Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Working with GlobalMethodSecurity #98

Open
ankit-test-repo opened this issue Jun 18, 2018 · 5 comments
Open

Working with GlobalMethodSecurity #98

ankit-test-repo opened this issue Jun 18, 2018 · 5 comments
Labels
question
Milestone
1.2.0

Comments

@ankit-test-repo
Copy link

Hi , i am trying to configure my application to work with
http://www.baeldung.com/spring-security-method-security

I was just wondering if i can do something like
security.securedEnabled = true
in the application.properties file to get this working with your CAS library
@ankit-test-repo
Copy link
Author

ankit-test-repo commented Jun 19, 2018
edited
Loading 

import com.kakawait.spring.boot.security.cas.CasSecurityConfigurerAdapter;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, proxyTargetClass = true)
public class SecurityConfiguration extends CasSecurityConfigurerAdapter {

}

Adding that class solved it for me.

However i am now noticing that my spring security context does not have any roles (apart from ROLE_USER) in the granted authorities for my session. Any idea what i am doing wrong?

EDIT:

Okay. so it turns out i will have to get them roles from the Active directory. I am currently working to get that sorted. Will post it here once sorted. Any help to speed up the process is however appreciated.

@ankit-test-repo
Copy link
Author 

@Override
    protected UserDetails loadUserDetails(Assertion assertion) {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        List<GrantedAuthority> grantedAuthorities = getRoles(assertion.getPrincipal().getName());
/*        final List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_USER"));*/


        return new User(assertion.getPrincipal().getName(),"[PROTECTED]", true, true, true, true, grantedAuthorities);
    }

Okay this is a very weird one. I have worked out to get the Roles from ldap and my method "getRoles()" is fetching the correct roles. Now the problem is that my @secured annotation is not working for any of the roles that i am getting back.

However if i manually add ROLE_USER to the list and then grant ROLE_USER access to the request mapping it works. But it only works for the ROLE_USER

I have checked my session on tomcat and my SPRING_SECURITY_CONTEXT attribute shows all the added roles in the list of Granted Authorities.

@ankit-test-repo
Copy link
Author

Okay got it all to work. Turns out the application relies on ROLE_USER to be there to access all controllers

@kakawait
Copy link
Owner

Which version are you using? Latest 0.8.0 or you build the 1.0.0-SNAPSHOT?

@ankit-test-repo
Copy link
Author

Using 0.8.0. Sorry for a late reply.

@kakawait kakawait added this to the 1.1.0 milestone Sep 4, 2019
@kakawait kakawait modified the milestones: 1.1.0, 1.2.0 Oct 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
1.2.0
Development

No branches or pull requests
2 participants
@kakawait @ankit-test-repo