spring-security/docs/modules/ROOT/pages/servlet/integrations/data.adoc

[[data]]
= Spring Data Integration

Spring Security provides Spring Data integration that allows referring to the current user within your queries.
It is not only useful but necessary to include the user in the queries to support paged results since filtering the results afterwards would not scale.

[[data-configuration]]
== Spring Data & Spring Security Configuration

To use this support, add `org.springframework.security:spring-security-data` dependency and provide a bean of type `SecurityEvaluationContextExtension`:

[tabs]
======
Java::
+
[source,java,role="primary"]
----
@Bean
public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
	return new SecurityEvaluationContextExtension();
}
----

Kotlin::
+
[source,kotlin,role="secondary"]
----
@Bean
fun securityEvaluationContextExtension(): SecurityEvaluationContextExtension {
	return SecurityEvaluationContextExtension()
}
----
======

In XML Configuration, this would look like:

[source,xml]
----
<bean class="org.springframework.security.data.repository.query.SecurityEvaluationContextExtension"/>
----

[[data-query]]
== Security Expressions within @Query

Now you can use Spring Security within your queries:

[tabs]
======
Java::
+
[source,java,role="primary"]
----
@Repository
public interface MessageRepository extends PagingAndSortingRepository<Message,Long> {
	@Query("select m from Message m where m.to.id = ?#{ principal?.id }")
	Page<Message> findInbox(Pageable pageable);
}
----

Kotlin::
+
[source,kotlin,role="secondary"]
----
@Repository
interface MessageRepository : PagingAndSortingRepository<Message,Long> {
	@Query("select m from Message m where m.to.id = ?#{ principal?.id }")
	fun findInbox(pageable: Pageable): Page<Message>
}
----
======

This checks to see if the `Authentication.getPrincipal().getId()` is equal to the recipient of the `Message`.
Note that this example assumes you have customized the principal to be an Object that has an id property.
By exposing the `SecurityEvaluationContextExtension` bean, all of the xref:servlet/authorization/method-security.adoc#authorization-expressions[Common Security Expressions] are available within the Query.
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00			`[[data]]`
			`= Spring Data Integration`

			`Spring Security provides Spring Data integration that allows referring to the current user within your queries.`
add Kotlin examples for Spring Data Integration of servlet application 2022-02-14 23:15:27 +07:00			`It is not only useful but necessary to include the user in the queries to support paged results since filtering the results afterwards would not scale.`
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00
			`[[data-configuration]]`
			`== Spring Data & Spring Security Configuration`

add Kotlin examples for Spring Data Integration of servlet application 2022-02-14 23:15:27 +07:00			To use this support, add `org.springframework.security:spring-security-data` dependency and provide a bean of type `SecurityEvaluationContextExtension`:
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00
Convert to Asciidoctor Tabs Closes gh-13403 2023-06-18 21:30:41 -05:00			`[tabs]`
			`======`
			`Java::`
			`+`
add Kotlin examples for Spring Data Integration of servlet application 2022-02-14 23:15:27 +07:00			`[source,java,role="primary"]`
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00			`----`
			`@Bean`
			`public SecurityEvaluationContextExtension securityEvaluationContextExtension() {`
			`return new SecurityEvaluationContextExtension();`
			`}`
			`----`
add Kotlin examples for Spring Data Integration of servlet application 2022-02-14 23:15:27 +07:00
Convert to Asciidoctor Tabs Closes gh-13403 2023-06-18 21:30:41 -05:00			`Kotlin::`
			`+`
add Kotlin examples for Spring Data Integration of servlet application 2022-02-14 23:15:27 +07:00			`[source,kotlin,role="secondary"]`
			`----`
			`@Bean`
			`fun securityEvaluationContextExtension(): SecurityEvaluationContextExtension {`
			`return SecurityEvaluationContextExtension()`
			`}`
			`----`
Convert to Asciidoctor Tabs Closes gh-13403 2023-06-18 21:30:41 -05:00			`======`
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00
			`In XML Configuration, this would look like:`

			`[source,xml]`
			`----`
			`<bean class="org.springframework.security.data.repository.query.SecurityEvaluationContextExtension"/>`
			`----`

			`[[data-query]]`
			`== Security Expressions within @Query`

Editing pass I went through everything to get it to fit with Spring's docuemntation standard. Lots of small changes for punctuation, grammar, usage, voice, and so on. Also added some links, mostly to the API Javadoc. 2021-04-21 16:01:26 -05:00			`Now you can use Spring Security within your queries:`
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00
Convert to Asciidoctor Tabs Closes gh-13403 2023-06-18 21:30:41 -05:00			`[tabs]`
			`======`
			`Java::`
			`+`
add Kotlin examples for Spring Data Integration of servlet application 2022-02-14 23:15:27 +07:00			`[source,java,role="primary"]`
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00			`----`
			`@Repository`
			`public interface MessageRepository extends PagingAndSortingRepository<Message,Long> {`
			`@Query("select m from Message m where m.to.id = ?#{ principal?.id }")`
			`Page<Message> findInbox(Pageable pageable);`
			`}`
			`----`
add Kotlin examples for Spring Data Integration of servlet application 2022-02-14 23:15:27 +07:00
Convert to Asciidoctor Tabs Closes gh-13403 2023-06-18 21:30:41 -05:00			`Kotlin::`
			`+`
add Kotlin examples for Spring Data Integration of servlet application 2022-02-14 23:15:27 +07:00			`[source,kotlin,role="secondary"]`
			`----`
			`@Repository`
			`interface MessageRepository : PagingAndSortingRepository<Message,Long> {`
			`@Query("select m from Message m where m.to.id = ?#{ principal?.id }")`
			`fun findInbox(pageable: Pageable): Page<Message>`
			`}`
			`----`
Convert to Asciidoctor Tabs Closes gh-13403 2023-06-18 21:30:41 -05:00			`======`
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00
			This checks to see if the `Authentication.getPrincipal().getId()` is equal to the recipient of the `Message`.
add Kotlin examples for Spring Data Integration of servlet application 2022-02-14 23:15:27 +07:00			`Note that this example assumes you have customized the principal to be an Object that has an id property.`
Update SpEL Documentation Closes gh-12974 2023-05-11 13:56:58 -06:00			By exposing the `SecurityEvaluationContextExtension` bean, all of the xref:servlet/authorization/method-security.adoc#authorization-expressions[Common Security Expressions] are available within the Query.