发表新帖
发表新帖

Spring Data Rest: Security based projection

后端 未结
关注
3 1806
日久生厌
日久生厌 2020-12-04 11:46

I am using the current version of Spring Data Rest and Spring Data JPA and have following entity:

public class User {
    @Id
    @GeneratedValue
    private
相关标签:
3条回答
  • 猫巷女王i
    2020-12-04 12:14

    No, Spring Data REST projections don't support this.

    0 讨论(0)
  • 北海茫月
    2020-12-04 12:18

    You can also do it using a RegexRequestMatcher in your Spring Security config like this:

    .regexMatchers(HttpMethod.GET,"/user/.*projection=simple.*").hasRole("ROLE_ADMIN")
    0 讨论(0)
  • -上瘾入骨i
    2020-12-04 12:26

    You can add a "virtual" value property into the projection that invoke a service method with security checks:

    @Projection(name = "detailed", types = User.class)
public interface UserDetailProjection extends UserSimpleProjection{

    @Value("#{@userService.checkAccess(target)? target.email : null}")
    public String getEmail();
}

    Where your custom UserService component would return true if email should be exposed or simply has @PreAuthorize on checkAccess(..) to throw an AccessDeniedException whatever is better for you.

    Note, the target property in the SpEL holds the original object - provided by Spring-DATA.

    0 讨论(0)
 看不清?
提交回复
热议问题