From e482e573f9008af6a5b421d7f3470fca64ef5ed3 Mon Sep 17 00:00:00 2001 From: IsaiasMorochi Date: Fri, 6 Sep 2019 22:08:13 -0400 Subject: [PATCH] chequear autorizacion con SecurityContextHolderAwareRequestWrapper --- .../com/controllers/ClienteController.java | 31 +++++++++++++++++-- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/controllers/ClienteController.java b/src/main/java/com/controllers/ClienteController.java index 5c45593..7f0e781 100644 --- a/src/main/java/com/controllers/ClienteController.java +++ b/src/main/java/com/controllers/ClienteController.java @@ -11,6 +11,7 @@ import java.util.Collection; import java.util.Map; +import javax.servlet.http.HttpServletRequest; import javax.validation.Valid; @@ -23,11 +24,13 @@ import org.springframework.data.domain.Pageable; import org.springframework.http.HttpHeaders; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.annotation.Secured; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.validation.BindingResult; @@ -63,6 +66,7 @@ public ResponseEntity verFoto(@PathVariable String filename) { .body(recurso); } + @Secured({"ROLE_USER"}) @GetMapping(value = "/ver/{id}") public String ver(@PathVariable(value = "id") Long id, Map model, RedirectAttributes flash) { // Optional cl = clienteService.findById(id); @@ -78,7 +82,7 @@ public String ver(@PathVariable(value = "id") Long id, Map model } @RequestMapping(value = {"/listar","/"}, method = RequestMethod.GET) - public String listar(@RequestParam(name="page", defaultValue="0") int page, Model model, Authentication authentication) { + public String listar(@RequestParam(name="page", defaultValue="0") int page, Model model, Authentication authentication, HttpServletRequest request) { if (authentication != null){ logger.info("Hola usuario autenticado, tu username es: ".concat(authentication.getName())); @@ -90,12 +94,29 @@ public String listar(@RequestParam(name="page", defaultValue="0") int page, Mode logger.info("Utilizando forma estática SecurityContextHolder.getContext().getAuthentication(): Usuario autenticado: ".concat(auth.getName())); } + // 1er forma if(hasRole("ROLE_ADMIN")) { logger.info("Hola ".concat(auth.getName()).concat(" tienes acceso!")); } else { logger.info("Hola ".concat(auth.getName()).concat(" NO tienes acceso!")); } + //2da forma + SecurityContextHolderAwareRequestWrapper securityContext = new SecurityContextHolderAwareRequestWrapper(request, ""); + + if(securityContext.isUserInRole("ROLE_ADMIN")) { + logger.info("Forma usando SecurityContextHolderAwareRequestWrapper: Hola ".concat(auth.getName()).concat(" tienes acceso!")); + } else { + logger.info("Forma usando SecurityContextHolderAwareRequestWrapper: Hola ".concat(auth.getName()).concat(" NO tienes acceso!")); + } + + //3era forma + if(request.isUserInRole("ROLE_ADMIN")) { + logger.info("Forma usando HttpServletRequest: Hola ".concat(auth.getName()).concat(" tienes acceso!")); + } else { + logger.info("Forma usando HttpServletRequest: Hola ".concat(auth.getName()).concat(" NO tienes acceso!")); + } + Pageable pageRequest = PageRequest.of(page, 4); //spring 5 Page clientes = clienteService.findAll(pageRequest); PageRender pageRender = new PageRender("/listar", clientes); @@ -107,6 +128,7 @@ public String listar(@RequestParam(name="page", defaultValue="0") int page, Mode return "listar"; } + @Secured("ROLE_ADMIN") @RequestMapping(value = "/form") public String crear(Map model) { Cliente cliente = new Cliente(); @@ -114,7 +136,8 @@ public String crear(Map model) { model.put("titulo", "Crear Cliente"); return "form"; } - + + @Secured("ROLE_ADMIN") @RequestMapping(value="/form/{id}") public String editar(@PathVariable(value="id") Long id, Map model, RedirectAttributes flash) { @@ -135,6 +158,7 @@ public String editar(@PathVariable(value="id") Long id, Map mode return "form"; } + @Secured("ROLE_ADMIN") @RequestMapping(value = "/form", method = RequestMethod.POST) public String guardar(@Valid Cliente cliente, BindingResult result, Model model, @RequestParam("file") MultipartFile foto, RedirectAttributes flash, SessionStatus status) { @@ -166,7 +190,8 @@ public String guardar(@Valid Cliente cliente, BindingResult result, Model model, flash.addFlashAttribute("success", mensajeFlash); return "redirect:listar"; } - + + @Secured("ROLE_ADMIN") @RequestMapping(value="/eliminar/{id}") public String eliminar(@PathVariable(value="id") Long id, RedirectAttributes flash) {