1
I am developing an application using Spring Boot and Spring Data JPA that will work similarly to a blog.
In this application there are three different types of user and each user will belong to different groups. I need to make the user see only the data corresponding to him or a group he is part of.
Is there any way to implement filters in Spring Boot that act on every request and apply these filters in the database query?
For example, the user in group 5 tried to see the posts belonging to that group, automatically a filter is applied that returns the posts directed to that group.
Grateful for the help!
This is very difficult to define based only on your question, probably implement a Spring filter or Interceptor for this is a shot in the foot and I tell you some causes: 1) You would have to standardize the way to perform queries (using only Criteria for example) for the filter always treat in the same way 2) The first definition behind problems of portability of solutions 3) Filters will act for all requests, so it is not possible to filter all data using an admin, you will have to implement these exceptions in the filter
– nullptr
I suggest using a repositories and entity-based tactic (such as @Filter of JPA), but using Jpaspecificationexecutor, this way for the entity you can provide a
Specification
including the condition you always want– nullptr
Mauricio, I don’t know if there’s gonna be authentication in your project. If yes, a base implementation you can find here for this security part, https://www.baeldung.com/role-and-privilege-for-spring-security-registration. After that, a suggestion is you create a Criteria yourself (as nullptr commented) with the data/group of the user who made the request.
– Calixto