Search code examples
spring-bootspringdoc-openapi-ui

How to not expose entities endpoints in Spring Boot application


Upgrading my MS from Spring Boot 2.7 to 3.0, i've noticed that entities are exposed even i 'hide' and scan only controller package which contains only APIs,

for an entity Customer i could invoke all CRUD actions !

http://localhost:8093/customerEntities/7308 GET / PUT /POST

properties ::

springdoc:
  paths-to-match: /v1/**
  packages-to-scan: a.b.c.controller // only APIs

this could hide entity endpoints from Swagger BUT i could fetch them with url directly.

So how to eliminate those entities endpoint ?

some information :

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>3.0.0</version>
    <relativePath/> <!-- lookup parent from repository -->
  </parent>

<dependency>
  <groupId>org.springdoc</groupId>
  <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
  <version>2.1.0</version>
</dependency>

<dependency>
  <groupId>org.springdoc</groupId>
  <artifactId>springdoc-openapi-common</artifactId>
  <version>1.6.15</version>
  <scope>compile</scope>
</dependency>

Solution

  • You can try configuring the setExposeRepositoryMethodsByDefault to false and check.

    Sample code snippet:

    @Configuration
    public class AppRepositoryConfig implements RepositoryRestConfigurer {
    
        @Override
        public void configureRepositoryRestConfiguration(RepositoryRestConfiguration config, CorsRegistry cors) {
    
            config.setExposeRepositoryMethodsByDefault(false);
        }
    }