@PostFilter("somePostFilterExpression") public List<?> doSomething(List<?> param) { return param; } }
String filterObject = preFilter == null ? null : preFilter.filterTarget(); String preAuthorizeAttribute = preAuthorize == null ? null : preAuthorize.value(); String postFilterAttribute = postFilter == null ? null : postFilter.value(); String postAuthorizeAttribute = postAuthorize == null ? null : postAuthorize .value();
@PostFilter("filterObject == 'bob'") public Object[] methodReturningAnArray(Object[] someArray) { return someArray; }
String filterObject = preFilter == null ? null : preFilter.filterTarget(); String preAuthorizeAttribute = preAuthorize == null ? null : preAuthorize.value(); String postFilterAttribute = postFilter == null ? null : postFilter.value(); String postAuthorizeAttribute = postAuthorize == null ? null : postAuthorize .value();
@PostFilter(Constant.ACCESS_POST_FILTER_READ) public List<ProjectInstance> listProjects(final Integer limit, final Integer offset) { List<ProjectInstance> projects = listAllProjects(limit, offset); return projects; }
String filterObject = preFilter == null ? null : preFilter.filterTarget(); String preAuthorizeAttribute = preAuthorize == null ? null : preAuthorize.value(); String postFilterAttribute = postFilter == null ? null : postFilter.value(); String postAuthorizeAttribute = postAuthorize == null ? null : postAuthorize.value();
@PostFilter("filterObject.startsWith('a')") public List<String> postFilterMethod() { ArrayList<String> objects = new ArrayList<>(); objects.addAll(Arrays.asList(new String[] { "apple", "banana", "aubergine", "orange" })); return objects; } }
String filterObject = preFilter == null ? null : preFilter.filterTarget(); String preAuthorizeAttribute = preAuthorize == null ? null : preAuthorize.value(); String postFilterAttribute = postFilter == null ? null : postFilter.value(); String postAuthorizeAttribute = postAuthorize == null ? null : postAuthorize .value();
@PreFilter(filterTarget = "someList", value = "filterObject == authentication.name or filterObject == 'sam'") @PostFilter("filterObject == 'bob'") public List<?> methodReturningAList(List<?> someList) { return someList; }
@PreAuthorize("someExpression") @PreFilter(filterTarget = "param", value = "somePreFilterExpression") @PostFilter("somePostFilterExpression") @PostAuthorize("somePostAuthorizeExpression") public List<?> doSomething(List<?> param) { return param; } }
@PreFilter("filterObject%2==0") @PostFilter("filterObject%4==0") @RequestMapping("/test2") public List<Integer> test2(List<Integer> idList) { // ... return idList; }
/** * @return a {@link java.util.List} with all {@link org.apache.rave.model.Category}'s */ @PostFilter("hasPermission(filterObject, 'read')") List<Category> getAllList();
/** * Returns list of articles from given issue. * Articles are sorted in ascending order regarding page numbers. * Returned articles have issue set to given issue. */ @PostFilter("@pciPermissionManager.hasPermission(filterObject, read)") List<Article> findByIssue(JournalIssue issue);
/** * Gets the set of pages for the given user and context * * @since 0.22 * @param context the context for the pages ex: "portal", "profile", etc. * @param contextId the identifier of the item in the context that matches the page. * examples: * context: "person_profile", contextId: "profile owner's id" * context: "group", contextId: "group id" * context: "project", contextId: "project number" * context: "dashboard", contextId: "subject" * context: "portal", contextId: "owner's id" * * @return A non-null, possibly empty list of page for the given user. */ @PostFilter("hasPermission(filterObject, 'read')") List<Page> getPages(String context, String contextId);
/** * List image galleries. * * @param pageable the pageable * @return the page */ @Override @PostFilter("hasRole('ADMINISTRATOR') or hasPermission(filterObject, 'read')") public Page<ImageGallery> listImageGalleries(final Pageable pageable) { return imageGalleryPersistence.findAll(pageable); }
@Override @PostFilter("hasRole('ADMINISTRATOR') or hasPermission(filterObject, 'read')") public Page<ImageGallery> listImageGalleries(final String prefix, final Pageable pageable) { return imageGalleryPersistence.listByPath(prefix, pageable); } }
/** * This method loads all contacts from the database and removes those contacts from the resulting list that don't * belong to the currently authenticated user. In a real application the select query would already contain the * user id and return only those contacts that the user is allowed to see. However to demonstrate some Spring * Security capabilities, all filtering is done via the {@code PostFilter} annotation. * * @return The list of contacts for the currently authenticated user */ @PreAuthorize("hasRole('USER')") @PostFilter("filterObject.username == principal.username") List<Contact> getContacts() { return jdbcTemplate.query("SELECT * FROM contacts", (rs, rowNum) -> createContact(rs)); }
@RequestMapping("getAll") @PreAuthorize("hasRole('ROLE_USER')") @PostFilter("filterObject.enabled == true") public List<UserEntity> getAllUser(){ ArrayList<UserEntity> list = new ArrayList<>(); list.add(new UserEntity("test1","123456",true)); list.add(new UserEntity("test1","123456",false)); return list; }
/** * PreFilter/PostFilter这2个注解的作用是过滤参数/返回值的;PreFilter会按照注解参数设定,只保留符合规则的参数传给方法; * PostFilter则把方法返回值再次过滤,只保留符合规则的返回给客户端。 * 例如下面的例子,PreFilter会过滤掉客户端传递过来的参数中所有不以a开头的字符串;而PostFilter则过滤掉返回数据中所有不以b结尾的字符串。 * 执行时,客户端传递的字符串数组,只有以a开头的会被打印,并且只有以a开头并以b结尾的字符串才可以被返回给客户端; * PreFilter/PostFilter也和PreAuthorize/PostAuthorize一样必须用@EnableGlobalMethodSecurity(prePostEnabled = true打开才能用。 */ @PostMapping("/children") @PreFilter(filterTarget="list", value="filterObject.startsWith('a')") @PostFilter("filterObject.endsWith('b')") public List<String> echo(@RequestBody List<String> list){ if(log.isTraceEnabled()) { log.trace("echo ... list.size()= " + list.size()); for(String s : list) { log.trace(" " + s ); } } return list; } }
/** * @param request * @param response * @param query * @param entityTypes * @return */ @PostFilter("hasPermission(filterObject, 'VIEW')") @RequestMapping(value = "/entities.json", method = RequestMethod.GET) public Set<JsonEntityBean> doSearch( HttpServletRequest request, HttpServletResponse response, @RequestParam("q") String query, @RequestParam("entityType[]") List<String> entityTypes) { // initialize a set of entity beans Set<JsonEntityBean> results = new HashSet<JsonEntityBean>(); // search each entity type for matching entities for (String entityType : entityTypes) { Set<JsonEntityBean> entities = groupListHelper.search(entityType, query); results.addAll(entities); } return results; } }