我可以在 spring-data-rest 存储库中专门禁用 PATCH 吗?
问题描述:
我们 API 的客户端不使用补丁,我想避免使用补丁来维护开销.我不想禁用 POST 或 PUT.
Client of our API's don't use patch and I want to avoid it for maintenance overhead. I don't want to disable POST or PUT.
答
可以在安全级别处理,通过扩展 WebSecurityConfigurerAdapter(可在 spring-security-config) 并覆盖 configure(HttpSecurity http) 以拒绝对目标 URL 的 PATCH 请求:
It can be handled at the security level, by extending WebSecurityConfigurerAdapter (available in spring-security-config) and overriding configure(HttpSecurity http) to deny PATCH requests to the target url :
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(HttpMethod.PATCH, "/path_to_target_url").denyAll();
}
}
任何对目标 URL 进行 PATCH 的尝试都将失败,并显示 401 Unauthorized 错误.
Any attempt to PATCH to the target URL will fail with a 401 Unauthorized error.