spring-security/docs/modules/ROOT/pages/servlet/integrations/data.adoc

[[data]]
= Spring Data Integration

Spring Security provides Spring Data integration that allows referring to the current user within your queries.
It is not only useful but necessary to include the user in the queries to support paged results, since filtering the results afterwards would not scale.

[[data-configuration]]
== Spring Data & Spring Security Configuration

To use this support, add the `org.springframework.security:spring-security-data` dependency and provide a bean of type `SecurityEvaluationContextExtension`.
In Java configuration, this would look like:

====
[source,java]
----
@Bean
public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
	return new SecurityEvaluationContextExtension();
}
----
====

In XML Configuration, this would look like:

====
[source,xml]
----
<bean class="org.springframework.security.data.repository.query.SecurityEvaluationContextExtension"/>
----
====

[[data-query]]
== Security Expressions within @Query

Now you can use Spring Security within your queries:

====
[source,java]
----
@Repository
public interface MessageRepository extends PagingAndSortingRepository<Message,Long> {
	@Query("select m from Message m where m.to.id = ?#{ principal?.id }")
	Page<Message> findInbox(Pageable pageable);
}
----
====

This checks to see if the `Authentication.getPrincipal().getId()` is equal to the recipient of the `Message`.
Note that this example assumes you have customized the principal to be an `Object` that has an `id` property.
By exposing the `SecurityEvaluationContextExtension` bean, all of the xref:servlet/authorization/expression-based.adoc#common-expressions[Common Security Expressions] are available within the query.
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00			`[[data]]`
			`= Spring Data Integration`

			`Spring Security provides Spring Data integration that allows referring to the current user within your queries.`
Editing pass I went through everything to get it to fit with Spring's docuemntation standard. Lots of small changes for punctuation, grammar, usage, voice, and so on. Also added some links, mostly to the API Javadoc. 2021-04-21 16:01:26 -05:00			`It is not only useful but necessary to include the user in the queries to support paged results, since filtering the results afterwards would not scale.`
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00
			`[[data-configuration]]`
			`== Spring Data & Spring Security Configuration`

Editing pass I went through everything to get it to fit with Spring's docuemntation standard. Lots of small changes for punctuation, grammar, usage, voice, and so on. Also added some links, mostly to the API Javadoc. 2021-04-21 16:01:26 -05:00			To use this support, add the `org.springframework.security:spring-security-data` dependency and provide a bean of type `SecurityEvaluationContextExtension`.
			`In Java configuration, this would look like:`
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00
Editing pass I went through everything to get it to fit with Spring's docuemntation standard. Lots of small changes for punctuation, grammar, usage, voice, and so on. Also added some links, mostly to the API Javadoc. 2021-04-21 16:01:26 -05:00			`====`
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00			`[source,java]`
			`----`
			`@Bean`
			`public SecurityEvaluationContextExtension securityEvaluationContextExtension() {`
			`return new SecurityEvaluationContextExtension();`
			`}`
			`----`
Editing pass I went through everything to get it to fit with Spring's docuemntation standard. Lots of small changes for punctuation, grammar, usage, voice, and so on. Also added some links, mostly to the API Javadoc. 2021-04-21 16:01:26 -05:00			`====`
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00
			`In XML Configuration, this would look like:`

Editing pass I went through everything to get it to fit with Spring's docuemntation standard. Lots of small changes for punctuation, grammar, usage, voice, and so on. Also added some links, mostly to the API Javadoc. 2021-04-21 16:01:26 -05:00			`====`
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00			`[source,xml]`
			`----`
			`<bean class="org.springframework.security.data.repository.query.SecurityEvaluationContextExtension"/>`
			`----`
Editing pass I went through everything to get it to fit with Spring's docuemntation standard. Lots of small changes for punctuation, grammar, usage, voice, and so on. Also added some links, mostly to the API Javadoc. 2021-04-21 16:01:26 -05:00			`====`
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00
			`[[data-query]]`
			`== Security Expressions within @Query`

Editing pass I went through everything to get it to fit with Spring's docuemntation standard. Lots of small changes for punctuation, grammar, usage, voice, and so on. Also added some links, mostly to the API Javadoc. 2021-04-21 16:01:26 -05:00			`Now you can use Spring Security within your queries:`
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00
Editing pass I went through everything to get it to fit with Spring's docuemntation standard. Lots of small changes for punctuation, grammar, usage, voice, and so on. Also added some links, mostly to the API Javadoc. 2021-04-21 16:01:26 -05:00			`====`
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00			`[source,java]`
			`----`
			`@Repository`
			`public interface MessageRepository extends PagingAndSortingRepository<Message,Long> {`
			`@Query("select m from Message m where m.to.id = ?#{ principal?.id }")`
			`Page<Message> findInbox(Pageable pageable);`
			`}`
			`----`
Editing pass I went through everything to get it to fit with Spring's docuemntation standard. Lots of small changes for punctuation, grammar, usage, voice, and so on. Also added some links, mostly to the API Javadoc. 2021-04-21 16:01:26 -05:00			`====`
Port Missing Integration Docs Closes gh-10465 2021-11-10 15:38:29 -07:00
			This checks to see if the `Authentication.getPrincipal().getId()` is equal to the recipient of the `Message`.
Editing pass I went through everything to get it to fit with Spring's docuemntation standard. Lots of small changes for punctuation, grammar, usage, voice, and so on. Also added some links, mostly to the API Javadoc. 2021-04-21 16:01:26 -05:00			Note that this example assumes you have customized the principal to be an `Object` that has an `id` property.
Merge Clean up Reference Documentation Closes gh-9668 2021-12-13 16:57:36 -06:00			By exposing the `SecurityEvaluationContextExtension` bean, all of the xref:servlet/authorization/expression-based.adoc#common-expressions[Common Security Expressions] are available within the query.