Role Permissions Spring Boot Starter

Role to Permission mapping for Spring Boot

License	License The Apache License, Version 2.0
Categories	Categories Ant Build Tools Net Security
GroupId	GroupId net.savantly.security
ArtifactId	ArtifactId spring-role-permissions
Last Version	Last Version 0.0.2.RELEASE
Release Date	Release Date Nov 14, 2020
Type	Type jar
Description	Description Role Permissions Spring Boot Starter Role to Permission mapping for Spring Boot
Project URL	Project URL https://github.com/savantly-net/spring-role-permissions
Source Code Management	Source Code Management http://github.com/savantly-net/spring-role-permissions/tree/master

Download spring-role-permissions

Filename	Size
spring-role-permissions-0.0.2.RELEASE.pom
spring-role-permissions-0.0.2.RELEASE.jar	9 KB
spring-role-permissions-0.0.2.RELEASE-sources.jar	5 KB
spring-role-permissions-0.0.2.RELEASE-javadoc.jar	420 KB
Browse

How to add to project

Apache Maven

<!-- https://jarcasting.com/artifacts/net.savantly.security/spring-role-permissions/ -->
<dependency>
    <groupId>net.savantly.security</groupId>
    <artifactId>spring-role-permissions</artifactId>
    <version>0.0.2.RELEASE</version>
</dependency>

Gradle Groovy

// https://jarcasting.com/artifacts/net.savantly.security/spring-role-permissions/
implementation 'net.savantly.security:spring-role-permissions:0.0.2.RELEASE'

Gradle Kotlin

// https://jarcasting.com/artifacts/net.savantly.security/spring-role-permissions/
implementation ("net.savantly.security:spring-role-permissions:0.0.2.RELEASE")

Apache Buildr

'net.savantly.security:spring-role-permissions:jar:0.0.2.RELEASE'

Apache Ivy

<dependency org="net.savantly.security" name="spring-role-permissions" rev="0.0.2.RELEASE">
  <artifact name="spring-role-permissions" type="jar" />
</dependency>

Groovy Grape

@Grapes(
@Grab(group='net.savantly.security', module='spring-role-permissions', version='0.0.2.RELEASE')
)

Scala SBT

libraryDependencies += "net.savantly.security" % "spring-role-permissions" % "0.0.2.RELEASE"

Leiningen

[net.savantly.security/spring-role-permissions "0.0.2.RELEASE"]

Dependencies

runtime (3)

Group / Artifact	Type	Version
org.springframework.boot : spring-boot-starter-data-jpa	jar
org.springframework.boot : spring-boot-starter-security	jar
org.springframework.boot : spring-boot-starter-oauth2-resource-server	jar

test (4)

Group / Artifact	Type	Version
org.springframework.boot : spring-boot-starter-web	jar
org.springframework.boot : spring-boot-starter-test	jar
org.springframework.security : spring-security-test	jar
com.h2database : h2	jar

Project Modules

There are no modules declared in this project.

spring-role-permissions

A Spring Boot library for easy Role to Permission relationships.

Quickstart

Include the dependency

Gradle

implementation 'net.savantly.security:spring-role-permissions:0.0.2.RELEASE'

Maven

<dependency>
  <groupId>net.savantly.security</groupId>
  <artifactId>spring-role-permissions</artifactId>
  <version>0.0.2.RELEASE</version>
</dependency>

Add the @EnableRolePermissions annotation on a Spring Configuaration class to automatically create JdbcPermissionProvider and RolePermissionsRepository beans.

