Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Tree: 8e2a4bf356
Branches Tags
spring-security
/
docs
/
modules
/
ROOT
/
pages
/
features
/
integrations
/
data.adoc

data.adoc 2.2 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. [[data]]
    2. 

  2. = Spring Data Integration
    3. 

  3. 

  4. Spring Security provides Spring Data integration that allows referring to the current user within your queries.
    5. 

  5. It is not only useful but necessary to include the user in the queries to support paged results since filtering the results afterwards would not scale.
    6. 

  6. 

  7. [[data-configuration]]
    8. 

  8. == Spring Data & Spring Security Configuration
    9. 

  9. 

  10. To use this support, add `org.springframework.security:spring-security-data` dependency and provide a bean of type `SecurityEvaluationContextExtension`.
    11. 

  11. In Java Configuration, this would look like:
    12. 

  12. 

  13. [tabs]
    14. 

  14. ======
    15. 

  15. Java::
    16. 

  16. +
    17. 

  17. [source,java,role="primary"]
    18. 

  18. ----
    19. 

  19. @Bean
    20. 

  20. public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
    21. 

  21. 	return new SecurityEvaluationContextExtension();
    22. 

  22. }
    23. 

  23. ----
    24. 

  24. 

  25. Kotlin::
    26. 

  26. +
    27. 

  27. [source,kotlin,role="secondary"]
    28. 

  28. ----
    29. 

  29. @Bean
    30. 

  30. fun securityEvaluationContextExtension(): SecurityEvaluationContextExtension {
    31. 

  31.     return SecurityEvaluationContextExtension()
    32. 

  32. }
    33. 

  33. ----
    34. 

  34. ======
    35. 

  35. 

  36. In XML Configuration, this would look like:
    37. 

  37. 

  38. [source,xml]
    39. 

  39. ----
    40. 

  40. <bean class="org.springframework.security.data.repository.query.SecurityEvaluationContextExtension"/>
    41. 

  41. ----
    42. 

  42. 

  43. [[data-query]]
    44. 

  44. == Security Expressions within @Query
    45. 

  45. 

  46. Now Spring Security can be used within your queries.
    47. 

  47. For example:
    48. 

  48. 

  49. [tabs]
    50. 

  50. ======
    51. 

  51. Java::
    52. 

  52. +
    53. 

  53. [source,java,role="primary"]
    54. 

  54. ----
    55. 

  55. @Repository
    56. 

  56. public interface MessageRepository extends PagingAndSortingRepository<Message,Long> {
    57. 

  57. 	@Query("select m from Message m where m.to.id = ?#{ principal?.id }")
    58. 

  58. 	Page<Message> findInbox(Pageable pageable);
    59. 

  59. }
    60. 

  60. ----
    61. 

  61. 

  62. Kotlin::
    63. 

  63. +
    64. 

  64. [source,kotlin,role="secondary"]
    65. 

  65. ----
    66. 

  66. @Repository
    67. 

  67. interface MessageRepository : PagingAndSortingRepository<Message?, Long?> {
    68. 

  68.     @Query("select m from Message m where m.to.id = ?#{ principal?.id }")
    69. 

  69.     fun findInbox(pageable: Pageable?): Page<Message?>?
    70. 

  70. }
    71. 

  71. ----
    72. 

  72. ======
    73. 

  73. 

  74. This checks to see if the `Authentication.getPrincipal().getId()` is equal to the recipient of the `Message`.
    75. 

  75. Note that this example assumes you have customized the principal to be an Object that has an id property.
    76. 

  76. By exposing the `SecurityEvaluationContextExtension` bean, all of the xref:servlet/authorization/method-security.adoc#authorization-expressions[Common Security Expressions] are available within the Query.
    77.