X Tutup

// @PreAuthorize("hasRole('ROLE_SPITTER)") @PostFilter("filterObject.spitter.username == principal.name") public List getABunchOfSpittles() { ... } // // @PreAuthorize("hasRole('ROLE_SPITTER)") @PostFilter("hasPermission(filterObject, 'delete')") public List getSpittlesToDelete() { ... } // // package com.habuma.spitter.security; import java.io.Serializable; import org.springframework.security.access.PermissionEvaluator; import org.springframework.security.core.Authentication; import com.habuma.spitter.domain.Spittle; public class SpittlePermissionEvaluator implements PermissionEvaluator { public boolean hasPermission(Authentication authentication, Object target, Object permission) { if (target instanceof Spittle) { Spittle spittle = (Spittle) target; if ("delete".equals(permission)) { return spittle.getSpitter().getUsername().equals( authentication.getName()) || hasProfanity(spittle); } } throw new UnsupportedOperationException( "hasPermission not supported for object <" + target + "> and permission <" + permission + ">"); } public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) { throw new UnsupportedOperationException(); } private boolean hasProfanity(Spittle spittle) { ... return false; } } //

X Tutup