صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
github
/
spring-security
mirrorاز https://github.com/spring-projects/spring-security
2
0
انشعاب 0
پرونده‌ها مشکلات 0 ویکی
درخت: 7198395a42
شاخه‌ها تگ‌ها
spring-security
/
docs
/
modules
/
ROOT
/
pages
/
servlet
/
integrations
/
data.adoc

data.adoc 2.1 KB
تاريخچه خام

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. [[data]]
    2. 

  2. = Spring Data Integration
    3. 

  3. 

  4. Spring Security provides Spring Data integration that allows referring to the current user within your queries.
    5. 

  5. It is not only useful but necessary to include the user in the queries to support paged results since filtering the results afterwards would not scale.
    6. 

  6. 

  7. [[data-configuration]]
    8. 

  8. == Spring Data & Spring Security Configuration
    9. 

  9. 

  10. To use this support, add `org.springframework.security:spring-security-data` dependency and provide a bean of type `SecurityEvaluationContextExtension`:
    11. 

  11. 

  12. ====
    13. 

  13. .Java
    14. 

  14. [source,java,role="primary"]
    15. 

  15. ----
    16. 

  16. @Bean
    17. 

  17. public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
    18. 

  18. 	return new SecurityEvaluationContextExtension();
    19. 

  19. }
    20. 

  20. ----
    21. 

  21. 

  22. .Kotlin
    23. 

  23. [source,kotlin,role="secondary"]
    24. 

  24. ----
    25. 

  25. @Bean
    26. 

  26. fun securityEvaluationContextExtension(): SecurityEvaluationContextExtension {
    27. 

  27. 	return SecurityEvaluationContextExtension()
    28. 

  28. }
    29. 

  29. ----
    30. 

  30. ====
    31. 

  31. 

  32. In XML Configuration, this would look like:
    33. 

  33. 

  34. ====
    35. 

  35. [source,xml]
    36. 

  36. ----
    37. 

  37. <bean class="org.springframework.security.data.repository.query.SecurityEvaluationContextExtension"/>
    38. 

  38. ----
    39. 

  39. ====
    40. 

  40. 

  41. [[data-query]]
    42. 

  42. == Security Expressions within @Query
    43. 

  43. 

  44. Now you can use Spring Security within your queries:
    45. 

  45. 

  46. ====
    47. 

  47. .Java
    48. 

  48. [source,java,role="primary"]
    49. 

  49. ----
    50. 

  50. @Repository
    51. 

  51. public interface MessageRepository extends PagingAndSortingRepository<Message,Long> {
    52. 

  52. 	@Query("select m from Message m where m.to.id = ?#{ principal?.id }")
    53. 

  53. 	Page<Message> findInbox(Pageable pageable);
    54. 

  54. }
    55. 

  55. ----
    56. 

  56. 

  57. .Kotlin
    58. 

  58. [source,kotlin,role="secondary"]
    59. 

  59. ----
    60. 

  60. @Repository
    61. 

  61. interface MessageRepository : PagingAndSortingRepository<Message,Long> {
    62. 

  62. 	@Query("select m from Message m where m.to.id = ?#{ principal?.id }")
    63. 

  63. 	fun findInbox(pageable: Pageable): Page<Message>
    64. 

  64. }
    65. 

  65. ----
    66. 

  66. ====
    67. 

  67. 

  68. This checks to see if the `Authentication.getPrincipal().getId()` is equal to the recipient of the `Message`.
    69. 

  69. Note that this example assumes you have customized the principal to be an Object that has an id property.
    70. 

  70. By exposing the `SecurityEvaluationContextExtension` bean, all of the xref:servlet/authorization/expression-based.adoc#common-expressions[Common Security Expressions] are available within the Query.
    71.