Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

StringBasedMongoQuery handles complex expression parameters incorrectly. [DATAMONGO-1244] #2160

spring-projects-issues opened this issue Jun 20, 2015 · 2 comments
in: core Issues in core support type: bug A general bug


Copy link

Thomas Darimont opened DATAMONGO-1244 and commented

Currently the regex based expression parameter scanning is too weak to handle nested object expressions like:

{'id':?#{ [0] ? { $exists :true} : [1] }}

which currently yields the invalid mongo query:

{'id':?expr0 : [1] }}

instead of:


Further more, if complex parameter objects are passed as expressions
they get unnecessarily quoted which could yield wrong results.

@{'id':?#{ [0] ? { $exists :true} : [1] }, 'foo':42, 'bar': ?#{ [0] ? { $exists :false} : [1] }}

Currently results in:

@{'id':"{ \"$exists\" :true}", 'foo':42, 'bar': 'foo' }}

when finally rendered.

This prevents the effective use of SpEL based parameter expressions
to be used for dynamic filtering with Spring Security as it is currently possible
with Spring Data JPA.

With this fixed one could easily perform filtering based on Spring Security context information in Spring Data MongoDB Repositories:

public interface PersonRepository extends CrudRepository<Person, String> {

	@Query("{id: ?#{ hasRole('ROLE_ADMIN') ? {$exists:true} :}}")
	List<Person> findAllForCurrentUserById();

Affects: 1.8 M1 (Gosling)

Referenced from: pull request #306

Copy link

Thomas Darimont commented

Please revise

Copy link

Thomas Darimont commented

Oliver Drotbohm thanks for polishing :)

Don't forget to merge the demo for this in the spring-data-examples: spring-projects/spring-data-examples#108


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
in: core Issues in core support type: bug A general bug
None yet

No branches or pull requests

2 participants