Class SecurityEvaluationContextExtension
- java.lang.Object
-
- org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
-
- All Implemented Interfaces:
org.springframework.data.spel.spi.EvaluationContextExtension
,org.springframework.data.spel.spi.ExtensionIdAware
public class SecurityEvaluationContextExtension extends java.lang.Object implements org.springframework.data.spel.spi.EvaluationContextExtension
By defining this object as a Bean, Spring Security is exposed as SpEL expressions for creating Spring Data queries.
With Java based configuration, we can define the bean using the following:
For example, if you return a UserDetails that extends the following User object:
@Entity public class User { @GeneratedValue(strategy = GenerationType.AUTO) @Id private Long id; ... }
And you have a Message object that looks like the following:
@Entity public class Message { @Id @GeneratedValue(strategy = GenerationType.AUTO) private Long id; @OneToOne private User to; ... }
You can use the followingQuery
annotation to search for only messages that are to the current user:@Repository public interface SecurityMessageRepository extends MessageRepository { @Query("select m from Message m where m.to.id = ?#{ principal?.id }") List<Message> findAll(); }
This works because the principal in this instance is a User which has an id field on it.- Since:
- 4.0
-
-
Constructor Summary
Constructors Constructor Description SecurityEvaluationContextExtension()
Creates a new instance that uses the currentAuthentication
found on theSecurityContextHolder
.SecurityEvaluationContextExtension(Authentication authentication)
Creates a new instance that always uses the sameAuthentication
object.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.String
getExtensionId()
SecurityExpressionRoot
getRootObject()
-
-
-
Constructor Detail
-
SecurityEvaluationContextExtension
public SecurityEvaluationContextExtension()
Creates a new instance that uses the currentAuthentication
found on theSecurityContextHolder
.
-
SecurityEvaluationContextExtension
public SecurityEvaluationContextExtension(Authentication authentication)
Creates a new instance that always uses the sameAuthentication
object.- Parameters:
authentication
- theAuthentication
to use
-
-
Method Detail
-
getExtensionId
public java.lang.String getExtensionId()
- Specified by:
getExtensionId
in interfaceorg.springframework.data.spel.spi.ExtensionIdAware
-
getRootObject
public SecurityExpressionRoot getRootObject()
- Specified by:
getRootObject
in interfaceorg.springframework.data.spel.spi.EvaluationContextExtension
-
-