0👍
This can be achieved using spring security authorities in your userdetails, so an admin user will have and admin role and a normal user will have a user role.
Then the endpoints can be protected based on the roles
@PreAuthorize("hasRole('ROLE_ADMIN')")
public List<Foo> findAll() { ... }
...
Source:stackexchange.com