Can I specifically disable PATCH in spring-data-rest repository?

问题

Client of our API's don't use patch and I want to avoid it for maintenance overhead. I don't want to disable POST or PUT.

回答1:

It can be handled at the security level, by extending WebSecurityConfigurerAdapter (available in spring-security-config) and overriding configure(HttpSecurity http) to deny PATCH requests to the target url :

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers(HttpMethod.PATCH, "/path_to_target_url").denyAll();
    }

}

Any attempt to PATCH to the target URL will fail with a 401 Unauthorized error.

回答2:

Perhaps it is necessary to put the plug in the REST controller... For example:

@RestController
@RequestMapping("/api/...")
@ExposesResourceFor(...)
public class MyController {
...
    @PatchMapping
    HttpEntity<?> patch() {
        return new ResponseEntity<>(HttpStatus.METHOD_NOT_ALLOWED);
    }
}

来源：https://stackoverflow.com/questions/41345847/can-i-specifically-disable-patch-in-spring-data-rest-repository

标签

spring-boot

spring-data-rest

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!