Customizing HTTP Endpoints in Spring Data REST
Last updated: January 8, 2024
Mocking is an essential part of unit testing, and the Mockito library makes it easy to write clean and intuitive unit tests for your Java code.
Get started with mocking and improve your application tests using our Mockito guide:
Handling concurrency in an application can be a tricky process with many potential pitfalls. A solid grasp of the fundamentals will go a long way to help minimize these issues.
Get started with understanding multi-threaded applications with our Java Concurrency guide:
Spring 5 added support for reactive programming with the Spring WebFlux module, which has been improved upon ever since. Get started with the Reactor project basics and reactive programming in Spring Boot:
Since its introduction in Java 8, the Stream API has become a staple of Java development. The basic operations like iterating, filtering, mapping sequences of elements are deceptively simple to use.
But these can also be overused and fall into some common pitfalls.
To get a better understanding on how Streams work and how to combine them with other language features, check out our guide to Java Streams:
Explore Spring Boot 3 and Spring 6 in-depth through building a full REST API with the framework:
Yes, Spring Security can be complex, from the more advanced functionality within the Core to the deep OAuth support in the framework.
I built the security material as two full courses - Core and OAuth, to get practical with these more complex scenarios. We explore when and how to use each feature and code through it on the backing project.
You can explore the course here:
Spring Data JPA is a great way to handle the complexity of JPA with the powerful simplicity of Spring Boot.
Get started with Spring Data JPA through the guided reference course:
Refactor Java code safely — and automatically — with OpenRewrite.
Refactoring big codebases by hand is slow, risky, and easy to put off. That’s where OpenRewrite comes in. The open-source framework for large-scale, automated code transformations helps teams modernize safely and consistently.
Each month, the creators and maintainers of OpenRewrite at Moderne run live, hands-on training sessions — one for newcomers and one for experienced users. You’ll see how recipes work, how to apply them across projects, and how to modernize code with confidence.
Join the next session, bring your questions, and learn how to automate the kind of work that usually eats your sprint time.
1. Introduction
Spring Data REST can remove a lot of boilerplate that’s natural to REST services.
In this tutorial, we’ll explore how to customize some of Spring Data REST’s HTTP binding defaults.
2. Spring Data REST Repository Fundamentals
To get started, let’s create an empty interface that extends the CrudRepository interface, specifying the type of our entity and the type of its primary key:
public interface UserRepository extends CrudRepository<WebsiteUser, Long> {}By default, Spring generates all the mappings needed, configures each resource to be accessible via the appropriate HTTP methods, and returns the proper status codes.
If we don’t need all the resources defined in CrudRepository, we can extend the basic Repository interface and define only the resources we want:
public interface UserRepository extends Repository<WebsiteUser, Long> {
void deleteById(Long aLong);
}Upon receiving a request, Spring reads the HTTP Method used and, depending on the resource type, calls the appropriate method defined in our interface, if present, or returns an HTTP status 405 (Method Not Allowed) otherwise.
With reference to the code above, when Spring receives a DELETE request, it executes our deleteById method.
3. Restricting Which HTTP Methods Are Exposed
Let’s imagine we have a user management system. We might, then, have a UserRepository.
And, since we are using Spring Data REST, we get a lot from having it extend CrudRepository:
@RepositoryRestResource(collectionResourceRel = "users", path = "users")
public interface UserRepository extends CrudRepository<WebsiteUser, Long> {}All our resources are exposed using the default CRUD pattern, so issuing the following command:
curl -v -X DELETE http://localhost:8080/users/<existing_user_id>will return an HTTP status 204 (No Content returned) to confirm the deletion.
Now, let’s assume we want to hide the delete method from third parties while being able to use it internally.
We can then first add the deleteById method signature into our interface, which signals to Spring Data REST that we are going to configure it.
Then, we can use the annotation @RestResource(exported = false), which will configure Spring to skip this method when triggering the HTTP method exposure:
@Override
@RestResource(exported = false)
void deleteById(Long aLong);Now, if we repeat the same cUrl command shown above, we’ll receive an HTTP Status 405 (Method Not Allowed) instead.
4. Customizing Supported HTTP Methods
The @RestResource annotation also gives us the ability to customize the URL path mapped to a repository method and the link id in the JSON returned by the HATEOAS resource discovery.
To do that, we use the optional parameters of the annotation:
- path for the URL path
- rel for the link id
Let’s go back to our UserRepository and add a simple findByEmail method:
WebsiteUser findByEmail(@Param("email") String email);By executing a cUrl to http://localhost:8080/users/search/, we can now see our new method listed with other resources:
{
"_links": {
"findByEmail": {
"href": "http://localhost:8080/users/search/findByEmail{?email}"
},
"self": {
"href": "http://localhost:8080/users/search/"
}
}
}If we don’t like the default path, instead of changing the repository method, we can simply add the @RestResource annotation:
@RestResource(path = "byEmail", rel = "customFindMethod")
WebsiteUser findByEmail(@Param("email") String email);And if we do the resource discovery again, the resulting JSON will confirm our changes:
{
"_links": {
"customFindMethod": {
"href": "http://localhost:8080/users/search/byEmail{?email}",
"templated": true
},
"self": {
"href": "http://localhost:8080/users/search/"
}
}
}5. Programmatic Configuration
Sometimes we need a finer-grained level of configuration to expose or restrict access to our HTTP methods. For example, POST on collection resources, as well as PUT and PATCH on item resources, all use the same save method.
Starting from Spring Data REST 3.1, and available with Spring Boot 2.1, we can change the exposure of a specific HTTP method through the ExposureConfiguration class. This particular configuration class exposes a lambda-based API to define both global and type-based rules.
For example, we can use ExposureConfiguration to restrict PATCH requests against the UserRepository:
public class RestConfig implements RepositoryRestConfigurer {
@Override
public void configureRepositoryRestConfiguration(RepositoryRestConfiguration restConfig,
CorsRegistry cors) {
ExposureConfiguration config = restConfig.getExposureConfiguration();
config.forDomainType(WebsiteUser.class).withItemExposure((metadata, httpMethods) ->
httpMethods.disable(HttpMethod.PATCH));
}
}6. Conclusion
In this article, we explored how we can configure Spring Data REST to customize the HTTP methods supported by default in our resources.
