This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@RestController | |
@RequestMapping("/app") | |
@RequiredArgsConstructor | |
public class AppController { | |
private final CompanyJpaRepository companyRepo; | |
private final SubsidiaryJpaRepository subsidiaryRepo; | |
@GetMapping(path = "/company/{id}") | |
@PreAuthorize("hasAuthority('COMPANY:' + #id + ':READ')") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) | |
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { | |
@Override | |
protected void configure(HttpSecurity http) throws Exception { | |
http.csrf().disable(); | |
http.oauth2ResourceServer() | |
.jwt() | |
.jwtAuthenticationConverter(jwtAuthenticationConverter()); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"custom_claims": [ | |
"COMPANY:1:READ", | |
"COMPANY:1:WRITE", | |
"COMPANY:2:READ", | |
"SUBSIDIARY:125:READ" | |
], | |
"iss": "https://securetoken.google.com/fir-auth-springsecurity", | |
"aud": "fir-auth-springsecurity", | |
"auth_time": 1636893816, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl --location --request POST 'http://localhost:8080/admin/user-claims/WsD5H21KFKYyCOTIbkOwjXLQRsu1' \ | |
--header 'Content-Type: application/json' \ | |
--data-raw '{ | |
"COMPANY": { | |
"1": [ | |
"READ", | |
"WRITE" | |
], | |
"2": [ | |
"READ" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@RestController | |
@RequestMapping("/admin") | |
@RequiredArgsConstructor | |
public class AdminController { | |
private final UserManagementService userManagementService; | |
@Secured("ROLE_ANONYMOUS") | |
@PostMapping(path = "/user-claims/{uid}") | |
public void setUserClaims( |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
"COMPANY:1:READ", | |
"COMPANY:1:WRITE", | |
"COMPANY:2:READ", | |
"SUBSIDIARY:125:READ" | |
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"COMPANY": { | |
"1": [ | |
"READ", | |
"WRITE" | |
], | |
"2": [ | |
"READ" | |
] | |
}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@Service | |
@RequiredArgsConstructor | |
public class UserManagementService { | |
private final FirebaseAuth firebaseAuth; | |
public void setTokenClaims(String uid, Map<EntityType, Map<Long, Set<Permission>>> requestedPermissions) throws FirebaseAuthException { | |
var claims = toUserClaims(requestedPermissions); | |
firebaseAuth.setCustomUserClaims(uid, claims); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public enum EntityType { | |
COMPANY, | |
SUBSIDIARY | |
} |
NewerOlder