I am creating a spring boot application. I am adding few endpoints to it. In that process some of the endpoints are secure and some are not.
Once the application is installed I am getting some extra endpoints giving application info which are not even exposed.
Example: Some of the exposed endpoints are
@RestController
@RequestMapping("/category/v1")
public class ControllerClass {
@RequestMapping(value="/pillars", method=RequestMethod.GET)
public String pillarGetMethod() {
//method
}
@RequestMapping(value="/frameworks", method=RequestMethod.GET)
public String frameworkGetMethod() {
//method
}
}
Now expectation is we will have
should get exposed.
But with that
is also getting exposed with response as
{
"_embedded" : {
"pillars" : [ {
} ]
},
"_links" : {
"self" : {
"href" : "http://<ip>/pillars{?page,size,sort}",
"templated" : true
},
"profile" : {
"href" : "http://<ip>/profile/pillars"
},
"search" : {
"href" : "http://<ip>/pillars/search"
}
},
"page" : {
"size" : 20,
"totalElements" : 5,
"totalPages" : 1,
"number" : 0
}
}
I need help on understanding the output and also how I can stop this from getting exposed.
My guess is you defined something like :
public class PillarRepository extends CrudRepository<Pillar, String> { ... }
public class FrameworkPillarRepository extends CrudRepository<Pillar, String> { ... }
If so, the underlying resources are exposed automatically by Spring Boot/Spring Data Rest, unless you annotate the repositories with @RepositoryRestResource(exported = false).
If you just wish to reproduce the automatic GET behavior, but with a custom path, use the path option.