Skip to content

Add ExpressionTemplateValueProvider #17448

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

mheath
Copy link

@mheath mheath commented Jul 2, 2025

Implements a simple mechanism for providing custom expression template values from enums used in expression templates.

Closes gh-17447

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jul 2, 2025
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @mheath, for the PR! It's nice to hear from you again. I've left some feedback inline.

void parseMetaSourceAnnotationWithEnumImplementingExpressionTemplateValueProvider() throws Exception {
Method method = MessageService.class.getDeclaredMethod("process");
PreAuthorize preAuthorize = this.scanner.scan(method, method.getDeclaringClass());
assertThat(preAuthorize.value()).isEqualTo("hasAnyAuthority(user.READ,user.WRITE)");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The resulting expression may not be useful since SpEL may try and interpret user as a method on the root object. I think it should be:

hasAnyAuthority('user.READ','user.WRITE')

which I believe you can achieve by placing single quotes in Permission#getExpressionTemplateValue

* }
* </pre>
*
* @since 6.5
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will you update this to 7.0 now that that's the target release?

* &#64;Override
* public String getExpressionTemplateValue() {
* return switch (this) {
* case READ -> "user.permission-read";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While not a guarantee, I imagine that most folks will want to inject a value as a string, which will mean applying single quotes around it. Because it won't work to do '{permissions}' in an expression, it seems preferable to always surround the value in single quotes, thus allowing a template to do {permissions} or {permission} and still have the template compile.

If you agree with that, will you please place single quotes around each returned value?

@jzheaux jzheaux self-assigned this Jul 23, 2025
@jzheaux jzheaux added the type: enhancement A general enhancement label Jul 23, 2025
@jzheaux jzheaux added this to the 7.0.x milestone Jul 23, 2025
@jzheaux jzheaux added in: core An issue in spring-security-core and removed status: waiting-for-triage An issue we've not yet triaged labels Jul 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: core An issue in spring-security-core type: enhancement A general enhancement
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Allow custom conversation for enum values in meta annotation expression templates
3 participants