Here's an easy method to block specific HTTP request methods on endpoints created automatically by Spring Data REST. This example blocks POST and DELETE. This obviates any changes or overrides in your repository layer.

Note: You should probably do this instead, but if you don't want to mess with your interface, here's another way.

@RepositoryRestController
@ExposesResourceFor(YourEntity.class)
@RequiredArgsConstructor
public class YourEntityController {

  @PostMapping("/endpoint")
  HttpEntity<?> post() {
    return new ResponseEntity<>(HttpStatus.METHOD_NOT_ALLOWED);
  }

  @DeleteMapping("/endpoint/{id}")
  HttpEntity<?> delete(@PathVariable String id) {
    return new ResponseEntity<>(HttpStatus.METHOD_NOT_ALLOWED);
  }

}