Class SecurityEvaluationContextExtension
- java.lang.Object
-
- org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
-
- All Implemented Interfaces:
org.springframework.data.spel.spi.EvaluationContextExtension
,org.springframework.data.spel.spi.ExtensionIdAware
public class SecurityEvaluationContextExtension extends java.lang.Object implements org.springframework.data.spel.spi.EvaluationContextExtension
By defining this object as a Bean, Spring Security is exposed as SpEL expressions for creating Spring Data queries.
With Java based configuration, we can define the bean using the following:
For example, if you return a UserDetails that extends the following User object:
@Entity public class User { @GeneratedValue(strategy = GenerationType.AUTO) @Id private Long id; ... }
And you have a Message object that looks like the following:
@Entity public class Message { @Id @GeneratedValue(strategy = GenerationType.AUTO) private Long id; @OneToOne private User to; ... }
You can use the followingQuery
annotation to search for only messages that are to the current user:@Repository public interface SecurityMessageRepository extends MessageRepository { @Query("select m from Message m where m.to.id = ?#{ principal?.id }") List<Message> findAll(); }
This works because the principal in this instance is a User which has an id field on it.- Since:
- 4.0
-
-
Constructor Summary
Constructors Constructor Description SecurityEvaluationContextExtension()
Creates a new instance that uses the currentAuthentication
found on theSecurityContextHolder
.SecurityEvaluationContextExtension(Authentication authentication)
Creates a new instance that always uses the sameAuthentication
object.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.String
getExtensionId()
SecurityExpressionRoot
getRootObject()
void
setDefaultRolePrefix(java.lang.String defaultRolePrefix)
Sets the default prefix to be added toSecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
.void
setPermissionEvaluator(PermissionEvaluator permissionEvaluator)
Sets thePermissionEvaluator
to be used.void
setRoleHierarchy(RoleHierarchy roleHierarchy)
Sets theRoleHierarchy
to be used.void
setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)
Sets theSecurityContextHolderStrategy
to use.void
setTrustResolver(AuthenticationTrustResolver trustResolver)
Sets theAuthenticationTrustResolver
to be used.
-
-
-
Constructor Detail
-
SecurityEvaluationContextExtension
public SecurityEvaluationContextExtension()
Creates a new instance that uses the currentAuthentication
found on theSecurityContextHolder
.
-
SecurityEvaluationContextExtension
public SecurityEvaluationContextExtension(Authentication authentication)
Creates a new instance that always uses the sameAuthentication
object.- Parameters:
authentication
- theAuthentication
to use
-
-
Method Detail
-
getExtensionId
public java.lang.String getExtensionId()
- Specified by:
getExtensionId
in interfaceorg.springframework.data.spel.spi.ExtensionIdAware
-
getRootObject
public SecurityExpressionRoot getRootObject()
- Specified by:
getRootObject
in interfaceorg.springframework.data.spel.spi.EvaluationContextExtension
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)
Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
setTrustResolver
public void setTrustResolver(AuthenticationTrustResolver trustResolver)
Sets theAuthenticationTrustResolver
to be used. Default isAuthenticationTrustResolverImpl
. Cannot be null.- Parameters:
trustResolver
- theAuthenticationTrustResolver
to use- Since:
- 5.8
-
setRoleHierarchy
public void setRoleHierarchy(RoleHierarchy roleHierarchy)
Sets theRoleHierarchy
to be used. Default isNullRoleHierarchy
. Cannot be null.- Parameters:
roleHierarchy
- theRoleHierarchy
to use- Since:
- 5.8
-
setPermissionEvaluator
public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator)
Sets thePermissionEvaluator
to be used. Default isDenyAllPermissionEvaluator
. Cannot be null.- Parameters:
permissionEvaluator
- thePermissionEvaluator
to use- Since:
- 5.8
-
setDefaultRolePrefix
public void setDefaultRolePrefix(java.lang.String defaultRolePrefix)
Sets the default prefix to be added toSecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).- Parameters:
defaultRolePrefix
- the default prefix to add to roles. The default is "ROLE_".- Since:
- 5.8
-
-