Class SecurityEvaluationContextExtension
java.lang.Object
org.springframework.security.data.repository.query.SecurityEvaluationContextExtension
- All Implemented Interfaces:
org.springframework.data.spel.spi.EvaluationContextExtension
,org.springframework.data.spel.spi.ExtensionIdAware
public class SecurityEvaluationContextExtension
extends Object
implements org.springframework.data.spel.spi.EvaluationContextExtension
By defining this object as a Bean, Spring Security is exposed as SpEL expressions for creating Spring Data queries.
With Java based configuration, we can define the bean using the following:
For example, if you return a UserDetails that extends the following User object:
@Entity public class User { @GeneratedValue(strategy = GenerationType.AUTO) @Id private Long id; ... }
And you have a Message object that looks like the following:
@Entity public class Message { @Id @GeneratedValue(strategy = GenerationType.AUTO) private Long id; @OneToOne private User to; ... }You can use the following
Query
annotation to search for only messages that are
to the current user:
@Repository public interface SecurityMessageRepository extends MessageRepository { @Query("select m from Message m where m.to.id = ?#{ principal?.id }") List<Message> findAll(); }This works because the principal in this instance is a User which has an id field on it.
- Since:
- 4.0
-
Constructor Summary
ConstructorDescriptionCreates a new instance that uses the currentAuthentication
found on theSecurityContextHolder
.SecurityEvaluationContextExtension
(Authentication authentication) Creates a new instance that always uses the sameAuthentication
object. -
Method Summary
Modifier and TypeMethodDescriptionvoid
setDefaultRolePrefix
(String defaultRolePrefix) Sets the default prefix to be added toSecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
.void
setPermissionEvaluator
(PermissionEvaluator permissionEvaluator) Sets thePermissionEvaluator
to be used.void
setRoleHierarchy
(RoleHierarchy roleHierarchy) Sets theRoleHierarchy
to be used.void
setSecurityContextHolderStrategy
(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use.void
setTrustResolver
(AuthenticationTrustResolver trustResolver) Sets theAuthenticationTrustResolver
to be used.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.springframework.data.spel.spi.EvaluationContextExtension
getFunctions, getProperties
-
Constructor Details
-
SecurityEvaluationContextExtension
public SecurityEvaluationContextExtension()Creates a new instance that uses the currentAuthentication
found on theSecurityContextHolder
. -
SecurityEvaluationContextExtension
Creates a new instance that always uses the sameAuthentication
object.- Parameters:
authentication
- theAuthentication
to use
-
-
Method Details
-
getExtensionId
- Specified by:
getExtensionId
in interfaceorg.springframework.data.spel.spi.ExtensionIdAware
-
getRootObject
- Specified by:
getRootObject
in interfaceorg.springframework.data.spel.spi.EvaluationContextExtension
-
setSecurityContextHolderStrategy
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) Sets theSecurityContextHolderStrategy
to use. The default action is to use theSecurityContextHolderStrategy
stored inSecurityContextHolder
.- Since:
- 5.8
-
setTrustResolver
Sets theAuthenticationTrustResolver
to be used. Default isAuthenticationTrustResolverImpl
. Cannot be null.- Parameters:
trustResolver
- theAuthenticationTrustResolver
to use- Since:
- 5.8
-
setRoleHierarchy
Sets theRoleHierarchy
to be used. Default isNullRoleHierarchy
. Cannot be null.- Parameters:
roleHierarchy
- theRoleHierarchy
to use- Since:
- 5.8
-
setPermissionEvaluator
Sets thePermissionEvaluator
to be used. Default isDenyAllPermissionEvaluator
. Cannot be null.- Parameters:
permissionEvaluator
- thePermissionEvaluator
to use- Since:
- 5.8
-
setDefaultRolePrefix
Sets the default prefix to be added toSecurityExpressionRoot.hasAnyRole(String...)
orSecurityExpressionRoot.hasRole(String)
. For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).- Parameters:
defaultRolePrefix
- the default prefix to add to roles. The default is "ROLE_".- Since:
- 5.8
-