1

As we know, In SpringDataRest, the Repository files are only used (not controllers) and we can use build-in methods for It.

My repository code is:

public interface StudentRepository extends JpaRepository<Student, Integer> {
}

I don't want to add custom methods and add my request processing logic there. I want some configuration or events overriding where i can process the HttpRequest handler, parse the token and check some data in token and based on that token i'll decide to either process that request or discard it with some error.

Thanks.

Improve this question
3
  • Are you using spring security? If you want to do checks on a token it sounds like a spring security use-case. Commented Aug 20, 2018 at 11:11
  • Yes, token security is already implemented (Using ResourceServer etc). But i have to move security based on user roles further which i need to extract from the token i received. Commented Aug 21, 2018 at 7:59
  • I'm wondering if you could use the antMatchers based on role like 6 in baeldung.com/java-config-spring-security Commented Aug 21, 2018 at 8:13

1 Answer 1

Reset to default
1

If you want to restrict access to specific endpoints or operations with spring data rest and you are using spring security then you can use the @PreAuthorize annotation with hasRole. To take an example from 'Securing Spring Data REST PreAuthorize', you could have a CrudRepository like:

@PreAuthorize("hasRole('ROLE_USER')")
public interface ParkrunCourseRepository extends CrudRepository<ParkrunCourse, Long> {
    @Override
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    ParkrunCourse save(ParkrunCourse parkrunCourse);
}

Then only users with the admin role will be able to do posts to save these entities.

Improve this answer
Sign up to request clarification or add additional context in comments.

14 Comments

No friend, i don't have requirement for such ROLE based checks, I found solution here: gist.github.com/m-x-k/03a87252d2458010e1d69f37e35af6f1
Sorry, didn't realise you were looking for more custom logic than just role-checks. Glad you found a solution in the HandlerInterceptorAdapter
Do you have any idea how i can override/change URL in interceptor (preHandle) override method?
You mean like do a redirect? If so you could try response.sendRedirect baeldung.com/spring-mvc-custom-handler-interceptor
hi friend, many thanks for your support, i have found exactly what i was looking for here: github.com/yeldarxman/QueryDslPredicateModifier
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.