| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 |
- [[data]]
- = Spring Data Integration
- Spring Security provides Spring Data integration that allows referring to the current user within your queries.
- It is not only useful but necessary to include the user in the queries to support paged results, since filtering the results afterwards would not scale.
- [[data-configuration]]
- == Spring Data & Spring Security Configuration
- To use this support, add the `org.springframework.security:spring-security-data` dependency and provide a bean of type `SecurityEvaluationContextExtension`.
- In Java configuration, this would look like:
- ====
- [source,java]
- ----
- @Bean
- public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
- return new SecurityEvaluationContextExtension();
- }
- ----
- ====
- In XML Configuration, this would look like:
- ====
- [source,xml]
- ----
- <bean class="org.springframework.security.data.repository.query.SecurityEvaluationContextExtension"/>
- ----
- ====
- [[data-query]]
- == Security Expressions within @Query
- Now you can use Spring Security within your queries:
- ====
- [source,java]
- ----
- @Repository
- public interface MessageRepository extends PagingAndSortingRepository<Message,Long> {
- @Query("select m from Message m where m.to.id = ?#{ principal?.id }")
- Page<Message> findInbox(Pageable pageable);
- }
- ----
- ====
- This checks to see if the `Authentication.getPrincipal().getId()` is equal to the recipient of the `Message`.
- Note that this example assumes you have customized the principal to be an `Object` that has an `id` property.
- By exposing the `SecurityEvaluationContextExtension` bean, all of the xref:servlet/authorization/expression-based.adoc#common-expressions[Common Security Expressions] are available within the query.
|
