Examples of org.springframework.security.data.repository.query.SecurityEvaluationContextExtension

• org.springframework.security.data.repository.query.SecurityEvaluationContextExtension

  By defining this object as a Bean, Spring Security is exposed as SpEL expressions for creating Spring Data queries.

  With Java based configuration, we can define the bean using the following:

  For example, if you return a UserDetails that extends the following User object:

  @Entity public class User {
  @GeneratedValue(strategy = GenerationType.AUTO)
  @Id private Long id; ... 

  And you have a Message object that looks like the following:

  @Entity public class Message {
  @Id
  @GeneratedValue(strategy = GenerationType.AUTO)private Long id;
  @OneToOne private User to; ... 

  You can use the following {@code Query} annotation to search for only messages that are to the current user:

  @Repository public interface SecurityMessageRepository extends MessageRepository { "select m from Message m where m.to.id = ?#{ principal?.id }") List findAll(); } 

  This works because the principal in this instance is a User which has an id field on it. @since 4.0 @author Rob Winch

@EnableJpaRepositories
public class DataConfig {

    @Bean
    public SecurityEvaluationContextExtension expressionEvaluationContextProvider() {
        return new SecurityEvaluationContextExtension();
    }

                .passwordEncoder(new BCryptPasswordEncoder());
    }

    @Bean
    public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
        return new SecurityEvaluationContextExtension();
    }