Reputation: 180
Filtering data of all query
I create a new application with Spring and Mysql (but I am relatively free to use others things) In this application, user logs on can not see all data (except user 'admin'). There is a tree of group, users are in group. An user can only see users (or others objects) of his group (or descendant group).
I try to find idea to do that "elegantly": For example, if i write: productDao.findAll(), it return all product allready filtered without having rewrite all request in all DAO.
If it does not exist, I accept all kind of idea: refactoring the database? change mysql for other database, not use JPA, other.... Or may be, I'm on the wrong way and it's a bad idea to do something like that...
Upvotes: 1
Views: 113
Answers (1)
Reputation: 48256
- Use Spring Security 4. It supports Roles and Hierarchical Roles too
- Use Spring Data JPA to create your DAOs. It integrates with Spring Security 4
Here's an example of writing a DAO using Spring Data JPA. You write the interface and SDJ creates the class for you.
public interface ProductRepository extends JpaRepository<Product, Long> {
@Query("select e from #{#entityName} e where e.owner = ?#{principal?.username}")
Page<Product> findAll(Pageable pageable);
}
In reality, you'd do this in your Base Repository and extend that.
You need to create a bean extending EvaluationContextExtensionSupport for the
?#{principal?.username} security expression to work
Upvotes: 2
Related Questions
- Global Filter with JPQL Spring
- Filter assosciated collection in JPA query
- Filter the query result only and not the entire table
- @Query annotation to filter the data
- filterd records in Spring Data JPA
- Issue to build sql query to filter data from one table
- Custom JpaRepository filter or query
- How to dynamically construct query to filter the results in Spring JPA?
- How to write a custom CrudRepository method(@Query) to filter the result in my case
- Filtering results in a JPQL query