Spring data rest - 有没有办法限制支持的操作?
Spring data rest - Is there a way to restrict the supported operations?
我想在 Spring(SpringBoot) 应用程序中将数据库中的数据公开为 Restful API。 Spring Data Rest 似乎完全符合此 activity 的目的。
对于我的应用程序需要,该数据库是只读的。默认提供所有 HTTP 方法。有没有我可以用来限制(实际上是防止)暴露其他方法的配置?
来自 Hiding repository CRUD methods 上的 Spring 文档:
16.2.3. Hiding repository CRUD methods
If you don’t want to expose a save or delete method on your
CrudRepository, you can use the @RestResource(exported = false)
setting by overriding the method you want to turn off and placing the
annotation on the overriden version. For example, to prevent HTTP
users from invoking the delete methods of CrudRepository, override all
of them and add the annotation to the overriden methods.
@RepositoryRestResource(path = "people", rel = "people")
interface PersonRepository extends CrudRepository<Person, Long> {
@Override
@RestResource(exported = false)
void delete(Long id);
@Override
@RestResource(exported = false)
void delete(Person entity);
}
It is important that you override both delete methods as the exporter
currently uses a somewhat naive algorithm for determing which CRUD
method to use in the interest of faster runtime performance. It’s not
currently possible to turn off the version of delete which takes an ID
but leave exported the version that takes an entity instance. For the
time being, you can either export the delete methods or not. If you
want turn them off, then just keep in mind you have to annotate both
versions with exported = false.
截至 2018 年初,现在 ability to only expose repository methods explicitly declared for exposure (DATAREST-1176)
已打开 Export false at Type level does not allow overriding with export true at Method level 票 (DATAREST-1034),但作为 DATAREST-1176 的副本关闭。奥利弗吉尔克说:
I'll resolve this as fixed against the version of DATAREST-1176 for
now but feel free to reopen in case there's anything else you need.
它们不是完全相同的,1034 中描述的功能本来会更加用户友好,但现在至少有一些选项。
我想在 Spring(SpringBoot) 应用程序中将数据库中的数据公开为 Restful API。 Spring Data Rest 似乎完全符合此 activity 的目的。
对于我的应用程序需要,该数据库是只读的。默认提供所有 HTTP 方法。有没有我可以用来限制(实际上是防止)暴露其他方法的配置?
来自 Hiding repository CRUD methods 上的 Spring 文档:
16.2.3. Hiding repository CRUD methods
If you don’t want to expose a save or delete method on your CrudRepository, you can use the @RestResource(exported = false) setting by overriding the method you want to turn off and placing the annotation on the overriden version. For example, to prevent HTTP users from invoking the delete methods of CrudRepository, override all of them and add the annotation to the overriden methods.
@RepositoryRestResource(path = "people", rel = "people") interface PersonRepository extends CrudRepository<Person, Long> { @Override @RestResource(exported = false) void delete(Long id); @Override @RestResource(exported = false) void delete(Person entity); }It is important that you override both delete methods as the exporter currently uses a somewhat naive algorithm for determing which CRUD method to use in the interest of faster runtime performance. It’s not currently possible to turn off the version of delete which takes an ID but leave exported the version that takes an entity instance. For the time being, you can either export the delete methods or not. If you want turn them off, then just keep in mind you have to annotate both versions with exported = false.
截至 2018 年初,现在 ability to only expose repository methods explicitly declared for exposure (DATAREST-1176)
已打开 Export false at Type level does not allow overriding with export true at Method level 票 (DATAREST-1034),但作为 DATAREST-1176 的副本关闭。奥利弗吉尔克说:
I'll resolve this as fixed against the version of DATAREST-1176 for now but feel free to reopen in case there's anything else you need.
它们不是完全相同的,1034 中描述的功能本来会更加用户友好,但现在至少有一些选项。