preauthorize

.gitignore

@@ -63,3 +63,9 @@ buildNumber.properties
 
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*
+.classpath
+.project
+.settings/org.eclipse.core.resources.prefs
+.settings/org.eclipse.jdt.core.prefs
+.settings/org.eclipse.m2e.core.prefs
+.settings/org.springframework.ide.eclipse.prefs

src/main/java/org/zerhusen/rest/AdminProtectedRestController.java

@@ -1,6 +1,7 @@
 package org.zerhusen.rest;
 
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -13,6 +14,12 @@ public class AdminProtectedRestController {
    public ResponseEntity<HiddenMessage> getAdminProtectedGreeting() {
       return ResponseEntity.ok(new HiddenMessage("this is a hidden message!"));
    }
+
+   @GetMapping("/preauthorize")
+   @PreAuthorize("hasAuthority('ROLE_ADMIN')")
+   public ResponseEntity<HiddenMessage> getAdminProtectedGreetingPreauthorize() {
+      return ResponseEntity.ok(new HiddenMessage("this is a preauthorize hidden message!"));
+   }
 
    private static class HiddenMessage {
 

src/main/java/org/zerhusen/rest/PersonRestController.java

@@ -1,6 +1,7 @@
 package org.zerhusen.rest;
 
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -13,7 +14,13 @@ public class PersonRestController {
    public ResponseEntity<Person> getPerson() {
       return ResponseEntity.ok(new Person("John Doe", "[email protected]"));
    }
-
+
+   @GetMapping("/person-preauthorize")
+   @PreAuthorize("hasAuthority('ROLE_USER')")
+   public ResponseEntity<Person> getPersonExample() {
+      return ResponseEntity.ok(new Person("John Snow", "[email protected]"));
+   }
+
    private static class Person {
 
       private final String name;

src/main/resources/static/index.html

@@ -77,7 +77,9 @@ <h3 class="panel-title">Authenticated user</h3>
       <div class="col-md-6">
          <div class="btn-group" role="group" aria-label="..." style="margin-bottom: 16px;">
             <button type="button" class="btn btn-default" id="exampleServiceBtn">call example service</button>
+            <button type="button" class="btn btn-default" id="examplePreAuthorizeServiceBtn">call preauthorize example service</button>
             <button type="button" class="btn btn-default" id="adminServiceBtn">call admin protected service</button>
+            <button type="button" class="btn btn-default" id="adminPreAuthorizeServiceBtn">call preauthorize admin protected service</button>
          </div>
          <div class="panel panel-default">
             <div class="panel-heading">

src/main/resources/static/js/client.js

@@ -150,6 +150,22 @@ $(function () {
       });
    });
 
+   $("#examplePreAuthorizeServiceBtn").click(function () {
+      $.ajax({
+         url: "/api/person-preauthorize",
+         type: "GET",
+         contentType: "application/json; charset=utf-8",
+         dataType: "json",
+         headers: createAuthorizationTokenHeader(),
+         success: function (data, textStatus, jqXHR) {
+            showResponse(jqXHR.status, JSON.stringify(data));
+         },
+         error: function (jqXHR, textStatus, errorThrown) {
+            showResponse(jqXHR.status, jqXHR.responseJSON.message)
+         }
+      });
+   });
+
    $("#adminServiceBtn").click(function () {
       $.ajax({
          url: "/api/hiddenmessage",
@@ -166,6 +182,22 @@ $(function () {
       });
    });
 
+   $("#adminPreAuthorizeServiceBtn").click(function () {
+      $.ajax({
+         url: "/api/preauthorize",
+         type: "GET",
+         contentType: "application/json; charset=utf-8",
+         dataType: "json",
+         headers: createAuthorizationTokenHeader(),
+         success: function (data, textStatus, jqXHR) {
+            showResponse(jqXHR.status, data);
+         },
+         error: function (jqXHR, textStatus, errorThrown) {
+            showResponse(jqXHR.status, jqXHR.responseJSON.message)
+         }
+      });
+   });
+
    $loggedIn.click(function () {
       $loggedIn
          .toggleClass("text-hidden")