Simple web app for managing family finance
- Refine entity field annotations to declare constraints on content.
- Set authorization on repositories. See:
JpaRepository can be secured with '@PreAuthorize', but this is not a good practice.
Moreover, it prevents access without without a web security context as, e.g., from the command line initializer (here DataPreloader).
The right thing to do is:
- to prevent publication of JPA repositories as services (maybe with
@NoService); - to create "custom" services with proper
@PreAuthorize.