我可以在 spring-data-rest 存储库中专门禁用 PATCH 吗? [英] Can I specifically disable PATCH in spring-data-rest repository?

问题描述

我们 API 的客户端不使用补丁，我想避免使用补丁来维护开销.我不想禁用 POST 或 PUT.

Client of our API's don't use patch and I want to avoid it for maintenance overhead. I don't want to disable POST or PUT.

推荐答案

可以在安全级别处理，通过扩展 WebSecurityConfigurerAdapter(可在 spring-security-config) 并覆盖 configure(HttpSecurity http) 以拒绝对目标 URL 的 PATCH 请求:

It can be handled at the security level, by extending WebSecurityConfigurerAdapter (available in spring-security-config) and overriding configure(HttpSecurity http) to deny PATCH requests to the target url :

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers(HttpMethod.PATCH, "/path_to_target_url").denyAll();
    }

}

任何对目标 URL 进行 PATCH 的尝试都将失败，并显示 401 Unauthorized 错误.

Any attempt to PATCH to the target URL will fail with a 401 Unauthorized error.

这篇关于我可以在 spring-data-rest 存储库中专门禁用 PATCH 吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！