Export PATCH/PUT but not POST in @RepositoryRestResource

Question

I am using spring-data-rest and exposing endpoints for CRUD-ing my entities through repositories.
One of entities should be updatable with PATCH/PUT methods, but it shouldn't be possible to create a new instance with POST method.

It seems that both actions go through save method so it seems not possible to export only some of the requests:

@RestResource(exported = ?)
@Override
<S extends User> S save(S s);

What's the best way to accomplish that?
Should I override save method? Write custom Validator?

Answer 1

One solution is to extend WebSecurityConfigurerAdapter (available in spring-security-config) to deny access for POST requests to the target url :

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers(HttpMethod.POST, "/path_to_target_url").denyAll();
    }

}

Any attempt to POST to the target URL will fail with a 401 Unauthorized error.

Answer 2

You can use

• Validators and add an Error to the errors parameter

• Event Handlers, throw an Exception and catch that by @ControllerAdvice, which returns a custom Message or HTTP status code

• Custom Controllers and handle the request manually. See this answer: https://stackoverflow.com/a/41351429/7226417

The first two should listen to BeforeCreateEvent.