Learn how to configure Spring Data REST API visibility.
- [Instructor] Earlier we saw that you cannot only look up entities but also create update and delete them with HTTP post, put, patch and delete. But I do not think we want to allow the public to modify our database in this way. There are two annotations to accomplish this. @RepositoryRestResource is used to control access at the class level and @RestResource is used to control access at the method level.
We can also use @RestRepositoryResource to override the default and point name. In this example, we set the TourPackages endpoint name to packages. So in TourRepository, we'll use our IDE to help us override methods. So the methods we're overriding here are save and delete. We're going to make the IDE happy.
We're going to tour in there. And now, add the @RestResource(exported=false) annotation. And in TourPackageRepository, we'll do the same thing.
For a bit access to those to the upside world. And now, let's annotate the entire TourPackageRepository to have the endpoint renamed to just packages, not Tour capital P Packages anymore. I'm going to restart our app.
So now we're going to invoke the TourPackages endpoint but instead of TourPackages, we're saying packages and then code is CC for California Caln. That works great. Even the href has packages in here. Now let's see what happens whenever we try to delete California Caln. We get 405 Method Not Allowed which is a security level HTTP status code bad which what we want to.
- Setting up the project
- Building, deploying, and launch the microservice
- Declaring Spring Data JPA repository interfaces
- Invoking repositories
- Using Spring Data query methods
- Exposing RESTful APIs with Spring Data REST
- Using the /search resource to invoke query methods
- Paging and sorting
- Declaring a new REST controller
- Creating HTTP methods for creating, reading, updating and deleting persistent data.