1 ano atrás · 9700368ca3
--- a/servlet/spring-boot/java/data/README.adoc
+++ b/servlet/spring-boot/java/data/README.adoc
@@ -48,4 +48,6 @@ However, with `rob`, you'll also see `firstName` and `lastName` like so:
 
				         }
			
 
				     }
			
 
				   ...
			
 
				-```
			
 
				+```
			
 
				+
			
 
				+Read more about the https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html#authorize-object[`@AuthorizeReturnObject`] and https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html#fallback-values-authorization-denied[]`@DeniedHandler`] in the Spring Security Reference.
			
--- a/servlet/spring-boot/java/data/src/main/java/example/DataApplication.java
+++ b/servlet/spring-boot/java/data/src/main/java/example/DataApplication.java
@@ -21,11 +21,8 @@ import org.springframework.boot.SpringApplication;
 
				 import org.springframework.boot.autoconfigure.SpringBootApplication;
			
 
				 import org.springframework.context.annotation.Bean;
			
 
				 import org.springframework.context.annotation.Role;
			
 
				-import org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory;
			
 
				-import org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor;
			
 
				-import org.springframework.security.authorization.method.PrePostTemplateDefaults;
			
 
				-import org.springframework.security.config.Customizer;
			
 
				 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
			
 
				+import org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults;
			
 
				 import org.springframework.security.core.userdetails.User;
			
 
				 import org.springframework.security.core.userdetails.UserDetailsService;
			
 
				 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
			
@@ -36,14 +33,8 @@ public class DataApplication {
 
				 
			
 
				 	@Bean
			
 
				 	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
			
 
				-	static Customizer<AuthorizationAdvisorProxyFactory> skipValueTypes() {
			
 
				-		return (f) -> f.setTargetVisitor(TargetVisitor.defaultsSkipValueTypes());
			
 
				-	}
			
 
				-
			
 
				-	@Bean
			
 
				-	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
			
 
				-	static PrePostTemplateDefaults templateDefaults() {
			
 
				-		return new PrePostTemplateDefaults();
			
 
				+	static AnnotationTemplateExpressionDefaults templateDefaults() {
			
 
				+		return new AnnotationTemplateExpressionDefaults();
			
 
				 	}
			
 
				 
			
 
				 	@Bean
			
--- a/servlet/spring-boot/java/data/src/main/java/example/Message.java
+++ b/servlet/spring-boot/java/data/src/main/java/example/Message.java
@@ -29,7 +29,6 @@ import org.springframework.security.authorization.method.AuthorizeReturnObject;
 
				 
			
 
				 @Entity
			
 
				 @JsonSerialize(as = Message.class)
			
 
				-@AuthorizeReturnObject
			
 
				 public class Message {
			
 
				 
			
 
				 	@Id
			
@@ -45,6 +44,7 @@ public class Message {
 
				 	@ManyToOne
			
 
				 	private User to;
			
 
				 
			
 
				+	@AuthorizeReturnObject
			
 
				 	public User getTo() {
			
 
				 		return this.to;
			
 
				 	}
			
--- a/servlet/spring-boot/java/data/src/main/java/example/User.java
+++ b/servlet/spring-boot/java/data/src/main/java/example/User.java
@@ -27,7 +27,7 @@ import jakarta.persistence.Id;
 
				  * @author Rob Winch
			
 
				  */
			
 
				 @Entity(name = "users")
			
 
				-@JsonSerialize(as = User.class, contentUsing = JsonSerializer.class)
			
 
				+@JsonSerialize(as = User.class)
			
 
				 public class User {
			
 
				 
			
 
				 	@Id