From b0d331f2ddea55aad2a6bb22095a02ba04e53d0c Mon Sep 17 00:00:00 2001
From: linhvovn <tlinh2110@gmail.com>
Date: Mon, 8 Jan 2018 01:27:53 +0800
Subject: [PATCH] [BAEL-1411:tlinh2110] Add example for PostAuthorize

---
 .../methodsecurity/service/UserRoleService.java     | 12 +++++++-----
 .../baeldung/methodsecurity/TestMethodSecurity.java | 13 +++++++++++++
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/spring-security-core/src/main/java/org/baeldung/methodsecurity/service/UserRoleService.java b/spring-security-core/src/main/java/org/baeldung/methodsecurity/service/UserRoleService.java
index c980334e82..30bbdbc10f 100644
--- a/spring-security-core/src/main/java/org/baeldung/methodsecurity/service/UserRoleService.java
+++ b/spring-security-core/src/main/java/org/baeldung/methodsecurity/service/UserRoleService.java
@@ -64,11 +64,13 @@ public class UserRoleService {
     @PreAuthorize("#username == authentication.principal.username")
     public String getMyRoles(String username) {
         SecurityContext securityContext = SecurityContextHolder.getContext();
-        return securityContext
-                .getAuthentication()
-                .getAuthorities()
-                .stream()
-                .map(auth -> auth.getAuthority()).collect(Collectors.joining(","));
+        return securityContext.getAuthentication().getAuthorities().stream().map(auth -> auth.getAuthority()).collect(Collectors.joining(","));
+    }
+
+    @PostAuthorize("#username == authentication.principal.username")
+    public String getMyRoles2(String username) {
+        SecurityContext securityContext = SecurityContextHolder.getContext();
+        return securityContext.getAuthentication().getAuthorities().stream().map(auth -> auth.getAuthority()).collect(Collectors.joining(","));
     }
 
     @PostAuthorize("returnObject.username == authentication.principal.nickName")
diff --git a/spring-security-core/src/test/java/org/baeldung/methodsecurity/TestMethodSecurity.java b/spring-security-core/src/test/java/org/baeldung/methodsecurity/TestMethodSecurity.java
index bc66c0b081..2f48bce1fd 100644
--- a/spring-security-core/src/test/java/org/baeldung/methodsecurity/TestMethodSecurity.java
+++ b/spring-security-core/src/test/java/org/baeldung/methodsecurity/TestMethodSecurity.java
@@ -97,6 +97,19 @@ public class TestMethodSecurity {
     public void givenUserJane_whenCallGetMyRolesWithJane_thenAccessDenied() {
         userRoleService.getMyRoles("jane");
     }
+    
+    @Test
+    @WithMockUser(username = "john", roles = { "ADMIN", "USER", "VIEWER" })
+    public void givenUserJohn_whenCallGetMyRoles2WithJohn_thenReturnRoles() {
+        String roles = userRoleService.getMyRoles2("john");
+        assertEquals("ROLE_ADMIN,ROLE_USER,ROLE_VIEWER", roles);
+    }
+
+    @Test(expected = AccessDeniedException.class)
+    @WithMockUser(username = "john", roles = { "ADMIN", "USER", "VIEWER" })
+    public void givenUserJane_whenCallGetMyRoles2WithJane_thenAccessDenied() {
+        userRoleService.getMyRoles2("jane");
+    }
 
     @Test(expected = AccessDeniedException.class)
     @WithAnonymousUser