TechQA.

Spring data Rest Partitioning Data

248 views Asked by At

I was wondering, if one were to use Spring Security with Spring data rest, would it be possible to partition the data so that the user of the REST API can only say data related to them?

More specifically, assuming Spring data ne04j exposed over HATEOAS with Spring security. If the client is given an oauth2 token, can that token be programmatically used to only give the user the subset of the graph that he created or related to him?

E.g. A Bank is exposing some actions on a account. The client is given an oauth token. The client should only be able to see and perform HTTP operations on their account, and not any other user.

By default, once you have access to the HATEOAS endpoint, you can see all data. Is there anyway to limit this, without too much heavy lifting?

spring-security spring-data-neo4j spring-data-rest database-partitioning
Original Q&A
1

There are 1 answers

2
George On BEST ANSWER

You can use @PreAuthorize to perform authorization checks before an operation and @PostFilter to filter the returned data.

Some examples:

@PreAuthorize("#contact.name == authentication.name")
public void doSomething(Contact contact);

@PostFilter ("filterObject.owner == authentication.name")
public List<Book> getBooks();

Related Questions in SPRING-SECURITY

Related Questions in SPRING-DATA-NEO4J

Related Questions in SPRING-DATA-REST

Related Questions in DATABASE-PARTITIONING

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions