Sebastijan Grabar baso53

## WebSecurityConfigurationPart1.java
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .anyRequest()
                .authenticated();

        http.oauth2ResourceServer()

## jwt-with-domain-level-claims.json
{
  "custom_claims": [
    "COMPANY:1:READ",
    "COMPANY:1:WRITE",
    "COMPANY:2:READ",
    "SUBSIDIARY:125:READ"
  ],
  "iss": "https://securetoken.google.com/fir-auth-springsecurity",
  "aud": "fir-auth-springsecurity",
  "auth_time": 1636893816,

## add-data.sql
INSERT INTO COMPANY(ID, NAME, TYPE) VALUES(1, 'Imaginary Solutions', 'LLC');
INSERT INTO COMPANY(ID, NAME, TYPE) VALUES(2, 'Green Innovations', 'LLC');

INSERT INTO SUBSIDIARY(ID, NAME, CITY, COMPANY_ID) VALUES(1, 'Imaginary Solutions California', 'Palo Alto', 1);
INSERT INTO SUBSIDIARY(ID, NAME, CITY, COMPANY_ID) VALUES(2, 'Imaginary Solutions Texas', 'Austin', 1);
INSERT INTO SUBSIDIARY(ID, NAME, CITY, COMPANY_ID) VALUES(3, 'Green Innovations Canada', 'Quebec', 2);

## app-controller-domain-level.java
@RestController
@RequestMapping("/app")
@RequiredArgsConstructor
public class AppController {

    private final CompanyJpaRepository companyRepo;
    private final SubsidiaryJpaRepository subsidiaryRepo;

    @GetMapping(path = "/company/{id}")
    @PreAuthorize("hasAuthority('COMPANY:' + #id  + ':READ')")

## jwt-auth-converter-domain-level.java
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();

        http.oauth2ResourceServer()
                .jwt()
                .jwtAuthenticationConverter(jwtAuthenticationConverter());

## add-domain-granted-authority.java
@RequiredArgsConstructor
public class DomainGrantedAuthority implements GrantedAuthority {

    private final EntityType entityType;
    private final Long entityId;
    private final Permission permission;

    @Override
    public String getAuthority() {
        return entityType +

## curl-user-claims-domain-level.sh
curl --location --request POST 'http://localhost:8080/admin/user-claims/WsD5H21KFKYyCOTIbkOwjXLQRsu1' \
--header 'Content-Type: application/json' \
--data-raw '{
    "COMPANY": {
        "1": [
            "READ",
            "WRITE"
        ],
        "2": [
            "READ"

## controller-domain-level-security.java
@RestController
@RequestMapping("/admin")
@RequiredArgsConstructor
public class AdminController {

    private final UserManagementService userManagementService;

    @Secured("ROLE_ANONYMOUS")
    @PostMapping(path = "/user-claims/{uid}")
    public void setUserClaims(

## generated-claims-domain-object-level.json
[
  "COMPANY:1:READ",
  "COMPANY:1:WRITE",
  "COMPANY:2:READ",
  "SUBSIDIARY:125:READ"
]

## user-claims-domain-object.json
{
    "COMPANY": {
        "1": [
            "READ",
            "WRITE"
        ],
        "2": [
            "READ"
        ]
    },
	@Configuration
	public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

	@Override
	protected void configure(HttpSecurity http) throws Exception {
	http.authorizeRequests()
	.anyRequest()
	.authenticated();

	http.oauth2ResourceServer()
	{
	"custom_claims": [
	"COMPANY:1:READ",
	"COMPANY:1:WRITE",
	"COMPANY:2:READ",
	"SUBSIDIARY:125:READ"
	],
	"iss": "https://securetoken.google.com/fir-auth-springsecurity",
	"aud": "fir-auth-springsecurity",
	"auth_time": 1636893816,
	INSERT INTO COMPANY(ID, NAME, TYPE) VALUES(1, 'Imaginary Solutions', 'LLC');
	INSERT INTO COMPANY(ID, NAME, TYPE) VALUES(2, 'Green Innovations', 'LLC');

	INSERT INTO SUBSIDIARY(ID, NAME, CITY, COMPANY_ID) VALUES(1, 'Imaginary Solutions California', 'Palo Alto', 1);
	INSERT INTO SUBSIDIARY(ID, NAME, CITY, COMPANY_ID) VALUES(2, 'Imaginary Solutions Texas', 'Austin', 1);
	INSERT INTO SUBSIDIARY(ID, NAME, CITY, COMPANY_ID) VALUES(3, 'Green Innovations Canada', 'Quebec', 2);
	@RestController
	@RequestMapping("/app")
	@RequiredArgsConstructor
	public class AppController {

	private final CompanyJpaRepository companyRepo;
	private final SubsidiaryJpaRepository subsidiaryRepo;

	@GetMapping(path = "/company/{id}")
	@PreAuthorize("hasAuthority('COMPANY:' + #id + ':READ')")
	@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
	public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

	@Override
	protected void configure(HttpSecurity http) throws Exception {
	http.csrf().disable();

	http.oauth2ResourceServer()
	.jwt()
	.jwtAuthenticationConverter(jwtAuthenticationConverter());
	@RequiredArgsConstructor
	public class DomainGrantedAuthority implements GrantedAuthority {

	private final EntityType entityType;
	private final Long entityId;
	private final Permission permission;

	@Override
	public String getAuthority() {
	return entityType +
	curl --location --request POST 'http://localhost:8080/admin/user-claims/WsD5H21KFKYyCOTIbkOwjXLQRsu1' \
	--header 'Content-Type: application/json' \
	--data-raw '{
	"COMPANY": {
	"1": [
	"READ",
	"WRITE"
	],
	"2": [
	"READ"
	@RestController
	@RequestMapping("/admin")
	@RequiredArgsConstructor
	public class AdminController {

	private final UserManagementService userManagementService;

	@Secured("ROLE_ANONYMOUS")
	@PostMapping(path = "/user-claims/{uid}")
	public void setUserClaims(