I want to create an annotation that I will use on controller methods to validate access to the resource. I have written interceptor to intercept the request and also written code to create an annotation for their independent scenarios. Now I want intercept the request as well as take values provided in anotation to further processing.
Ideally
@RequestMapping("/release")
@ValidateAction("resource","release") //custom annotation that will accept two strings
public ResponseEntity releaseSoftware(Request request){
}
From the above I have to take those two values from @ValidateAction and send a request to another authorization server to authorize the action if the user have access to it (request contains oauth access token that will be used to authorize) and return true if the user have access otherwise throw AcceeDenied exception. Can anybody point me in the right direction of doing it in Spring boot environment
The @Controller annotation indicates that a particular class serves the role of a controller. Spring Controller annotation is typically used in combination with annotated handler methods based on the @RequestMapping annotation.
The @RequestParam annotation is used to bind request parameters to a method parameter in your controller.
annotation. RequestMapping annotation is used to map web requests onto specific handler classes and/or handler methods. @RequestMapping can be applied to the controller class as well as methods.
2.4 Binding request parameters to method parameters with @RequestParam. Use the @RequestParam annotation to bind request parameters to a method parameter in your controller.
Best way to achieve this is using Spring AOP Aspects.
Let us assume you have an Annotation like this
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface ValidateAction {
String resource();
String release();
}
Then write an Aspect like this
@Aspect
@Component
public class AspectClass {
@Around(" @annotation(com.yourpackage.ValidateAction)")
public Object validateAspect(ProceedingJoinPoint pjp) throws Throwable {
MethodSignature signature = (MethodSignature) pjp.getSignature();
Method method = signature.getMethod();
ValidateAction validateAction = method.getAnnotation(ValidateAction.class);
String release = validateAction.release();
String resource = validateAction.resource();
// Call your Authorization server and check if all is good
if( hasAccess)
pjp.proceed();
.......
}
}
Control will come to validateAspect method when any method which is annotated with @ValidateAction
is called. Here you capture the annotation values as shown and do the necessary check.
Make sure you have the right dependency needed and these imports
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.stereotype.Component;
import java.lang.reflect.Method;
You can do it with Spring AOP
:
First, add spring-aop
dependency:
compile 'org.springframework.boot:spring-boot-starter-aop' // Mine using gradle
In your @Configuration
class, add @EnableAspectJAutoProxy
:
@Configuration
@EnableAspectJAutoProxy
public class Application {
....
}
Create an annotation handler:
@Aspect
@Component // This @Component is required in spring aop
public class ValidateActionHandler {
@Around("execution(@your.path.ValidateAction * *(..)) && @annotation(validateAction)")
public Object doValidate(ProceedingJoinPoint pjp, ValidateAction retryConfig) throws Throwable {
// Your logic here
// then
return pjp.proceed();
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With