|
|
@@ -7,10 +7,11 @@ It is not only useful but necessary to include the user in the queries to suppor
|
|
|
[[data-configuration]]
|
|
|
== Spring Data & Spring Security Configuration
|
|
|
|
|
|
-To use this support, add `org.springframework.security:spring-security-data` dependency and provide a bean of type `SecurityEvaluationContextExtension`.
|
|
|
-In Java Configuration, this would look like:
|
|
|
+To use this support, add `org.springframework.security:spring-security-data` dependency and provide a bean of type `SecurityEvaluationContextExtension`:
|
|
|
|
|
|
-[source,java]
|
|
|
+====
|
|
|
+.Java
|
|
|
+[source,java,role="primary"]
|
|
|
----
|
|
|
@Bean
|
|
|
public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
|
|
|
@@ -18,6 +19,16 @@ public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
|
|
|
}
|
|
|
----
|
|
|
|
|
|
+.Kotlin
|
|
|
+[source,kotlin,role="secondary"]
|
|
|
+----
|
|
|
+@Bean
|
|
|
+fun securityEvaluationContextExtension(): SecurityEvaluationContextExtension {
|
|
|
+ return SecurityEvaluationContextExtension()
|
|
|
+}
|
|
|
+----
|
|
|
+====
|
|
|
+
|
|
|
In XML Configuration, this would look like:
|
|
|
|
|
|
[source,xml]
|
|
|
@@ -31,7 +42,9 @@ In XML Configuration, this would look like:
|
|
|
Now Spring Security can be used within your queries.
|
|
|
For example:
|
|
|
|
|
|
-[source,java]
|
|
|
+====
|
|
|
+.Java
|
|
|
+[source,java,role="primary"]
|
|
|
----
|
|
|
@Repository
|
|
|
public interface MessageRepository extends PagingAndSortingRepository<Message,Long> {
|
|
|
@@ -40,6 +53,17 @@ public interface MessageRepository extends PagingAndSortingRepository<Message,Lo
|
|
|
}
|
|
|
----
|
|
|
|
|
|
+.Kotlin
|
|
|
+[source,kotlin,role="secondary"]
|
|
|
+----
|
|
|
+@Repository
|
|
|
+interface MessageRepository : PagingAndSortingRepository<Message,Long> {
|
|
|
+ @Query("select m from Message m where m.to.id = ?#{ principal?.id }")
|
|
|
+ fun findInbox(pageable: Pageable): Page<Message>
|
|
|
+}
|
|
|
+----
|
|
|
+====
|
|
|
+
|
|
|
This checks to see if the `Authentication.getPrincipal().getId()` is equal to the recipient of the `Message`.
|
|
|
Note that this example assumes you have customized the principal to be an Object that has an id property.
|
|
|
By exposing the `SecurityEvaluationContextExtension` bean, all of the xref:servlet/authorization/expression-based.adoc#common-expressions[Common Security Expressions] are available within the Query.
|
Talerngpong Virojwutikul