Witam, staram się przefiltrować zbior tak by oczyscil z obiektow domenowych te do ktorych uzytkownik nie ma uprwnien ACL.
Niestety nie nastepuje zadna filtracja.
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<context:component-scan base-package="pl.benq.enrollment.controller" />
<context:component-scan base-package="pl.benq.enrollment.utils.validation" />
<mvc:annotation-driven />
<bean id="viewResolver"
class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
<bean id="messageSource"
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="classpath:message.properties" />
</bean>
<mvc:resources location="/WEB-INF/css/" mapping="/css/**" />
<mvc:resources location="/WEB-INF/js/" mapping="/js/**" />
<mvc:view-controller path="/login.html" view-name="login/login-form" />
<security:global-method-security pre-post-annotations="enabled">
<security:expression-handler ref="expressionHandler"/>
</security:global-method-security>
</beans>
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:p="http://www.springframework.org/schema/p" xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<bean id="aclCache"
class="org.springframework.security.acls.domain.EhCacheBasedAclCache">
<constructor-arg>
<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
</property>
<property name="cacheName" value="aclCache" />
</bean>
</constructor-arg>
<constructor-arg>
<bean
class="org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy">
<constructor-arg ref="auditLogger" />
</bean>
</constructor-arg>
<constructor-arg ref="authStrategy" />
</bean>
<bean id="authStrategy"
class="org.springframework.security.acls.domain.AclAuthorizationStrategyImpl">
<constructor-arg>
<list>
<ref bean="adminRole" />
<ref bean="adminRole" />
<ref bean="adminRole" />
</list>
</constructor-arg>
</bean>
<bean id="adminRole"
class="org.springframework.security.core.authority.SimpleGrantedAuthority">
<constructor-arg value="admin" />
</bean>
<bean id="auditLogger"
class="org.springframework.security.acls.domain.ConsoleAuditLogger" />
<bean id="lookupStrategy"
class="org.springframework.security.acls.jdbc.BasicLookupStrategy">
<constructor-arg ref="dataSource" />
<constructor-arg ref="aclCache" />
<constructor-arg ref="authStrategy" />
<constructor-arg ref="auditLogger" />
</bean>
<bean id="aclService"
class="org.springframework.security.acls.jdbc.JdbcMutableAclService">
<constructor-arg ref="dataSource" />
<constructor-arg ref="lookupStrategy" />
<constructor-arg ref="aclCache" />
<property name="classIdentityQuery"
value="select currval(pg_get_serial_sequence('acl_class', 'id'))" />
<property name="sidIdentityQuery"
value="select currval(pg_get_serial_sequence('acl_sid', 'id'))" />
</bean>
<bean id="permissionEvaluator"
class="org.springframework.security.acls.AclPermissionEvaluator">
<constructor-arg ref="aclService" />
</bean>
<!-- Supports authorization based on expressions -->
<bean id="expressionHandler"
class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
<property name="permissionEvaluator" ref="permissionEvaluator" />
<property name="permissionCacheOptimizer">
<bean class="org.springframework.security.acls.AclPermissionCacheOptimizer">
<constructor-arg ref="aclService" />
</bean>
</property>
</bean>
</beans>
@Override
@PostFilter("hasPermission(filterObject,'read')")
public Set<Enrollment> getEnrollments(){
Set<Enrollment> enr = enrollmentRepository.findAll().stream().collect(Collectors.toSet());
return enr;
// Set<Enrollment> permEnr = new HashSet<Enrollment>();
// for(Enrollment e:enr)
// if(evaluator.hasPermission(SecurityContextHolder.getContext().getAuthentication(), e, "READ"))
// permEnr.add(e);
// return permEnr;
}
Jezeli wykonuje zakomentwany kod to wszystko dziala jak nalezy wiec pewnie problem lezy gdziesz w proxy?
@Edit Problemem bylo nie dopatrzenie a mianowicie <global ...> byl w servlet-context a metoda w serwisach.