Reputation: 4451
Spring boot rest ignore one class
I am developing a REST API using spring-boot-starter-data-rest. One class I want to sync with JPA is the User class containing information about users, including who is allowed to access the API.
Unfortunately, having the User and the UserRepository means that my User class is exposed in my API. I was able to remove things like the Id (in the configureRepositoryRestConfiguration function) and usernames and passwords (by adding @JsonIgnore to every variable of my User class).
Unfortunately, users of the API can still ask for the users table (who returns a list with empty users). Although this is not really a problem, I would rather remove the /users endpoint.
Adding @JsonIgnore to the whole User class is not possible.
Upvotes: 0
Views: 1339
Answers (3)
Reputation: 30289
Exporting repositories is depend on RepositoryDetectionStrategy. The default strategy is:
Exposes all public repository interfaces but considers @(Repository)RestResource’s
exportedflag.
According it to disable exporting of your 'repo' you can set exported flag to false for this repo:
@RepositoryRestResource(exported = false)
public interface UserRepo extends JpaRepository<User, Integer> {
//...
}
Another approach is to change globally the RepositoryDetectionStrategy to ANNOTATED:
Only repositories annotated with @(Repository)RestResource are exposed, unless their exported flag is set to false.
@Configuration
public class RestConfig extends RepositoryRestConfigurerAdapter {
@Override
public void configureRepositoryRestConfiguration(RepositoryRestConfiguration config) {
config.setRepositoryDetectionStrategy(RepositoryDetectionStrategy.RepositoryDetectionStrategies.ANNOTATED);
super.configureRepositoryRestConfiguration(config);
}
}
Then don't apply @RepositoryRestResource annotation to repos that doesn't need to be exported.
UPDATE
We can also use this application property to setup the strategy:
spring.data.rest.detection-strategy=default
Upvotes: 2
Reputation: 1194
You can hide certain repositories by adding this annotation to your repository: @RepositoryRestResource(exported = false).
More informations here: http://docs.spring.io/spring-data/rest/docs/current/reference/html/#customizing-sdr.hiding-repositories
Upvotes: 1
Reputation: 2372
There's such thing as projections.
You can define interface with fields you want and use it as repository's method:
@Projection(name = "simpleUser", types = { User.class })
interface SimpleUser {
String getFirstName();
String getLastName();
}
Upvotes: 0
Related Questions
- Exclude entities for Spring Data Rest
- Spring Ignore field just in getAll method
- How to apply json ignore annotation on a rest controller method endpoint in spring boot?
- Spring Rest Controller @RequestBody for an interface except a class
- How to exclude other class objects in a GET request? - Java Spring Boot
- Spring Data JPA exclude properties for specific RequestMapping
- Prevent spring-data-rest from parsing json
- Ignore Entity Fields in REST Arguments in Spring Boot
- Spring Boot (Jackson): How to avoid class name being serialized to JSON
- Spring Data REST - Exclude Subtypes