@RequestMapping(method = PUT) public void initScenario() { log.info("Initializing scenario.."); // clean-up users, roles and permissions userRepo.deleteAll(); roleRepo.deleteAll(); permissionRepo.deleteAll(); // define permissions final Permission p1 = new Permission(); p1.setName("VIEW_ALL_USERS"); permissionRepo.save(p1); final Permission p2 = new Permission(); p2.setName("DO_SOMETHING"); permissionRepo.save(p2); // define roles final Role roleAdmin = new Role(); roleAdmin.setName("ADMIN"); roleAdmin.getPermissions().add(p1); roleRepo.save(roleAdmin); // define user final User user = new User(); user.setActive(true); user.setCreated(System.currentTimeMillis()); user.setEmail("*****@*****.**"); user.setName("Paulo Pires"); user.setPassword(passwordService.encryptPassword("123qwe")); user.getRoles().add(roleAdmin); userRepo.save(user); log.info("Scenario initiated."); }
@RequestMapping(value = "do_something", method = GET) @RequiresAuthentication @RequiresRoles("DO_SOMETHING") public List<User> dontHavePermission() { return userRepo.findAll(); }
@RequestMapping(method = GET) @RequiresAuthentication @RequiresRoles("ADMIN") public List<User> getAll() { return userRepo.findAll(); }