Skip to content

Commit

Permalink
chequear autorizacion con SecurityContextHolderAwareRequestWrapper
Browse files Browse the repository at this point in the history
  • Loading branch information
@IsaiasMorochi
IsaiasMorochi committed Sep 7, 2019
1 parent ed92423 commit e482e57
Showing 1 changed file with 28 additions and 3 deletions.
31 changes: 28 additions & 3 deletions src/main/java/com/controllers/ClienteController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
import java.util.Collection;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.validation.Valid;


Expand All @@ -23,11 +24,13 @@
import org.springframework.data.domain.Pageable;
import org.springframework.http.HttpHeaders;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
Expand Down Expand Up @@ -63,6 +66,7 @@ public ResponseEntity<Resource> verFoto(@PathVariable String filename) {
.body(recurso);
}

@Secured({"ROLE_USER"})
@GetMapping(value = "/ver/{id}")
public String ver(@PathVariable(value = "id") Long id, Map<String, Object> model, RedirectAttributes flash) {
// Optional<Cliente> cl = clienteService.findById(id);
Expand All @@ -78,7 +82,7 @@ public String ver(@PathVariable(value = "id") Long id, Map<String, Object> model
}

@RequestMapping(value = {"/listar","/"}, method = RequestMethod.GET)
public String listar(@RequestParam(name="page", defaultValue="0") int page, Model model, Authentication authentication) {
public String listar(@RequestParam(name="page", defaultValue="0") int page, Model model, Authentication authentication, HttpServletRequest request) {

if (authentication != null){
logger.info("Hola usuario autenticado, tu username es: ".concat(authentication.getName()));
Expand All @@ -90,12 +94,29 @@ public String listar(@RequestParam(name="page", defaultValue="0") int page, Mode
logger.info("Utilizando forma estática SecurityContextHolder.getContext().getAuthentication(): Usuario autenticado: ".concat(auth.getName()));
}

// 1er forma
if(hasRole("ROLE_ADMIN")) {
logger.info("Hola ".concat(auth.getName()).concat(" tienes acceso!"));
} else {
logger.info("Hola ".concat(auth.getName()).concat(" NO tienes acceso!"));
}

//2da forma
SecurityContextHolderAwareRequestWrapper securityContext = new SecurityContextHolderAwareRequestWrapper(request, "");

if(securityContext.isUserInRole("ROLE_ADMIN")) {
logger.info("Forma usando SecurityContextHolderAwareRequestWrapper: Hola ".concat(auth.getName()).concat(" tienes acceso!"));
} else {
logger.info("Forma usando SecurityContextHolderAwareRequestWrapper: Hola ".concat(auth.getName()).concat(" NO tienes acceso!"));
}

//3era forma
if(request.isUserInRole("ROLE_ADMIN")) {
logger.info("Forma usando HttpServletRequest: Hola ".concat(auth.getName()).concat(" tienes acceso!"));
} else {
logger.info("Forma usando HttpServletRequest: Hola ".concat(auth.getName()).concat(" NO tienes acceso!"));
}

Pageable pageRequest = PageRequest.of(page, 4); //spring 5
Page<Cliente> clientes = clienteService.findAll(pageRequest);
PageRender<Cliente> pageRender = new PageRender<Cliente>("/listar", clientes);
Expand All @@ -107,14 +128,16 @@ public String listar(@RequestParam(name="page", defaultValue="0") int page, Mode
return "listar";
}

@Secured("ROLE_ADMIN")
@RequestMapping(value = "/form")
public String crear(Map<String, Object> model) {
Cliente cliente = new Cliente();
model.put("cliente", cliente);
model.put("titulo", "Crear Cliente");
return "form";
}


@Secured("ROLE_ADMIN")
@RequestMapping(value="/form/{id}")
public String editar(@PathVariable(value="id") Long id, Map<String, Object> model, RedirectAttributes flash) {

Expand All @@ -135,6 +158,7 @@ public String editar(@PathVariable(value="id") Long id, Map<String, Object> mode
return "form";
}

@Secured("ROLE_ADMIN")
@RequestMapping(value = "/form", method = RequestMethod.POST)
public String guardar(@Valid Cliente cliente, BindingResult result, Model model, @RequestParam("file") MultipartFile foto, RedirectAttributes flash, SessionStatus status) {

Expand Down Expand Up @@ -166,7 +190,8 @@ public String guardar(@Valid Cliente cliente, BindingResult result, Model model,
flash.addFlashAttribute("success", mensajeFlash);
return "redirect:listar";
}


@Secured("ROLE_ADMIN")
@RequestMapping(value="/eliminar/{id}")
public String eliminar(@PathVariable(value="id") Long id, RedirectAttributes flash) {

Expand Down

0 comments on commit e482e57

Please sign in to comment.