Spring data rest - 有没有办法限制支持的操作？

Question

我想在 Spring(SpringBoot) 应用程序中将数据库中的数据作为 Restful API 公开。 Spring Data Rest 似乎完全适合此事件的目的。

这个数据库对于我的应用程序需要是只读的。默认提供所有 HTTP 方法。有没有我可以用来限制(实际上是防止)其他方法被暴露的配置？

Answer 1

来自 Hiding repository CRUD methods 上的 Spring 文档:

16.2.3. Hiding repository CRUD methods

If you don’t want to expose a save or delete method on your CrudRepository, you can use the @RestResource(exported = false) setting by overriding the method you want to turn off and placing the annotation on the overriden version. For example, to prevent HTTP users from invoking the delete methods of CrudRepository, override all of them and add the annotation to the overriden methods.

@RepositoryRestResource(path = "people", rel = "people")
interface PersonRepository extends CrudRepository<Person, Long> {

  @Override
  @RestResource(exported = false)
  void delete(Long id);

  @Override
  @RestResource(exported = false)
  void delete(Person entity);
}

It is important that you override both delete methods as the exporter currently uses a somewhat naive algorithm for determing which CRUD method to use in the interest of faster runtime performance. It’s not currently possible to turn off the version of delete which takes an ID but leave exported the version that takes an entity instance. For the time being, you can either export the delete methods or not. If you want turn them off, then just keep in mind you have to annotate both versions with exported = false.