35

I have a project that uses spring-data-rest, and has a dependency project that only uses Spring Data. Both projects have spring data repositories and use @EnableJpaRepositories to implement their repository interfaces, but I only want to export the repositories in the parent project.

Here's my question: is there some way to configure Spring Data REST to only expose rest endpoints for resources in the parent project, without having to explicitly annotate every repository in the dependency project with @RepositoryRestResource(exported = false)?

If I can only do this with @RepositoryRestResource of disabling it, and worse yet, no other project with a different use case will be able to enable REST endpoints for those repositories, my dependency project will have to include Spring Data REST solely for the…

fap
  • 663
  • 1
  • 5
  • 14
gyoder
  • 4,530
  • 5
  • 29
  • 37

3 Answers3

63

Looping back here as I was looking for this specific setting. It looks like this is now implemented. In this case, you would want to set spring.data.rest.detection-strategy=annotated to avoid default exposure.

All application.properties options:

# Exposes all public repository interfaces but considers @(Repository)RestResource\u2019s `exported flag.
spring.data.rest.detection-strategy=default

# Exposes all repositories independently of type visibility and annotations.
spring.data.rest.detection-strategy=all

# Only repositories annotated with @(Repository)RestResource are exposed, unless their exported flag is set to false.
spring.data.rest.detection-strategy=annotated

# Only public repositories annotated are exposed.
spring.data.rest.detection-strategy=visibility

References

Martin Schröder
  • 4,176
  • 7
  • 47
  • 81
Brian
  • 4,921
  • 3
  • 20
  • 29
17

Currently there's no global switch for what you're looking for. I've filed this ticket for you for inclusion in the next major release.

Not sure if it is an option for you but package private repository interfaces are not currently exposed unless explicitly annotated. If you can make all those library repositories package protected that might be favorable over the explicit annotation.

Oliver Drotbohm
  • 80,157
  • 18
  • 225
  • 211
6

As of version 3.4 use:

import org.springframework.context.annotation.Configuration;
import org.springframework.data.rest.core.config.RepositoryRestConfiguration;
import org.springframework.data.rest.webmvc.config.RepositoryRestConfigurer;
import org.springframework.web.servlet.config.annotation.CorsRegistry;

@Configuration
public class SpringRestConfiguration implements RepositoryRestConfigurer {
    @Override
    public void configureRepositoryRestConfiguration(RepositoryRestConfiguration config, CorsRegistry cors) {
        config.disableDefaultExposure();
    }
}
53c
  • 381
  • 5
  • 9
  • The suggested configuration does in fact hide most of the URIs. The only one left visible is `rel="profile"` with uri `http://.../profile`. Does anyone know how to hide that "last uri standing"? Thanks – Zaphod Beeblebrox Apr 26 '21 at 15:41
  • Where should this configuration class be defined? Can I define it in a seperate config package of my springboot project? @53c – Kush Trivedi Jun 27 '21 at 14:53
  • Hi @KushTrivedi, yes, you can define it in your config package. The class just needs a `@Configuration` annotation for springboot to pick it up on startup. Also, if it's not in the same package (or child package) where your main method with `@SpringBootApplication` is first executed then you may need to specify the path manually. Though, not 100% sure about that as I typically keep things in child packages. – 53c Jun 28 '21 at 15:55
  • This is such a weird behavior. If it stays enabled, it will basically expose every single entity/repository and every single query as well e.g. `findSomethingByWhatever()` gets its own set of endpoints etc. How on earth would want something like this? – Stefan Falk Mar 30 '23 at 14:37