I am using spring-boot-starter-data-rest dependency in my project which really saves a lot of time and automatically creates Rest endpoints for the entities that have an associated CrudRepository repository defined in the project. But let's say one of my entity is Article and authenticated users (Session authentication in this example) can create articles from the POST endpoint. In my Article table I have one column user_id and it represents the id of the user who created the article.
Now the user can use POST endpoint and send the user_id property which is not really secure, one user could set this id and pretend another user posted one article. So I have to set this property on the back-end level (from the session informations of the user).
I am a bit new to the spring environment and now the only solution i can think of is to rewrite the endpoint entirely so I can store user_id properly into the database. This is counter-productive because this is a very tiny change to the default behavior spring-boot-starter-data-rest provides. Isn't there a solution where I can catch the Article object before it is pushed into the database so I can just set user_id and send it back to the default processing ?
