Skip to content

vlsergey/spring-data-entity-security

BranchesTags

Repository files navigation

spring-data-entity-security

Extension to Spring Data to add security filters to repositories

  • ✨ Adds security conditions to all standard JPA methods from JpaRepository and JpaSpecificationExecutor

  • ✨ Also adds conditions to QuerydslPredicateExecutor if querydsl is enabled for the repository

  • ✨ Injects security conditions into queries generated from user-specific methods in JpaRepository (like findBySomeField)

  • 🚧 Find-by-example is not implemented (will throw UnsupportedOperationException)

  • 🚧 Compound IDs will not work for all operations

  • ⚠️ Only methods of JPA repository are affected. Thus, any code working with JPA EntityManager will not be affected.

  • ⚠️ Also, any links from one entity to another (@OneToOne, @ManyToOne, @OneToMany, @ManyToMany) are not affected. The code will receive entities without security filtering using such link methods.

Examples and test-cases:

Installation

Important: version 2.5.0+ of spring-data-jpa is required (due to changes in JpaRepositoryFactory).

Gradle

Add the JitPack repository to your build.gradle:

repositories {
    maven {
        url = uri("https://jitpack.io")
    }
}

Add package as a dependency:

dependencies {
    implementation group: 'com.github.vlsergey', name: 'spring-data-entity-security', version: '0.4.0'
}

Maven

Add the JitPack repository to your build file:

    <repositories>
        <repository>
            <id>jitpack.io</id>
            <url>https://jitpack.io</url>
        </repository>
    </repositories>

Step 2. Add the dependency

    <dependency>
        <groupId>com.github.vlsergey</groupId>
        <artifactId>spring-data-entity-security</artifactId>
        <version>0.4.0</version>
    </dependency>

Usage

Add repositoryFactoryBeanClass parameter to your @EnableJpaRepositories annotation:

@EnableJpaRepositories(value = "com.mycompany.data",
    repositoryFactoryBeanClass = com.github.vlsergey.springdata.entitysecurity.SecuredJpaRepositoryFactoryBean.class)

For each repository you want to enforce entity security implement SecurityMixin (that describes details of how to build security constrains for each domain entity) and add @SecuredWith annotation to repository interface.

If querydsl is used implement SecurityMixinWithQuerydsl instead of SecurityMixin for such repository.

About

Extension to Spring Data to add security filters to repositories

Topics

java security spring-data spring-data-jpa

Resources

Readme

License

MIT license
Activity

Stars

12 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

17 tags

Languages