0

I have typical Spring Security domain class layout (Person, Authority and join table PersonAuthority). I made following query, but I don't know how to build properly criteria for fetching persons that have only specific authorities (last 'if' block).

public static def query(Map params=[:]){
    def criteria = Person.createCriteria();
    def rows = criteria.list(max:params.max,offset:params.offset){
    order(params.column?:"id",params.order?:"asc")
        if(params.id){
            idEq (params.id as Long);
        }        
        if(params.username){
            ilike "username","%"+params.username+"%"    
        }
        if(params.email){
            ilike "email","%"+params.email+"%"
        }
        if(params.accountLocked){
            eq "accountLocked",Boolean.valueOf(params.accountLocked)
        }
        if(params.enabled){
            eq "enabled",Boolean.valueOf(params.enabled)
        }
        if(params.passwordExpired){
            eq "passwordExpired",Boolean.valueOf(params.passwordExpired)
        }
        if(params.authorities){
            inList "authority",params.authorities;
        }
    }
    return rows;
}

For this query I get org.hibernate.QueryException: could not resolve property: authority

Krzysztof Atłasik
  • 21,985
  • 6
  • 54
  • 76

1 Answers1

1

If you haven't modified anything form the default Spring Security options and classes, then I suppose you don't have an authority or authorities fields.

However, you should have a method in your Person class called getAuthorities() that returns a set of Authorities

GalmWing
  • 731
  • 1
  • 7
  • 14
  • I want to filter person by authorities. If I want to use 'getAuthorities()' I need to invoke it on every 'Person' in result set, for example: def list = ['ROLE_SOME','ROLE_OTHER']; def res = query(); def filteredRes = res.find{list.contains(it.authorities)}; Is this only way to do this? – Krzysztof Atłasik Oct 09 '12 at 07:33
  • You can use `person.authorities` directly, but you cant use `authorities` alone, it won't work on a criteria or any other search for that matter, since that field is added dynamically by SpringSecurity (through the `getAuthorities()` method) – GalmWing Oct 10 '12 at 01:49