Add fine graned role and permission for user management (#1670)

Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2024-02-29 12:01:35 +02:00
committed by GitHub
parent a0db5ff70e
commit 57450bf31b
6 changed files with 28 additions and 198 deletions

View File

@@ -78,7 +78,7 @@ public class InMemoryUserManagementAutoConfiguration extends GlobalAuthenticatio
tenantAwareUserProperties.getUsers().forEach((username, user) -> {
final TenantAwareUser userPrincipal = new TenantAwareUser(
username, password(user.getPassword(), passwordEncoder),
createAuthorities(user.getRoles(), Collections::emptyList),
createAuthorities(user.getRoles(), user.getPermissions(), Collections::emptyList),
ObjectUtils.isEmpty(user.getTenant()) ? DEFAULT_TENANT : user.getTenant());
userPrincipals.add(userPrincipal);
});
@@ -91,7 +91,8 @@ public class InMemoryUserManagementAutoConfiguration extends GlobalAuthenticatio
securityProperties.getUser().getName(),
password(securityProperties.getUser().getPassword(), passwordEncoder),
createAuthorities(
securityProperties.getUser().getRoles(), PermissionUtils::createAllAuthorityList),
securityProperties.getUser().getRoles(), Collections.emptyList(),
PermissionUtils::createAllAuthorityList),
DEFAULT_TENANT));
} else if (securityProperties != null && securityProperties.getUser() != null &&
!securityProperties.getUser().isPasswordGenerated()) {
@@ -102,7 +103,8 @@ public class InMemoryUserManagementAutoConfiguration extends GlobalAuthenticatio
securityProperties.getUser().getName(),
password(securityProperties.getUser().getPassword(), passwordEncoder),
createAuthorities(
securityProperties.getUser().getRoles(), PermissionUtils::createAllAuthorityList)));
securityProperties.getUser().getRoles(), Collections.emptyList(),
PermissionUtils::createAllAuthorityList)));
}
return new FixedInMemoryTenantAwareUserDetailsService(userPrincipals);
@@ -114,21 +116,27 @@ public class InMemoryUserManagementAutoConfiguration extends GlobalAuthenticatio
}
private static List<GrantedAuthority> createAuthorities(
final List<String> userPermissions, final Supplier<List<GrantedAuthority>> defaultRolesSupplier) {
if (ObjectUtils.isEmpty(userPermissions)) {
final List<String> userRoles, final List<String> userPermissions,
final Supplier<List<GrantedAuthority>> defaultRolesSupplier) {
if (ObjectUtils.isEmpty(userRoles) && ObjectUtils.isEmpty(userPermissions)) {
return defaultRolesSupplier.get();
}
final List<GrantedAuthority> grantedAuthorityList = new ArrayList<>();
if (userRoles != null) {
for (final String role : userRoles) {
grantedAuthorityList.add(new SimpleGrantedAuthority("ROLE_" + role));
}
}
// Allows ALL as a shorthand for all permissions
if (userPermissions.size() == 1 && "ALL".equals(userPermissions.get(0))) {
return PermissionUtils.createAllAuthorityList();
grantedAuthorityList.addAll(PermissionUtils.createAllAuthorityList());
} else {
for (final String permission : userPermissions) {
grantedAuthorityList.add(new SimpleGrantedAuthority(permission));
}
}
final List<GrantedAuthority> grantedAuthorityList = new ArrayList<>(userPermissions.size());
for (final String permission : userPermissions) {
grantedAuthorityList.add(new SimpleGrantedAuthority(permission));
grantedAuthorityList.add(new SimpleGrantedAuthority("ROLE_" + permission));
}
return grantedAuthorityList;
}

View File

@@ -35,6 +35,7 @@ public class TenantAwareUserProperties {
@ToString.Exclude
private String password;
private List<String> roles = new ArrayList<>();
private List<String> permissions = new ArrayList<>();
private String tenant;
}
}