I have a User class and I want to authorize access such that only a user gets to see what he is entitled to.
This was easily achievable using Spring Security in conjunction with Spring Data Rest where in JPA Repository I did below -
public interface UserRepository extends JPARepository<User,Integer> {
@PreAuthorize("hasRole('LOGGED_IN') and principal.user.id == #id")
User findOne(@Param("id") Integer id);
}
In this way, a user when visits to Spring Data REST scaffolded URLs like -
/users/{id}
/users/{id}/userPosts
Only those logged in with {id} get to see these and everyone else gets 401 like I would have wanted.
My problem is that I have one of Projections which is a public view of each user and I am crating it using Spring Data Rest projections as below which I want to be accessible for every {id}
@Projection(name = "details", types = User.class)
public interface UserDetailsProjection {
..
}
So, /users/{id1}?projection=details
as well as /users/{id2}?projection=details
should give 200 OK and show data even though user is logged in by {id1}
I began implementing this by marking projection with @PreAuthorize("permitAll") but that won't work since Repository has harder security check. Can we have this functionality where for a projection we can relax security ?
I am using latest Spring Data Rest and Spring Security distributions
Seems reasonable to add a custom controller for this use-case.
Please also consider:
@Value
annotationsUser
entity into two different entities (profile, account) since they seem to have different access and possibly even operationsResourceProcessor<UserSummaryProjection>
to evaluate access programmatically and replace resource content (projection) with a DTOExample of evaluating access in projections with @Value
annotations:
@Projection(types = User.class, name = "summary")
public interface UserSummaryProjection {
@Value("#{@userSecurity.canReadEmail(target) ? target.email: null}")
String getEmail();
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With