Roles are working

CDOT-CV · Feb 15, 2024 · c275c0b · c275c0b
1 parent cf51ab5
commit c275c0b
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 4 deletions.
diff --git a/...ualizer-api/src/main/java/us/dot/its/jpo/ode/api/keycloak/DefaultPermissionEvaluator.java b/...ualizer-api/src/main/java/us/dot/its/jpo/ode/api/keycloak/DefaultPermissionEvaluator.java
@@ -11,14 +11,13 @@
 /**
  * Custom {@link PermissionEvaluator} for method level permission checks.
  */
-@Slf4j
 @Component
 @RequiredArgsConstructor
 class DefaultPermissionEvaluator implements PermissionEvaluator {
 
     @Override
     public boolean hasPermission(Authentication auth, Object targetDomainObject, Object permission) {
-        log.info("check permission user={} target={} permission={}", auth.getName(), targetDomainObject, permission);
+        System.out.printf("check permission user=%s target=%s permission=%s%n", auth.getName(), targetDomainObject, permission);
 
         // TODO implement sophisticated permission check here
         return true;

diff --git a/...nflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/keycloak/JwtSecurityConfig.java b/...nflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/keycloak/JwtSecurityConfig.java
@@ -68,6 +68,7 @@ KeycloakJwtAuthenticationConverter keycloakJwtAuthenticationConverter(Converter<
 
     @Bean
     Converter<Jwt, Collection<GrantedAuthority>> keycloakGrantedAuthoritiesConverter(GrantedAuthoritiesMapper authoritiesMapper) {
+        // TODO Don't hard code this
         String clientId = "conflictvisualizer-gui";
         return new KeycloakGrantedAuthoritiesConverter(clientId, authoritiesMapper);
     }

diff --git a/...ictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/keycloak/MethodSecurityConfig.java b/...ictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/keycloak/MethodSecurityConfig.java
@@ -1,6 +1,8 @@
 package us.dot.its.jpo.ode.api.keycloak;
 
 import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -17,14 +19,25 @@
  * {@link org.springframework.security.access.prepost.PostAuthorize} annotations per-method.
  */
 @Configuration
-@RequiredArgsConstructor
-@EnableMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
+@EnableMethodSecurity(prePostEnabled = true, jsr250Enabled = true) // jsr250 = @RolesAllowed
+@ConditionalOnProperty(prefix = "security",
+        name = "enabled",
+        havingValue = "true")   // Allow disabling security
 class MethodSecurityConfig {
 
+
+
     private final ApplicationContext applicationContext;
 
     private final PermissionEvaluator permissionEvaluator;
 
+    @Autowired
+    public MethodSecurityConfig(PermissionEvaluator permissionEvaluator, ApplicationContext applicationContext) {
+        this.applicationContext = applicationContext;
+        this.permissionEvaluator = permissionEvaluator;
+        System.out.println("Method-level security annotations are enabled");
+    }
+
     @Bean
     MethodSecurityExpressionHandler customMethodSecurityExpressionHandler() {