CODEWITHSUNDEEP
javaspring-dataspring-data-rest
gyoder
gyoder

Reputation: 4738

How to disable the default exposure of Spring Data REST repositories?

I have a project that uses spring-data-rest, and has a dependency project that only uses Spring Data. Both projects have spring data repositories and use @EnableJpaRepositories to implement their repository interfaces, but I only want to export the repositories in the parent project.

Here's my question: is there some way to configure Spring Data REST to only expose rest endpoints for resources in the parent project, without having to explicitly annotate every repository in the dependency project with @RepositoryRestResource(exported = false)?

If I can only do this with @RepositoryRestResource of disabling it, and worse yet, no other project with a different use case will be able to enable REST endpoints for those repositories, my dependency project will have to include Spring Data REST solely for the…

Upvotes: 38

Views: 28249

Answers (3)

Brian
Brian

Reputation: 5049

Looping back here as I was looking for this specific setting. It looks like this is now implemented. In this case, you would want to set spring.data.rest.detection-strategy=annotated to avoid default exposure.

All application.properties options:

# Exposes all public repository interfaces but considers @(Repository)RestResource\u2019s `exported flag.
spring.data.rest.detection-strategy=default

# Exposes all repositories independently of type visibility and annotations.
spring.data.rest.detection-strategy=all

# Only repositories annotated with @(Repository)RestResource are exposed, unless their exported flag is set to false.
spring.data.rest.detection-strategy=annotated

# Only public repositories annotated are exposed.
spring.data.rest.detection-strategy=visibility

References

Upvotes: 69

53c
53c

Reputation: 453

As of version 3.4 use:

import org.springframework.context.annotation.Configuration;
import org.springframework.data.rest.core.config.RepositoryRestConfiguration;
import org.springframework.data.rest.webmvc.config.RepositoryRestConfigurer;
import org.springframework.web.servlet.config.annotation.CorsRegistry;

@Configuration
public class SpringRestConfiguration implements RepositoryRestConfigurer {
    @Override
    public void configureRepositoryRestConfiguration(RepositoryRestConfiguration config, CorsRegistry cors) {
        config.disableDefaultExposure();
    }
}

Upvotes: 6

Oliver Drotbohm
Oliver Drotbohm

Reputation: 83081

Currently there's no global switch for what you're looking for. I've filed this ticket for you for inclusion in the next major release.

Not sure if it is an option for you but package private repository interfaces are not currently exposed unless explicitly annotated. If you can make all those library repositories package protected that might be favorable over the explicit annotation.

Upvotes: 17

Related Questions