I have created a simple rest service in Java for my web application. From what I understand you can make a rest call from a browser. In my app I want a user to choose an option from a list and basen of what he has chosen I want the app to display certain information. I will use JavaScirpt to make an Get call and based on the Json data show the information. How do i stop the user from making a delete call and removing some of the data from my database? I’ve built the server part using Spring Boot with JPA and Rest repositories.
Here’s the code for my repository:
@RepositoryRestResource(collectionResourceRel =
"people", path = "people")
public interface PersonRepository extends
CrudRepository<Person, Long> {
List<Person> findByLastName(@Param("name")
String name);
}
This interface implements crudRepository which has method for deleting object how can i restrict a user from using it?
Alright I've figured it out. To hide some of the unwanted methods from CrudRepository interface I made my repository extend Repository interface ( which is parent to CrudRepository) and I've copied form Crud only those methods that i need:
public interface RestService extends Repository<Patient,Long>{
Optional<Patient> findById(Id Long);
boolean existsById(Id ong);
Iterable<Patient> findAll();
Iterable<Patient> findAllById(Iterable<Id> ids);
long count();
}
Any other call then GET thorws a 405 Method Not Allowed