Skip to content

Instantly share code, notes, and snippets.

@rjozefowicz

rjozefowicz/readme.md

Last active June 7, 2024 21:22
Show Gist options
  • Save rjozefowicz/a5aeaed87d9934cc2af18cfa8bc17aa3 to your computer and use it in GitHub Desktop.
Save rjozefowicz/a5aeaed87d9934cc2af18cfa8bc17aa3 to your computer and use it in GitHub Desktop.
Download ZIP
spring security workshop 09.06.2024
Raw
readme.md
@rjozefowicz
Copy link
Author

rjozefowicz commented Feb 21, 2020
edited
Loading

Ważne linki

DEBUG logs

logging.level.org.springframework.security=DEBUG

@rjozefowicz
Copy link
Author

Thymeleaf najpopularniejsze tagi:

<div class="alert alert-primary" sec:authorize="hasRole('ROLE_USER')">
    Widoczny tylko dla roli User
</div>
<div class="alert alert-primary" th:if="${#authorization.expression('hasRole(''ROLE_ADMIN'')')}">
    Tylko dla użytkowników z rolą ADMIN
</div>

<div class="alert alert-primary" sec:authorize-url="/user/delete/1">
    Widoczny tylko dla użytkownika , ktory ma dostep do zasobu
</div>

<div class="alert alert-primary" sec:authentication="name">
    Tutaj powinna wyswietlic sie nazwa uzytkownika
</div>

<div class="alert alert-primary" sec:authentication="principal.authorities">
    Tutaj powinny wyswietlic sie role uzytkownika
</div>

@rjozefowicz
Copy link
Author

rjozefowicz commented Nov 4, 2023
edited
Loading

Extra do APIKey:

  • rozszerz APIKey o rolę - pojedynczą (ADMIN, USER)
  • zmapuj rolę na GrantedAuthority która trafia do UsernamePasswordAuthenticationToken
  • w SecurityFIlterChain dodaj POST /organizations tylko dla ADMIN

Ściągawka:
.requestMatchers("/organizations/{organizationId}/**").access(new WebExpressionAuthorizationManager("hasRole('ROOT') or @securityService.canAccessOrganization(#organizationId)”))
albo
requestMatchers(.....).hasAuthority()

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment