From 1119ff6114c52a5ff0aef19ca324f48d854b6907 Mon Sep 17 00:00:00 2001
From: rnzit <32677893+rnzit@users.noreply.github.com>
Date: Wed, 30 Sep 2020 20:36:35 +0700
Subject: [PATCH] preauthorize

add preauthorize example
---
 .gitignore                                    |  6 ++++
 .../rest/AdminProtectedRestController.java    |  7 ++++
 .../zerhusen/rest/PersonRestController.java   |  9 +++++-
 src/main/resources/static/index.html          |  2 ++
 src/main/resources/static/js/client.js        | 32 +++++++++++++++++++
 5 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 75f7efb9..dd07e64c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -63,3 +63,9 @@ buildNumber.properties
 
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*
+.classpath
+.project
+.settings/org.eclipse.core.resources.prefs
+.settings/org.eclipse.jdt.core.prefs
+.settings/org.eclipse.m2e.core.prefs
+.settings/org.springframework.ide.eclipse.prefs
diff --git a/src/main/java/org/zerhusen/rest/AdminProtectedRestController.java b/src/main/java/org/zerhusen/rest/AdminProtectedRestController.java
index 6f40f583..c3a1f8e4 100644
--- a/src/main/java/org/zerhusen/rest/AdminProtectedRestController.java
+++ b/src/main/java/org/zerhusen/rest/AdminProtectedRestController.java
@@ -1,6 +1,7 @@
 package org.zerhusen.rest;
 
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -13,6 +14,12 @@ public class AdminProtectedRestController {
    public ResponseEntity<HiddenMessage> getAdminProtectedGreeting() {
       return ResponseEntity.ok(new HiddenMessage("this is a hidden message!"));
    }
+   
+   @GetMapping("/preauthorize")
+   @PreAuthorize("hasAuthority('ROLE_ADMIN')")
+   public ResponseEntity<HiddenMessage> getAdminProtectedGreetingPreauthorize() {
+      return ResponseEntity.ok(new HiddenMessage("this is a preauthorize hidden message!"));
+   }
 
    private static class HiddenMessage {
 
diff --git a/src/main/java/org/zerhusen/rest/PersonRestController.java b/src/main/java/org/zerhusen/rest/PersonRestController.java
index ac1882e5..904fba04 100644
--- a/src/main/java/org/zerhusen/rest/PersonRestController.java
+++ b/src/main/java/org/zerhusen/rest/PersonRestController.java
@@ -1,6 +1,7 @@
 package org.zerhusen.rest;
 
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -13,7 +14,13 @@ public class PersonRestController {
    public ResponseEntity<Person> getPerson() {
       return ResponseEntity.ok(new Person("John Doe", "john.doe@test.org"));
    }
-
+   
+   @GetMapping("/person-preauthorize")
+   @PreAuthorize("hasAuthority('ROLE_USER')")
+   public ResponseEntity<Person> getPersonExample() {
+      return ResponseEntity.ok(new Person("John Snow", "john.snow@test.org"));
+   }
+   
    private static class Person {
 
       private final String name;
diff --git a/src/main/resources/static/index.html b/src/main/resources/static/index.html
index 84ea6f94..d95797e3 100644
--- a/src/main/resources/static/index.html
+++ b/src/main/resources/static/index.html
@@ -77,7 +77,9 @@ <h3 class="panel-title">Authenticated user</h3>
       <div class="col-md-6">
          <div class="btn-group" role="group" aria-label="..." style="margin-bottom: 16px;">
             <button type="button" class="btn btn-default" id="exampleServiceBtn">call example service</button>
+            <button type="button" class="btn btn-default" id="examplePreAuthorizeServiceBtn">call preauthorize example service</button>
             <button type="button" class="btn btn-default" id="adminServiceBtn">call admin protected service</button>
+            <button type="button" class="btn btn-default" id="adminPreAuthorizeServiceBtn">call preauthorize admin protected service</button>
          </div>
          <div class="panel panel-default">
             <div class="panel-heading">
diff --git a/src/main/resources/static/js/client.js b/src/main/resources/static/js/client.js
index 7476a930..33f36870 100644
--- a/src/main/resources/static/js/client.js
+++ b/src/main/resources/static/js/client.js
@@ -150,6 +150,22 @@ $(function () {
       });
    });
 
+   $("#examplePreAuthorizeServiceBtn").click(function () {
+      $.ajax({
+         url: "/api/person-preauthorize",
+         type: "GET",
+         contentType: "application/json; charset=utf-8",
+         dataType: "json",
+         headers: createAuthorizationTokenHeader(),
+         success: function (data, textStatus, jqXHR) {
+            showResponse(jqXHR.status, JSON.stringify(data));
+         },
+         error: function (jqXHR, textStatus, errorThrown) {
+            showResponse(jqXHR.status, jqXHR.responseJSON.message)
+         }
+      });
+   });
+
    $("#adminServiceBtn").click(function () {
       $.ajax({
          url: "/api/hiddenmessage",
@@ -166,6 +182,22 @@ $(function () {
       });
    });
 
+   $("#adminPreAuthorizeServiceBtn").click(function () {
+      $.ajax({
+         url: "/api/preauthorize",
+         type: "GET",
+         contentType: "application/json; charset=utf-8",
+         dataType: "json",
+         headers: createAuthorizationTokenHeader(),
+         success: function (data, textStatus, jqXHR) {
+            showResponse(jqXHR.status, data);
+         },
+         error: function (jqXHR, textStatus, errorThrown) {
+            showResponse(jqXHR.status, jqXHR.responseJSON.message)
+         }
+      });
+   });
+
    $loggedIn.click(function () {
       $loggedIn
          .toggleClass("text-hidden")