ProtectedController.java example

Explorer

Cerberus-master
- src
  - main
    - java
      - com
        brahalla
        Cerberus
        Application.java
        configuration
        CorsFilter.java
        WebSecurityConfiguration.java
        controller
        rest
        AuthenticationController.java
        ProtectedController.java
        domain
        base
        DomainBase.java
        entity
        User.java
        model
        base
        ModelBase.java
        factory
        CerberusUserFactory.java
        json
        request
        AuthenticationRequest.java
        response
        AuthenticationResponse.java
        security
        CerberusUser.java
        repository
        UserRepository.java
        security
        AuthenticationTokenFilter.java
        EntryPointUnauthorizedHandler.java
        TokenUtils.java
        service
        SecurityService.java
        impl
        SecurityServiceImpl.java
        UserDetailsServiceImpl.java
  - test
    - java
      - com
        brahalla
        Cerberus
        integration
        config
        TestContext.java
        controller
        rest
        AuthenticationControllerTest.java
        ProtectedControllerTest.java
        suite
        IntegrationTestSuite.java
        util
        RequestEntityBuilder.java
        TestApiConfig.java
        unit
        domain
        base
        DomainBaseTest.java
        entity
        UserTest.java
        model
        base
        ModelBaseTest.java
        factory
        CerberusUserFactoryTest.java
        json
        request
        AuthenticationRequestTest.java
        response
        AuthenticationResponseTest.java
        security
        CerberusUserTest.java

package com.brahalla.Cerberus.controller.rest;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("${cerberus.route.protected}")
public class ProtectedController {

  /**
  This is an example of some different kinds of granular restriction for endpoints. You can use the built-in SPEL expressions
  in @PreAuthorize such as 'hasRole()' to determine if a user has access. However, if you require logic beyond the methods
  Spring provides then you can encapsulate it in a service and register it as a bean to use it within the annotation as
  demonstrated below with 'securityService'.
  **/
  @RequestMapping(method = RequestMethod.GET)
  //@PreAuthorize("hasRole('ADMIN')")
  @PreAuthorize("@securityService.hasProtectedAccess()")
  public ResponseEntity<?> getDaHoney() {
    return ResponseEntity.ok(":O");
  }

}