i using latest spring security 4 version , introduces new feature use logged in user details directly in query method using expression language. here spring data repository code:
public interface userrepository extends jparepository<user, long> { @query("select username user u u.username = ?#{ principal?.username }") user findbyusername(string username); } in above code, have entity user below: @entity @table(name = "users")
public class user { @id @column(name = "username", nullable = false, unique = true) private string username; @column(name = "password", nullable = false) @notnull private string password; @column(name = "enabled", nullable = false) @notnull private boolean enabled; @column(name = "role", nullable = false) @enumerated(enumtype.string) private role role; //getters , setters also have entry enabling feature:
@bean public securityevaluationcontextextension securityevaluationcontextextension() { return new securityevaluationcontextextension(); } when run application, error:
caused by: org.springframework.dao.invaliddataaccessapiusageexception: authentication object cannot null; nested exception java.lang.illegalargumentexception: authentication object cannot null @ org.springframework.orm.jpa.entitymanagerfactoryutils.convertjpaaccessexceptionifpossible(entitymanagerfactoryutils.java:381) @ org.springframework.orm.jpa.vendor.hibernatejpadialect.translateexceptionifpossible(hibernatejpadialect.java:223) @ org.springframework.orm.jpa.abstractentitymanagerfactorybean.translateexceptionifpossible(abstractentitymanagerfactorybean.java:417) caused by: java.lang.illegalargumentexception: authentication object cannot null @ org.springframework.security.access.expression.securityexpressionroot.<init>(securityexpressionroot.java:46) @ org.springframework.security.data.repository.query.securityevaluationcontextextension$1.<init>(securityevaluationcontextextension.java:113) @ org.springframework.security.data.repository.query.securityevaluationcontextextension.getrootobject(securityevaluationcontextextension.java:113) @ org.springframework.data.repository.query.extensionawareevaluationcontextprovider$evaluationcontextextensionadapter.<init>(extensionawareevaluationcontextprovider.java:463) @ org.springframework.data.repository.query.extensionawareevaluationcontextprovider.toadapters(extensionawareevaluationcontextprovider.java:210) @ org.springframework.data.repository.query.extensionawareevaluationcontextprovider.access$000(extensionawareevaluationcontextprovider.java:58) what issue. here posting check if there issue in using query method. can use principal.username, correct?
update: when removed @query repository works fine. means problem new spring security 4 using principal.username. there wrong in expression?
@query("select username user u u.username = ?#{ principal?.username }")
pls try custom class :-
class securityevaluationcontextextension extends evaluationcontextextensionsupport { @override public string getextensionid() { return "security"; } @override public securityexpressionroot getrootobject() { authentication authentication = securitycontextholder.getcontext().getauthentication(); return new securityexpressionroot(authentication){}; } } 
Comments
Post a Comment