Skip to content

Instantly share code, notes, and snippets.

View baso53's full-sized avatar
🎃

Sebastijan Grabar baso53

🎃
6 followers · 0 following
  • Croatia
View GitHub Profile
@baso53
baso53 / app-controller-domain-level.java
Created November 14, 2021 13:15
@RestController
@RequestMapping("/app")
@RequiredArgsConstructor
public class AppController {
private final CompanyJpaRepository companyRepo;
private final SubsidiaryJpaRepository subsidiaryRepo;
@GetMapping(path = "/company/{id}")
@PreAuthorize("hasAuthority('COMPANY:' + #id + ':READ')")
@baso53
baso53 / jwt-auth-converter-domain-level.java
Last active November 14, 2021 12:57
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(jwtAuthenticationConverter());
@baso53
baso53 / add-domain-granted-authority.java
Created November 14, 2021 12:51
@RequiredArgsConstructor
public class DomainGrantedAuthority implements GrantedAuthority {
private final EntityType entityType;
private final Long entityId;
private final Permission permission;
@Override
public String getAuthority() {
return entityType +
@baso53
baso53 / jwt-with-domain-level-claims.json
Last active November 15, 2021 19:42
{
"custom_claims": [
"COMPANY:1:READ",
"COMPANY:1:WRITE",
"COMPANY:2:READ",
"SUBSIDIARY:125:READ"
],
"iss": "https://securetoken.google.com/fir-auth-springsecurity",
"aud": "fir-auth-springsecurity",
"auth_time": 1636893816,
@baso53
baso53 / curl-user-claims-domain-level.sh
Created November 14, 2021 12:42
curl --location --request POST 'http://localhost:8080/admin/user-claims/WsD5H21KFKYyCOTIbkOwjXLQRsu1' \
--header 'Content-Type: application/json' \
--data-raw '{
"COMPANY": {
"1": [
"READ",
"WRITE"
],
"2": [
"READ"
@baso53
baso53 / controller-domain-level-security.java
Created November 14, 2021 12:39
@RestController
@RequestMapping("/admin")
@RequiredArgsConstructor
public class AdminController {
private final UserManagementService userManagementService;
@Secured("ROLE_ANONYMOUS")
@PostMapping(path = "/user-claims/{uid}")
public void setUserClaims(
@baso53
baso53 / generated-claims-domain-object-level.json
Created November 14, 2021 12:32
[
"COMPANY:1:READ",
"COMPANY:1:WRITE",
"COMPANY:2:READ",
"SUBSIDIARY:125:READ"
]
@baso53
baso53 / user-claims-domain-object.json
Created November 14, 2021 12:30
{
"COMPANY": {
"1": [
"READ",
"WRITE"
],
"2": [
"READ"
]
},
@baso53
baso53 / user-management-service-add-domain-level.java
Created November 14, 2021 12:24
@Service
@RequiredArgsConstructor
public class UserManagementService {
private final FirebaseAuth firebaseAuth;
public void setTokenClaims(String uid, Map<EntityType, Map<Long, Set<Permission>>> requestedPermissions) throws FirebaseAuthException {
var claims = toUserClaims(requestedPermissions);
firebaseAuth.setCustomUserClaims(uid, claims);
@baso53
baso53 / add-entity-type.java
Created November 14, 2021 12:19
public enum EntityType {
COMPANY,
SUBSIDIARY
}