Repository access control in Spring Data Rest based off user princpal

Question

I\'m attempting to implement fine grain access control while still taking advantage of Spring data rest.

I\'m working on securing a CrudRepository so u

Answer 1

Can also be achieved by implementing your checks in your custom Spring repository event handlers. See @HandleBeforeCreate, @HandleBeforeUpdate, @HandleBeforeDelete.

Alternatively, you can use permission-based expressions, e.g. with ACL or your custom ones, you can write @PreAuthorize("hasPermission(#id, 'MyObject', 'DELETE')").