我想在 Spring(SpringBoot) 应用程序中将数据库中的数据公开为 Restful API。 Spring Data Rest 似乎非常适合此事件的目的。
该数据库对于我的应用程序需求是只读的。默认提供所有 HTTP 方法。是否有一个配置可以用来限制(实际上防止)其他方法被公开?
最佳答案
来自 Hiding repository CRUD methods 上的 Spring 文档:
16.2.3. Hiding repository CRUD methods
If you don’t want to expose a save or delete method on your CrudRepository, you can use the @RestResource(exported = false) setting by overriding the method you want to turn off and placing the annotation on the overriden version. For example, to prevent HTTP users from invoking the delete methods of CrudRepository, override all of them and add the annotation to the overriden methods.
@RepositoryRestResource(path = "people", rel = "people") interface PersonRepository extends CrudRepository<Person, Long> { @Override @RestResource(exported = false) void delete(Long id); @Override @RestResource(exported = false) void delete(Person entity); }It is important that you override both delete methods as the exporter currently uses a somewhat naive algorithm for determing which CRUD method to use in the interest of faster runtime performance. It’s not currently possible to turn off the version of delete which takes an ID but leave exported the version that takes an entity instance. For the time being, you can either export the delete methods or not. If you want turn them off, then just keep in mind you have to annotate both versions with exported = false.
关于Spring data Rest - 有没有办法限制支持的操作?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56965702/