How to restrict POST Rest Api for public access after successful login in Spring-boot

Question

I am a new in JAVA/Springboot, I want to restrict POST rest api to access publicly.

Once user login successfully, the API is currently accessible publicly and able to add update data. I want to restrict it and only accessible privately.My aim is to restrict unauthorised user to add or update data publicly and it should be privatly accessible.

Thank You...

Does this answer your question? [How to secure REST API with Spring Boot and Spring Security?](https://stackoverflow.com/questions/32548372/how-to-secure-rest-api-with-spring-boot-and-spring-security) — Issam El-atif, Apr 01 '20 at 12:23

Manuel · Answer 1 · 2020-04-01T12:31:53.770

1

You can make use of preAuthorize

@PreAuthorize("hasAnyRole('MY_ROLE_TO_CHECK')")

preAuthorize also allow you expressions with Spring EL.

if you just want to check, if the user is logged in, then it could be

@PreAuthorize("isAuthenticated()")

Take a look at Built-in EL of Spring Security

Enable annotation-based security to use preAuthorize

edited Apr 01 '20 at 12:31

answered Apr 01 '20 at 12:20

Manuel

1,928
2
16
26

How to restrict POST Rest Api for public access after successful login in Spring-boot

1 Answers1