Package org.springframework.security.data.repository.query

Class SecurityEvaluationContextExtension

java.lang.Object

org.springframework.security.data.repository.query.SecurityEvaluationContextExtension

All Implemented Interfaces:

org.springframework.data.spel.spi.EvaluationContextExtension, org.springframework.data.spel.spi.ExtensionIdAware

public class SecurityEvaluationContextExtension
extends Object
implements org.springframework.data.spel.spi.EvaluationContextExtension

By defining this object as a Bean, Spring Security is exposed as SpEL expressions for creating Spring Data queries.

With Java based configuration, we can define the bean using the following:

For example, if you return a UserDetails that extends the following User object:

 @Entity
 public class User {
     @GeneratedValue(strategy = GenerationType.AUTO)
     @Id
     private Long id;

     ...
 }
 

And you have a Message object that looks like the following:

 @Entity
 public class Message {
     @Id
     @GeneratedValue(strategy = GenerationType.AUTO)
     private Long id;

     @OneToOne
     private User to;

     ...
 }
 

You can use the following Query annotation to search for only messages that are to the current user:

 @Repository
 public interface SecurityMessageRepository extends MessageRepository {

        @Query("select m from Message m where m.to.id = ?#{ principal?.id }")
        List<Message> findAll();
 }
 

This works because the principal in this instance is a User which has an id field on it.

Since:

4.0

Constructor Summary

Constructors

Constructor	Description
SecurityEvaluationContextExtension()	Creates a new instance that uses the current Authentication found on the SecurityContextHolder.
SecurityEvaluationContextExtension(Authentication authentication)	Creates a new instance that always uses the same Authentication object.

Method Summary

Modifier and Type	Method	Description
String	getExtensionId()
SecurityExpressionRoot	getRootObject()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.data.spel.spi.EvaluationContextExtension

getFunctions, getProperties

Constructor Details

SecurityEvaluationContextExtension

public SecurityEvaluationContextExtension()

Creates a new instance that uses the current Authentication found on the SecurityContextHolder.

SecurityEvaluationContextExtension

public SecurityEvaluationContextExtension(Authentication authentication)

Creates a new instance that always uses the same Authentication object.

Parameters:

authentication - the Authentication to use

Method Details

getExtensionId

public String getExtensionId()

Specified by:

getExtensionId in interface org.springframework.data.spel.spi.ExtensionIdAware

getRootObject

public SecurityExpressionRoot getRootObject()

Specified by:

getRootObject in interface org.springframework.data.spel.spi.EvaluationContextExtension