, 'read') or hasPermission(filterObject, admin)") Iterable<Book> findAll();
Example #8
Source File: NoticeMessageRepository.java From tutorials with MIT License | 4 votes |
@PostFilter("hasPermission(filterObject, 'READ')") List<NoticeMessage> findAll();
Example #9
Source File: TaskService.java From tutorials with MIT License | 4 votes |
@PostFilter("hasRole('MANAGER') or filterObject.assignee == authentication.name") public Iterable<Task> findAll() { return taskRepository.findAll(); }
Example #10
Source File: UserRoleService.java From tutorials with MIT License | 4 votes |
@PostFilter("filterObject != authentication.principal.username") public List<String> getAllUsernamesExceptCurrent() { return userRoleRepository.getAllUsernames(); }
Example #11
Source File: DeliveryController.java From front50 with Apache License 2.0 | 4 votes |
@PostFilter("hasPermission(filterObject.application, 'APPLICATION', 'READ')") @ApiOperation(value = "", notes = "Get all delivery configs") @RequestMapping(method = RequestMethod.GET, value = "/deliveries") Collection<Delivery> getAllConfigs() { return deliveryRepository.getAllConfigs(); }
Example #12
Source File: StrategyController.java From front50 with Apache License 2.0 | 4 votes |
@PostFilter("hasPermission(filterObject.application, 'APPLICATION', 'READ')") @RequestMapping(value = "{id:.+}/history", method = RequestMethod.GET) public Collection<Pipeline> getHistory( @PathVariable String id, @RequestParam(value = "limit", defaultValue = "20") int limit) { return pipelineStrategyDAO.history(id, limit); }
Example #13
Source File: StrategyController.java From front50 with Apache License 2.0 | 4 votes |
@PreAuthorize("@fiatPermissionEvaluator.storeWholePermission()") @PostFilter("hasPermission(filterObject.application, 'APPLICATION', 'READ')") @RequestMapping(value = "", method = RequestMethod.GET) public Collection<Pipeline> list() { return pipelineStrategyDAO.all(); }
Example #14
Source File: ProjectService.java From kylin-on-parquet-v2 with Apache License 2.0 | 4 votes |
@PostFilter(Constant.ACCESS_POST_FILTER_READ) public List<ProjectInstance> listProjects(final Integer limit, final Integer offset) { List<ProjectInstance> projects = listAllProjects(limit, offset); return projects; }
Example #15
Source File: ProjectService.java From kylin with Apache License 2.0 | 4 votes |
@PostFilter(Constant.ACCESS_POST_FILTER_READ) public List<ProjectInstance> listProjects(final Integer limit, final Integer offset) { List<ProjectInstance> projects = listAllProjects(limit, offset); return projects; }
Example #16
Source File: ShortMessageService.java From Spring-Boot-2-Fundamentals with MIT License | 4 votes |
@PostFilter("isAnonymous() || " + "filterObject.author.username == authentication.name") public List<ShortMessage> findAll() { // If you want to use @PostFilter, use a modifiable copy! return new ArrayList<>(shortMessages); }
Example #17
Source File: OverAnnotatedService.java From Spring-Boot-2-Fundamentals with MIT License | 4 votes |
@PreFilter("filterObject.content.length() < 240 or hasRole('ADMIN')") @PostFilter("filterObject.author.name == authentication.name") public List<ShortMessage> saveAndReturnAll(List<ShortMessage> posts) { return posts; }
Example #18
Source File: CalendarService.java From Spring-Security-Third-Edition with MIT License | 2 votes |
/** * Gets all the available {@link Event}'s. * * @return a non-null {@link List} of {@link Event}'s */ // @RolesAllowed({"ROLE_ADMIN"}) @PostFilter("principal.id == filterObject.owner.id or " + "principal.id == filterObject.attendee.id") List<Event> getEvents();
Example #19
Source File: CalendarService.java From Spring-Security-Third-Edition with MIT License | 2 votes |
/** * Gets all the available {@link Event}'s. * * @return a non-null {@link List} of {@link Event}'s */ @PostFilter("hasPermission(filterObject, 'read') " + "or hasPermission(filterObject, 'admin_read')") List<Event> getEvents();
Example #20
Source File: CalendarService.java From Spring-Security-Third-Edition with MIT License | 2 votes |
/** * Gets all the available {@link Event}'s. * * @return a non-null {@link List} of {@link Event}'s */ @PostFilter("hasPermission(filterObject, 'read') " + "or hasPermission(filterObject, 'admin_read')") List<Event> getEvents();
Example #21
Source File: CalendarService.java From Spring-Security-Third-Edition with MIT License | 2 votes |
/** * Gets all the available {@link Event}'s. * * @return a non-null {@link List} of {@link Event}'s */ @PostFilter("hasPermission(filterObject, 'read')") List<Event> getEvents();
Example #22
Source File: CalendarService.java From Spring-Security-Third-Edition with MIT License | 2 votes |
/** * Gets all the available {@link Event}'s. * * @return a non-null {@link List} of {@link Event}'s */ @PostFilter("hasPermission(filterObject, 'read') " + "or hasPermission(filterObject, 'admin_read')") List<Event> getEvents();
Example #23
Source File: CategoryService.java From attic-rave with Apache License 2.0 | 2 votes |
/** * @return a {@link java.util.List} with all {@link org.apache.rave.model.Category}'s */ @PostFilter("hasPermission(filterObject, 'read')") List<Category> getAllList();
Example #24
Source File: PageService.java From attic-rave with Apache License 2.0 | 2 votes |
/** * Gets the set of pages for the given user and context * * @since 0.22 * @param context the context for the pages ex: "portal", "profile", etc. * @param contextId the identifier of the item in the context that matches the page. * examples: * context: "person_profile", contextId: "profile owner's id" * context: "group", contextId: "group id" * context: "project", contextId: "project number" * context: "dashboard", contextId: "subject" * context: "portal", contextId: "owner's id" * * @return A non-null, possibly empty list of page for the given user. */ @PostFilter("hasPermission(filterObject, 'read')") List<Page> getPages(String context, String contextId);
Example #25
Source File: CalendarService.java From Spring-Security-Third-Edition with MIT License | 2 votes |
/** * Gets all the available {@link Event}'s. * * @return a non-null {@link List} of {@link Event}'s */ @PostFilter("hasPermission(filterObject, 'read')") List<Event> getEvents();
Example #26
Source File: CalendarService.java From Spring-Security-Third-Edition with MIT License | 2 votes |
/** * Gets all the available {@link Event}'s. * * @return a non-null {@link List} of {@link Event}'s */ @PostFilter("hasPermission(filterObject, 'read')") List<Event> getEvents();
Example #27
Source File: ContactService.java From JavaSecurity with Apache License 2.0 | 2 votes |
/** * This method loads all contacts from the database and removes those contacts from the resulting list that don't * belong to the currently authenticated user. In a real application the select query would already contain the * user id and return only those contacts that the user is allowed to see. However to demonstrate some Spring * Security capabilities, all filtering is done via the {@code PostFilter} annotation. * * @return The list of contacts for the currently authenticated user */ @PreAuthorize("hasRole('USER')") @PostFilter("filterObject.username == principal.username") List<Contact> getContacts() { return jdbcTemplate.query("SELECT * FROM contacts", (rs, rowNum) -> createContact(rs)); }