REST Controllers

Overview

REST controllers remain unchanged - security is enforced transparently at the service and query layers.

Standard Pattern

@RestController
@RequestMapping("/api/events")
public class EventResource {

    @GetMapping
    public ResponseEntity<List<Event>> getAllEvents(
            EventCriteria criteria,
            Pageable pageable) {
        // Security applied automatically in QueryService
        Page<Event> page = eventQueryService.findByCriteria(criteria, pageable);
        return ResponseEntity.ok().body(page.getContent());
    }

    @PostMapping
    @PreAuthorize("hasAuthority('ROLE_USER')")
    public ResponseEntity<Event> createEvent(@Valid @RequestBody Event event) {
        // Security checked in EventService
        Event created = eventService.save(event);
        return ResponseEntity.created(...)body(created);
    }
}

Next Steps

Write Integration Tests
Review API Reference