(window.webpackJsonp=window.webpackJsonp||[]).push([[273],{698:function(e,t,a){"use strict";a.r(t);var n=a(56),s=Object(n.a)({},(function(){var e=this,t=e.$createElement,a=e._self._c||t;return a("ContentSlotsDistributor",{attrs:{"slot-key":e.$parent.slotKey}},[a("h1",{attrs:{id:"spring-data-integration"}},[a("a",{staticClass:"header-anchor",attrs:{href:"#spring-data-integration"}},[e._v("#")]),e._v(" Spring Data Integration")]),e._v(" "),a("p",[e._v("Spring Security provides Spring Data integration that allows referring to the current user within your queries.\nIt is not only useful but necessary to include the user in the queries to support paged results since filtering the results afterwards would not scale.")]),e._v(" "),a("h2",{attrs:{id:"spring-data-spring-security-configuration"}},[a("a",{staticClass:"header-anchor",attrs:{href:"#spring-data-spring-security-configuration"}},[e._v("#")]),e._v(" Spring Data & Spring Security Configuration")]),e._v(" "),a("p",[e._v("To use this support, add "),a("code",[e._v("org.springframework.security:spring-security-data")]),e._v(" dependency and provide a bean of type "),a("code",[e._v("SecurityEvaluationContextExtension")]),e._v(":")]),e._v(" "),a("p",[e._v("Java")]),e._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[e._v("@Bean\npublic SecurityEvaluationContextExtension securityEvaluationContextExtension() {\n\treturn new SecurityEvaluationContextExtension();\n}\n")])])]),a("p",[e._v("Kotlin")]),e._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[e._v("@Bean\nfun securityEvaluationContextExtension(): SecurityEvaluationContextExtension {\n\treturn SecurityEvaluationContextExtension()\n}\n")])])]),a("p",[e._v("In XML Configuration, this would look like:")]),e._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[e._v('<bean class="org.springframework.security.data.repository.query.SecurityEvaluationContextExtension"/>\n')])])]),a("h2",{attrs:{id:"security-expressions-within-query"}},[a("a",{staticClass:"header-anchor",attrs:{href:"#security-expressions-within-query"}},[e._v("#")]),e._v(" Security Expressions within @Query")]),e._v(" "),a("p",[e._v("Now Spring Security can be used within your queries.\nFor example:")]),e._v(" "),a("p",[e._v("Java")]),e._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[e._v('@Repository\npublic interface MessageRepository extends PagingAndSortingRepository<Message,Long> {\n\t@Query("select m from Message m where m.to.id = ?#{ principal?.id }")\n\tPage<Message> findInbox(Pageable pageable);\n}\n')])])]),a("p",[e._v("Kotlin")]),e._v(" "),a("div",{staticClass:"language- extra-class"},[a("pre",{pre:!0,attrs:{class:"language-text"}},[a("code",[e._v('@Repository\ninterface MessageRepository : PagingAndSortingRepository<Message,Long> {\n\t@Query("select m from Message m where m.to.id = ?#{ principal?.id }")\n\tfun findInbox(pageable: Pageable): Page<Message>\n}\n')])])]),a("p",[e._v("This checks to see if the "),a("code",[e._v("Authentication.getPrincipal().getId()")]),e._v(" is equal to the recipient of the "),a("code",[e._v("Message")]),e._v(".\nNote that this example assumes you have customized the principal to be an Object that has an id property.\nBy exposing the "),a("code",[e._v("SecurityEvaluationContextExtension")]),e._v(" bean, all of the "),a("RouterLink",{attrs:{to:"/en/authorization/expression-based.html#common-expressions"}},[e._v("Common Security Expressions")]),e._v(" are available within the Query.")],1),e._v(" "),a("p",[a("RouterLink",{attrs:{to:"/en/spring-security/servlet-api.html"}},[e._v("Servlet APIs")]),a("RouterLink",{attrs:{to:"/en/spring-security/mvc.html"}},[e._v("Spring MVC")])],1)])}),[],!1,null,null,null);t.default=s.exports}}]);