发表新帖
发表新帖

Spring Data Rest: Security based projection

后端 未结
关注
3 1812
日久生厌
日久生厌 2020-12-04 11:46

I am using the current version of Spring Data Rest and Spring Data JPA and have following entity:

public class User {
    @Id
    @GeneratedValue
    private
3条回答
  • -上瘾入骨i
    -上瘾入骨i (楼主)
    2020-12-04 12:26

    You can add a "virtual" value property into the projection that invoke a service method with security checks:

    @Projection(name = "detailed", types = User.class)
public interface UserDetailProjection extends UserSimpleProjection{

    @Value("#{@userService.checkAccess(target)? target.email : null}")
    public String getEmail();
}

    Where your custom UserService component would return true if email should be exposed or simply has @PreAuthorize on checkAccess(..) to throw an AccessDeniedException whatever is better for you.

    Note, the target property in the SpEL holds the original object - provided by Spring-DATA.

    0 讨论(0)
 看不清?
提交回复
热议问题