@Entity
public class MyEntity {
@Id
@GeneratedValue
private Long id;
private String name;
}
@RepositoryRestResource
public interface MyEntityRepository extends JpaRepository<MyEntity, Long> {
@Secured("ADMIN")
@Override
<S extends Test> S save(S entity);
}
@RestController
public class MyController {
@Autowired
private MyEntityRepository myEntityRepository;
@RequestMapping("/")
public void something() {
myEntityRepository.save(new MyEntity());
}
}
注意:与用户相关的安全设置已完成。
所以,我的问题是我希望在我的代码中使用save方法没有任何权限,但阻止客户端对save进行公开访问。
如果我尝试像上面的例子一样,我也不能使用。我该怎么做?可能吗?
很快,
Access for Controller to save -> "/" : Permit All
Access for Data Rest's save Endpoint -> "/metrics" : hasRole("ADMIN")
如果我理解您的问题,希望这对您的场景有用。
@EnableWebSecuritypublic class WebSecurityConfig extensions WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/metrics").hasAnyRole(ADMIN.toString())
.anyRequest().permitAll()
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("admin").password("admin").roles(ADMIN.toString())
.and()
.withUser("guest").password("guest").roles(GUEST.toString());
}
}