Thanks to visit codestin.com
Credit goes to github.com

Skip to content

rename wildcardAuthorizationManager to permissionsAuthorizationManage… #943

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
basejump merged 3 commits into from
Sep 30, 2025
Merged

rename wildcardAuthorizationManager to permissionsAuthorizationManage… #943

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5c14769
rename wildcardAuthorizationManager to permissionsAuthorizationManage…
basejump Sep 30, 2025
a674f60
Merge branch 'acl-poc' into acl_poc_renames
basejump Sep 30, 2025
fd69129
Merge branch 'acl-poc' into acl_poc_renames
snimavat Sep 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 3 additions & 8 deletions ...les/hello-boot-security/src/main/groovy/yakity/security/HelloSecurityConfiguration.groovy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
import org.springframework.security.web.SecurityFilterChain

import yakworks.security.spring.DefaultSecurityConfiguration
import yakworks.security.spring.WildcardAuthorizationManager
import yakworks.security.spring.PermissionsAuthorizationManager
import yakworks.security.spring.token.store.TokenStore

import static org.springframework.security.config.Customizer.withDefaults
Expand All @@ -49,17 +49,12 @@ class HelloSecurityConfiguration {
@Autowired(required = false) TokenStore tokenStore;

@Bean
WildcardAuthorizationManager wildcardAuthorizationManager() {
return new WildcardAuthorizationManager()
}

@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http, WildcardAuthorizationManager wildcardAuthorizationManager) throws Exception {
SecurityFilterChain securityFilterChain(HttpSecurity http, PermissionsAuthorizationManager permissionsAuthorizationManager) throws Exception {
// DefaultSecurityConfiguration.applyBasicDefaults(http)
http
.authorizeHttpRequests((authorize) -> authorize
.requestMatchers("/actuator/**", "/resources/**", "/about").permitAll()
.requestMatchers("/api/**").access(wildcardAuthorizationManager)
.requestMatchers("/api/**").access(permissionsAuthorizationManager)
.anyRequest().authenticated()

)
Expand Down
13 changes: 4 additions & 9 deletions examples/rally-api/src/main/groovy/yakworks/rally/config/RallyApiSpringConfiguration.groovy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,15 @@ import yakworks.rally.RallyConfiguration
import yakworks.rally.api.TestTimeoutQueryArgsValidator
import yakworks.rest.grails.AppInfoBuilder
import yakworks.security.spring.DefaultSecurityConfiguration
import yakworks.security.spring.WildcardAuthorizationManager
import yakworks.security.spring.PermissionsAuthorizationManager
import yakworks.security.spring.token.CookieAuthSuccessHandler
import yakworks.security.spring.token.CookieUrlTokenSuccessHandler
import yakworks.security.spring.token.TokenUtils
import yakworks.security.spring.token.generator.JwtTokenGenerator
import yakworks.security.spring.token.store.TokenStore

import static org.springframework.security.config.Customizer.withDefaults
import static org.springframework.security.web.util.matcher.AntPathRequestMatcher.antMatcher

/**
* An example of explicitly configuring Spring Security with the defaults.
*/
Expand All @@ -57,7 +57,7 @@ class RallyApiSpringConfiguration {
@Autowired TokenStore tokenStore

@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http, WildcardAuthorizationManager wildcardAuthorizationManager) throws Exception {
SecurityFilterChain securityFilterChain(HttpSecurity http, PermissionsAuthorizationManager permissionsAuthorizationManager) throws Exception {
//var sth = new SubjectThreadState(null);
//defaults permit all
List permitAllMatchers = [
Expand All @@ -84,7 +84,7 @@ class RallyApiSpringConfiguration {
.requestMatchers("/security-tests/error403").hasRole("SUPER_DUPER")
.requestMatchers(permitAllMatchers as String[]).permitAll()
.requestMatchers("/validate").authenticated()
.anyRequest().access(wildcardAuthorizationManager)
.anyRequest().access(permissionsAuthorizationManager)
)
// http basic auth
.httpBasic(withDefaults())
Expand Down Expand Up @@ -140,11 +140,6 @@ class RallyApiSpringConfiguration {
return new TestTimeoutQueryArgsValidator()
}

@Bean
WildcardAuthorizationManager wildcardAuthorizationManager() {
return new WildcardAuthorizationManager()
}

// @Bean @Lazy(false)
// WebMvcRegistrations webMvcRegistrations() {
// return new WebMvcRegistrations() {
Expand Down
6 changes: 6 additions & 0 deletions .../boot-security/src/main/groovy/yakworks/security/spring/DefaultSecurityConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,4 +253,10 @@ public OpaqueTokenGenerator opaqueTokenGenerator() {
public StoreTokenGenerator storeTokenGenerator() {
return new StoreTokenGenerator();
}

@Bean //FIXME should it have @ConditionalOnMissingBean or will that scramble the pick up when spring sec already has one
PermissionsAuthorizationManager permissionsAuthorizationManager() {
return new PermissionsAuthorizationManager();
}

}
14 changes: 13 additions & 1 deletion ...pring/WildcardAuthorizationManager.groovy → ...ng/PermissionsAuthorizationManager.groovy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,30 @@ import java.util.function.Supplier
import javax.servlet.http.HttpServletRequest

import org.apache.shiro.authz.permission.WildcardPermission
import org.springframework.beans.factory.annotation.Value
import org.springframework.security.authorization.AuthorizationDecision
import org.springframework.security.authorization.AuthorizationManager
import org.springframework.security.core.Authentication
import org.springframework.security.web.access.intercept.RequestAuthorizationContext

class WildcardAuthorizationManager implements AuthorizationManager<RequestAuthorizationContext> {
/**
* AuthorizationManager that uses Shiro permissions to check the URL path against Wilcard permissions
*/
class PermissionsAuthorizationManager implements AuthorizationManager<RequestAuthorizationContext> {

@Value('${app.security.permissions.enabled:true}')
boolean permissionsEnabled

@Override
AuthorizationDecision check(Supplier<Authentication> authenticationSupplier, RequestAuthorizationContext context) {
Authentication authentication = authenticationSupplier.get()
HttpServletRequest request = context.getRequest()

//if its not enabled then always return true
if(!permissionsEnabled){
return new AuthorizationDecision(true)
}

if (!authentication?.isAuthenticated()) {
return new AuthorizationDecision(false)
}
Expand Down
4 changes: 2 additions & 2 deletions ...g/WildcardAuthorizationManagerSpec.groovy → ...ermissionsAuthorizationManagerSpec.groovy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ import spock.lang.Specification

import javax.servlet.http.HttpServletRequest

class WildcardAuthorizationManagerSpec extends Specification {
class PermissionsAuthorizationManagerSpec extends Specification {

WildcardAuthorizationManager manager = new WildcardAuthorizationManager()
PermissionsAuthorizationManager manager = new PermissionsAuthorizationManager()

void "test mapToPermission crud"() {
expect:
Expand Down