spring security
P粉409742142
P粉409742142 2023-09-15 17:55:14
0
1
488

I'm developing a basic CRUD web application using React and Spring. Since the frontend isn't ready yet, I'm using Postman for testing. I have this method, but I just discovered that anyone can send an HTTP request and get all the data, as long as they know the id.

@PostMapping("/utente")
public ResponseEntity<Object> getDatiProfiloUtente(@RequestBody final Long idUtente){
        HashMap<String, Object> map = new HashMap<>();

        Paziente paziente = service.findPazienteById(idUtente);
        map.put("nome", paziente.getNome());
        map.put("cognome", paziente.getCognome());
        map.put("email", paziente.getEmail());
        map.put("nTelefono", paziente.getNumeroTelefono());
        map.put("emailCaregiver", paziente.getEmailCaregiver());
        map.put("nomeCaregiver", paziente.getNomeCaregiver());
        map.put("cognomeCaregiver", paziente.getCognomeCaregiver());
            
        return new ResponseEntity<>(map, HttpStatus.OK);
    }

How do I provide security? I want only logged in users to be able to view their own data.

P粉409742142
P粉409742142

reply all(1)
P粉969666670

You want to use the @Secured annotations provided by Spring Security, this baeldung article is a good resource that explains in detail how to set up your desired method safety.

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template