@@ -5,10 +5,11 @@ NOTE: The following steps are unnecessary if you use Spring Boot. For Boot appli
|
||||
|
||||
You can integrate Spring Data REST with an existing Spring MVC application. In your Spring MVC configuration (most likely where you configure your MVC resources), add a bean reference to the Java configuration class that is responsible for configuring the `RepositoryRestController`. The class name is `org.springframework.data.rest.webmvc.RepositoryRestMvcConfiguration`. The following example shows how to use an `@Import` annotation to add the proper reference:
|
||||
|
||||
In Java, this would look like:
|
||||
The configuration would look like:
|
||||
|
||||
====
|
||||
[source,java]
|
||||
.Java
|
||||
[source,java,role="primary"]
|
||||
----
|
||||
import org.springframework.context.annotation.Import;
|
||||
import org.springframework.data.rest.webmvc.RepositoryRestMvcConfiguration;
|
||||
@@ -20,12 +21,9 @@ public class MyApplicationConfiguration {
|
||||
…
|
||||
}
|
||||
----
|
||||
====
|
||||
|
||||
The following example shows the corresponding XML configuration:
|
||||
|
||||
====
|
||||
[source,xml]
|
||||
.XML
|
||||
[source,xml,role="secondary"]
|
||||
----
|
||||
<bean class="org.springframework.data.rest.webmvc.config.RepositoryRestMvcConfiguration"/>
|
||||
----
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
[[customizing-sdr.customizing-json-output]]
|
||||
= Customizing the JSON Output
|
||||
|
||||
Sometimes in your application, you need to provide links to other resources from a particular entity. For example, a `Customer` response might be enriched with links to a current shopping cart or links to manage resources related to that entity. Spring Data REST provides integration with https://github.com/SpringSource/spring-hateoas[Spring HATEOAS] and provides an extension hook that lets you alter the representation of resources that go out to the client.
|
||||
Sometimes in your application, you need to provide links to other resources from a particular entity. For example, a `Customer` response might be enriched with links to a current shopping cart or links to manage resources related to that entity. Spring Data REST provides integration with https://github.com/spring-projects/spring-hateoas[Spring HATEOAS] and provides an extension hook that lets you alter the representation of resources that go out to the client.
|
||||
|
||||
[[customizing-sdr.customizing-json-output.representation-model-processor]]
|
||||
== The `RepresentationModelProcessor` Interface
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
[[conditional]]
|
||||
= Conditional Operations with Headers
|
||||
:spring-data-rest-root: ../../../..
|
||||
:spring-data-rest-root: ../../..
|
||||
|
||||
This section shows how Spring Data REST uses standard HTTP headers to enhance performance, conditionalize operations, and contribute to a more sophisticated frontend.
|
||||
|
||||
|
||||
@@ -4,9 +4,9 @@ Jon Brisbin, Oliver Drotbohm, Greg Turnquist, Jay Bryant
|
||||
:revnumber: {version}
|
||||
:revdate: {localdate}
|
||||
ifdef::backend-epub3[:front-cover-image: image:epub-cover.png[Front Cover,1050,1600]]
|
||||
:spring-data-commons-docs: ../../../../../spring-data-commons/src/main/asciidoc
|
||||
:spring-data-commons-docs: ../../../../spring-data-commons/src/main/asciidoc
|
||||
|
||||
(C) 2012-2021 Original authors
|
||||
(C) 2012-2022 Original authors
|
||||
|
||||
NOTE: Copies of this document may be made for your own use and for distribution to others, provided that you do not charge any fee for such copies and further provided that each copy contains this Copyright Notice, whether distributed in print or electronically.
|
||||
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
[[security]]
|
||||
= Security
|
||||
:spring-data-rest-root: ../../../..
|
||||
:spring-security-docs: https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle
|
||||
:spring-data-rest-root: ../../..
|
||||
:spring-security-docs: https://docs.spring.io/spring-security/reference
|
||||
|
||||
Spring Data REST works quite well with Spring Security. This section shows examples of how to secure your Spring Data REST services with method-level security.
|
||||
|
||||
[[security.pre-and-post]]
|
||||
== `@Pre` and `@Post` Security
|
||||
|
||||
The following example from Spring Data REST's test suite shows Spring Security's {spring-security-docs}/#el-pre-post-annotations[PreAuthorization model] (the most sophisticated security model):
|
||||
The following example from Spring Data REST's test suite shows Spring Security's {spring-security-docs}/servlet/authorization/expression-based.html#_access_control_using_preauthorize_and_postauthorize[PreAuthorization model] (the most sophisticated security model):
|
||||
|
||||
.spring-data-rest-tests/spring-data-rest-tests-security/src/test/java/org/springframework/data/rest/tests/security/PreAuthorizedOrderRepository.java
|
||||
====
|
||||
@@ -18,7 +18,7 @@ The following example from Spring Data REST's test suite shows Spring Security's
|
||||
include::{spring-data-rest-root}/spring-data-rest-tests/spring-data-rest-tests-security/src/test/java/org/springframework/data/rest/tests/security/PreAuthorizedOrderRepository.java[tag=code]
|
||||
----
|
||||
|
||||
<1> This Spring Security annotation secures the entire repository. The {spring-security-docs}/#el-common-built-in[Spring Security SpEL expression] indicates that the principal must have `ROLE_USER` in its collection of roles.
|
||||
<1> This Spring Security annotation secures the entire repository. The {spring-security-docs}/servlet/authorization/expression-based.html[Spring Security SpEL expression] indicates that the principal must have `ROLE_USER` in its collection of roles.
|
||||
<2> To change method-level settings, you must override the method signature and apply a Spring Security annotation. In this case, the method overrides the repository-level settings with the requirement that the user have `ROLE_ADMIN` to perform a delete.
|
||||
====
|
||||
|
||||
@@ -66,4 +66,4 @@ include::{spring-data-rest-root}/spring-data-rest-tests/spring-data-rest-tests-s
|
||||
<3> This class extends Spring Security's `WebSecurityConfigurerAdapter` which is used for pure Java configuration of security.
|
||||
====
|
||||
|
||||
The rest of the configuration class is not listed, because it follows {spring-security-docs}/#hello-web-security-java-configuration[standard practices] that you can read about in the Spring Security reference docs.
|
||||
The rest of the configuration class is not listed, because it follows {spring-security-docs}/servlet/configuration/java.html[standard practices] that you can read about in the Spring Security reference docs.
|
||||
|
||||
Reference in New Issue
Block a user