Package org.springframework.security.data.repository.query

Class SecurityEvaluationContextExtension

java.lang.Object

org.springframework.security.data.repository.query.SecurityEvaluationContextExtension

All Implemented Interfaces:

org.springframework.data.spel.spi.EvaluationContextExtension, org.springframework.data.spel.spi.ExtensionIdAware

public class SecurityEvaluationContextExtension
extends java.lang.Object
implements org.springframework.data.spel.spi.EvaluationContextExtension

By defining this object as a Bean, Spring Security is exposed as SpEL expressions for creating Spring Data queries.

With Java based configuration, we can define the bean using the following:

For example, if you return a UserDetails that extends the following User object:

 @Entity
 public class User {
     @GeneratedValue(strategy = GenerationType.AUTO)
     @Id
     private Long id;

     ...
 }
 

And you have a Message object that looks like the following:

 @Entity
 public class Message {
     @Id
     @GeneratedValue(strategy = GenerationType.AUTO)
     private Long id;

     @OneToOne
     private User to;

     ...
 }
 

You can use the following Query annotation to search for only messages that are to the current user:

 @Repository
 public interface SecurityMessageRepository extends MessageRepository {

        @Query("select m from Message m where m.to.id = ?#{ principal?.id }")
        List<Message> findAll();
 }
 

This works because the principal in this instance is a User which has an id field on it.

Since:

4.0

Constructor Summary

Constructors

Constructor	Description
SecurityEvaluationContextExtension()	Creates a new instance that uses the current Authentication found on the SecurityContextHolder.
SecurityEvaluationContextExtension(org.springframework.security.core.Authentication authentication)	Creates a new instance that always uses the same Authentication object.

Method Summary

Modifier and Type	Method	Description
java.lang.String	getExtensionId()
org.springframework.security.access.expression.SecurityExpressionRoot	getRootObject()
void	setDefaultRolePrefix(java.lang.String defaultRolePrefix)	Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String).
void	setPermissionEvaluator(org.springframework.security.access.PermissionEvaluator permissionEvaluator)	Sets the PermissionEvaluator to be used.
void	setRoleHierarchy(org.springframework.security.access.hierarchicalroles.RoleHierarchy roleHierarchy)	Sets the RoleHierarchy to be used.
void	setSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy)	Sets the SecurityContextHolderStrategy to use.
void	setTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver trustResolver)	Sets the AuthenticationTrustResolver to be used.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.springframework.data.spel.spi.EvaluationContextExtension

getFunctions, getProperties

Constructor Detail

SecurityEvaluationContextExtension

public SecurityEvaluationContextExtension()

Creates a new instance that uses the current Authentication found on the SecurityContextHolder.

SecurityEvaluationContextExtension

public SecurityEvaluationContextExtension(org.springframework.security.core.Authentication authentication)

Creates a new instance that always uses the same Authentication object.

Parameters:

authentication - the Authentication to use

Method Detail

getExtensionId

public java.lang.String getExtensionId()

Specified by:

getExtensionId in interface org.springframework.data.spel.spi.ExtensionIdAware

getRootObject

public org.springframework.security.access.expression.SecurityExpressionRoot getRootObject()

Specified by:

getRootObject in interface org.springframework.data.spel.spi.EvaluationContextExtension

setSecurityContextHolderStrategy

public void setSecurityContextHolderStrategy(org.springframework.security.core.context.SecurityContextHolderStrategy securityContextHolderStrategy)

Sets the SecurityContextHolderStrategy to use. The default action is to use the SecurityContextHolderStrategy stored in SecurityContextHolder.

Since:

5.8

setTrustResolver

public void setTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver trustResolver)

Sets the AuthenticationTrustResolver to be used. Default is AuthenticationTrustResolverImpl. Cannot be null.

Parameters:

trustResolver - the AuthenticationTrustResolver to use

Since:

5.8

setRoleHierarchy

public void setRoleHierarchy(org.springframework.security.access.hierarchicalroles.RoleHierarchy roleHierarchy)

Sets the RoleHierarchy to be used. Default is NullRoleHierarchy. Cannot be null.

Parameters:

roleHierarchy - the RoleHierarchy to use

Since:

5.8

setPermissionEvaluator

public void setPermissionEvaluator(org.springframework.security.access.PermissionEvaluator permissionEvaluator)

Sets the PermissionEvaluator to be used. Default is DenyAllPermissionEvaluator. Cannot be null.

Parameters:

permissionEvaluator - the PermissionEvaluator to use

Since:

5.8

setDefaultRolePrefix

public void setDefaultRolePrefix(java.lang.String defaultRolePrefix)

Sets the default prefix to be added to SecurityExpressionRoot.hasAnyRole(String...) or SecurityExpressionRoot.hasRole(String). For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN") is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is "ROLE_" (default).

Parameters:

defaultRolePrefix - the default prefix to add to roles. The default is "ROLE_".

Since:

5.8