Skip to content

Latest commit

 

History

History
78 lines (56 loc) · 2.91 KB

README.md

File metadata and controls

78 lines (56 loc) · 2.91 KB

spring-data-entity-security

Extension to Spring Data to add security filters to repositories

  • ✨ Adds security conditions to all standard JPA methods from JpaRepository and JpaSpecificationExecutor

  • ✨ Also adds conditions to QuerydslPredicateExecutor if querydsl is enabled for the repository

  • ✨ Injects security conditions into queries generated from user-specific methods in JpaRepository (like findBySomeField)

  • 🚧 Find-by-example is not implemented (will throw UnsupportedOperationException)

  • 🚧 Compound IDs will not work for all operations

  • ⚠️ Only methods of JPA repository are affected. Thus, any code working with JPA EntityManager will not be affected.

  • ⚠️ Also, any links from one entity to another (@OneToOne, @ManyToOne, @OneToMany, @ManyToMany) are not affected. The code will receive entities without security filtering using such link methods.

Examples and test-cases:

Installation

Important: version 2.5.0+ of spring-data-jpa is required (due to changes in JpaRepositoryFactory).

Gradle

Add the JitPack repository to your build.gradle:

repositories {
    maven {
        url = uri("https://jitpack.io")
    }
}

Add package as a dependency:

dependencies {
    implementation group: 'com.github.vlsergey', name: 'spring-data-entity-security', version: '0.4.0'
}

Maven

Add the JitPack repository to your build file:

    <repositories>
        <repository>
            <id>jitpack.io</id>
            <url>https://jitpack.io</url>
        </repository>
    </repositories>

Step 2. Add the dependency

    <dependency>
        <groupId>com.github.vlsergey</groupId>
        <artifactId>spring-data-entity-security</artifactId>
        <version>0.4.0</version>
    </dependency>

Usage

Add repositoryFactoryBeanClass parameter to your @EnableJpaRepositories annotation:

@EnableJpaRepositories(value = "com.mycompany.data",
    repositoryFactoryBeanClass = com.github.vlsergey.springdata.entitysecurity.SecuredJpaRepositoryFactoryBean.class)

For each repository you want to enforce entity security implement SecurityMixin (that describes details of how to build security constrains for each domain entity) and add @SecuredWith annotation to repository interface.

If querydsl is used implement SecurityMixinWithQuerydsl instead of SecurityMixin for such repository.