Spring: SpEL evalúa el argumento de la entidad como referencia nula en @PreAuthorize ("hasPermission")
Tengo el problema de que SpEL está evaluando el argumento de la entidad como referencia nula en el segundo método de este repositorio. Este primer método funciona bien y la identificación se evalúa correctamente en Long como debería ser.
@NoRepositoryBean
public interface SecuredPagingAndSortingRepository<T extends AuditedEntity, ID extends Serializable>
extends PagingAndSortingRepository<T, ID> {
@Override
@RestResource(exported = false)
@PreAuthorize("hasPermission(#id, null, 'owner')")
void delete(ID id);
@Override
@PreAuthorize("hasPermission(#entity, 'owner')")
void delete(T entity);
}
Este es mi PermissionEvaluator personalizado:
@Slf4j
@Component
public class CustomPermissionEvaluator implements PermissionEvaluator {
private final PermissionResolverFactory permissionResolverFactory;
@Autowired
public CustomPermissionEvaluator(PermissionResolverFactory permissionResolverFactory) {
this.permissionResolverFactory = permissionResolverFactory;
}
@Override
public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
Assert.notNull(userDetails, "User details cannot be null");
Assert.notNull(targetDomainObject, "Target object cannot be null");
log.debug("Permmission: " + permission + " check on: " + targetDomainObject + " for user: " + userDetails.getUsername());
PermissionType permissionType = PermissionType.valueOf(((String) permission).toUpperCase());
return permissionResolverFactory.getPermissionResolver(permissionType).resolve(targetDomainObject.getClass(), authentication, (AuditedEntity) targetDomainObject);
}
@Override
public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) {
// TODO
return false;
}
}
Esta prueba no pasa porque se afirma que el objeto de destino no puede ser nulo en CustomPermissionEvaluator.
@RunWith(SpringRunner.class)
@SpringBootTest
@Transactional
@ContextConfiguration(classes = SqapApiApplication.class)
public class PermissionsIT {
@Autowired
private TestGroupRepository testGroupRepository;
@Autowired
private UserRepository userRepository;
UserEntity user;
@Before
public void before() {
user = new UserEntity("user", "password1", true, Sets.newHashSet(RoleType.ROLE_USER));
user = userRepository.save(user);
}
@Test
@WithMockUser(username="user")
public void shouldDeleteWhenIsOwner() throws Exception {
TestGroupEntity testGroupEntity = new TestGroupEntity("testGroup", "testdesc", Sets.newHashSet(new AbxTestEntity(1, "abx", "desc", null)));
user.addTestGroup(testGroupEntity);
user = userRepository.save(user);
TestGroupEntity createdEntity = testGroupRepository.findAll().iterator().next();
testGroupRepository.delete(createdEntity);
}
}