hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 01:54:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update to use @EnableMethodSecurity from Spring Security 6.

Browse Source
This commit is contained in:
Tim Donohue
2024-03-12 16:51:24 -05:00
parent cb72fa2e5f
commit 3f26333059
1 changed files with 15 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
dspace-server-webapp/src/main/java/org/dspace/app/rest/security/MethodSecurityConfig.java
View File

@@ -8,28 +8,31 @@
package org.dspace.app.rest.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
/**
* This EnableMethodSecurity configuration enables Spring Security annotation checks on all methods
* (e.g. @PreAuthorize, @PostAuthorize annotations, etc.)
*/
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
@EnableMethodSecurity
public class MethodSecurityConfig {
@Autowired
private PermissionEvaluator dSpacePermissionEvaluator;
@Autowired
private ApplicationContext applicationContext;
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
/**
* Tell Spring to use our custom PermissionEvaluator as part of method security.
* This allows DSpacePermissionEvaluator to be used in @PreAuthorize annotations (and similar).
* @see org.dspace.app.rest.security.DSpacePermissionEvaluator
*/
@Bean
MethodSecurityExpressionHandler methodSecurityExpressionHandler() {
DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
expressionHandler.setApplicationContext(applicationContext);
expressionHandler.setPermissionEvaluator(dSpacePermissionEvaluator);
return expressionHandler;
}