Can I use Method Security on Spring Rest Repository methods?

Asked Feb 10 '23 at 13:18

Active Feb 11 '23 at 11:23

Viewed 26 times

Let CountryRepo be a Spring RepositoryRestResource

@RepositoryRestResource
public interface CountryRepo implements CrudRepository<Country, Long> { }

for a simple Country domain with country code and common name.

Can I override the methods and introduce method level security to allow only users with ADMIN role to send e.g. POST or DELETE requests?

@RepositoryRestResource
public interface CountryRepo extends CrudRepository<Country, Long> {

    @Override
    public Iterable<Country> findAll(); // <-- Globally allowed

    @Override
    @PreAuthorize("hasRole('ADMIN')")
    public <S extends Country> S save(S entity); // <-- Only admins can create countries.

    // ... Remaining methods from CRUD repository interface.

}

I'm trying to build a simple example to see if it works, but I think I'm having problem elsewhere, so interested in hearing if this at all is possible.

edited Feb 11 '23 at 11:23

dur

15,689
25
79
125

asked Feb 10 '23 at 13:18

TMOTTM

3,286
6
32
63

1

Yes possible - see https://stackoverflow.com/questions/21568812/preauthorize-on-jparepository – John Williams Feb 11 '23 at 18:08

Can I use Method Security on Spring Rest Repository methods?

0 Answers0