Example -

@SpringBootApplication
@EnableRolePermissions
@EnableGlobalMethodSecurity(
  prePostEnabled = true, 
  securedEnabled = true, 
  jsr250Enabled = true)
public class MyApplication {
	
  @Bean
  public PermissionAwareJwtAuthenticationConverter jwtAuthenticationConverter(PermissionProvider permissionProvider) {
    return new PermissionAwareJwtAuthenticationConverter(permissionProvider);
  }

  @Bean
  public WebSecurityConfigurerAdapter webSecurity(PermissionAwareJwtAuthenticationConverter jwtAuthenticationConverter) {
		
    return new WebSecurityConfigurerAdapter() {
			
      @Override
      protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests().antMatchers("/secure/**").authenticated()
		.and().oauth2ResourceServer(oauth2ResourceServer ->
			oauth2ResourceServer
			  .jwt(jwt -> {
			    jwt.jwtAuthenticationConverter(jwtAuthenticationConverter);
			  })
	 	);
      }
    };
  }
}

Add Role to Permission mappings using the RolePermissionsRepository

@Autowired 
RolePermissionsRepository repository;

public void setup(){
  String roleName = "ROLE_ADMIN";
  List<String> permissions = new ArrayList<String>();
  permissions.add("CREATE");
  permissions.add("READ");
  permissions.add("UPDATE");
  permissions.add("DELETE");
  repository.save(new RolePermissions(roleName, permissions));
}

When an Authentication object is injected in the current security session, it will have the original roles/granted authorities.
This library provides 2 built-in integration points for Spring Security.
When the integration point is reached, the PermissionProvider is called to get the effective permissions for each role the user is a member of. The distinct list of permissions are added as GrantedAuthority items in the Authentication object.

You may also implement a custom PermissionProvider to provide a mapping of roles to permissions to Spring Security. For example, if you'd like to store your permissions in memory, or a configuration file, you just need to implement the PermissionProvider interface, and setup one of the integration methods.

Example OAuth/JWT Configuration -

The PermissionAwareJwtAuthenticationConverter can be used for OAuth/JWT integration.

@Bean
public PermissionAwareJwtAuthenticationConverter jwtAuthenticationConverter(PermissionProvider permissionProvider) {
	return new PermissionAwareJwtAuthenticationConverter(permissionProvider);
}

@Bean
public WebSecurityConfigurerAdapter webSecurity(PermissionAwareJwtAuthenticationConverter jwtAuthenticationConverter) {
	
	return new WebSecurityConfigurerAdapter() {
		
		@Override
		protected void configure(HttpSecurity http) throws Exception {
			http.authorizeRequests().antMatchers("/secure/**").authenticated()
			.and().oauth2ResourceServer(oauth2ResourceServer ->
				oauth2ResourceServer
					.jwt(jwt -> {
						jwt.jwtAuthenticationConverter(jwtAuthenticationConverter);
					})
 			);
		}
	};
}

Example UserDetailsService Wrapper

The PermissionAwareUserDetailsService can be used as a wrapper around your existing UserDetailsService -

@Bean
public WebSecurityConfigurerAdapter webSecurity(JdbcPermissionProvider permissionProvider) {
	
	return new WebSecurityConfigurerAdapter() {
		
		@Override
		protected void configure(HttpSecurity http) throws Exception {
			http.authorizeRequests().antMatchers("/secure/**").authenticated()
			.and().httpBasic();
		}
		
		@Autowired
		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
			PermissionAwareUserDetailsService permissionAwareUserDetailsService = 
					new PermissionAwareUserDetailsService(myUserDetailsService(), permissionProvider);
			auth.userDetailsService(permissionAwareUserDetailsService)
				.passwordEncoder(NoOpPasswordEncoder.getInstance());
		}
	};
}

Standard Spring Security annotations can be used the same as before - but the user's granted authorities now also contain the permissions that have been mapped.

Example using the security annotations

@PreAuthorize("hasAuthority('CREATE')")
  @RequestMapping("/create")
  public String create() {
  ...
}

Savantly

Savantly custom software solutions for your business

Versions

Version
0.0.2.RELEASE Nov 14, 2020
0.0.1.RELEASE Feb 15, 2020

Role Permissions Spring Boot Starter

License

Categories

GroupId

ArtifactId

Last Version

Release Date

Type

Description

Project URL

Source Code Management