Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Custom annotation on controller methods to intercept request and validate

I want to create an annotation that I will use on controller methods to validate access to the resource. I have written interceptor to intercept the request and also written code to create an annotation for their independent scenarios. Now I want intercept the request as well as take values provided in anotation to further processing.

Ideally

@RequestMapping("/release")
@ValidateAction("resource","release") //custom annotation that will accept two strings
public ResponseEntity releaseSoftware(Request request){
}

From the above I have to take those two values from @ValidateAction and send a request to another authorization server to authorize the action if the user have access to it (request contains oauth access token that will be used to authorize) and return true if the user have access otherwise throw AcceeDenied exception. Can anybody point me in the right direction of doing it in Spring boot environment

like image 252
user09 Avatar asked May 30 '18 14:05

user09


People also ask

Which annotation can be used with controller?

The @Controller annotation indicates that a particular class serves the role of a controller. Spring Controller annotation is typically used in combination with annotated handler methods based on the @RequestMapping annotation.

Which annotation is used to direct a request to the proper controller method?

The @RequestParam annotation is used to bind request parameters to a method parameter in your controller.

Which annotation is used for handling request from client in controller?

annotation. RequestMapping annotation is used to map web requests onto specific handler classes and/or handler methods. @RequestMapping can be applied to the controller class as well as methods.

What annotation is used to accept an object in the parameters of a method in controller?

2.4 Binding request parameters to method parameters with @RequestParam. Use the @RequestParam annotation to bind request parameters to a method parameter in your controller.


2 Answers

Best way to achieve this is using Spring AOP Aspects.

Let us assume you have an Annotation like this

@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface ValidateAction {

  String resource();
  String release();
}

Then write an Aspect like this

@Aspect
@Component
public class AspectClass {

  @Around(" @annotation(com.yourpackage.ValidateAction)")
  public Object validateAspect(ProceedingJoinPoint pjp) throws Throwable {
    MethodSignature signature = (MethodSignature) pjp.getSignature();
    Method method = signature.getMethod();

    ValidateAction validateAction = method.getAnnotation(ValidateAction.class);
    String release = validateAction.release();
    String resource = validateAction.resource();


    // Call your Authorization server and check if all is good
    if( hasAccess)
      pjp.proceed();

    .......
  }
}

Control will come to validateAspect method when any method which is annotated with @ValidateAction is called. Here you capture the annotation values as shown and do the necessary check.

Make sure you have the right dependency needed and these imports

import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.stereotype.Component;
import java.lang.reflect.Method;
like image 143
pvpkiran Avatar answered Oct 25 '22 02:10

pvpkiran


You can do it with Spring AOP:

First, add spring-aop dependency:

compile 'org.springframework.boot:spring-boot-starter-aop' // Mine using gradle

In your @Configuration class, add @EnableAspectJAutoProxy:

@Configuration
@EnableAspectJAutoProxy
public class Application {
   ....
}

Create an annotation handler:

@Aspect
@Component // This @Component is required in spring aop
public class ValidateActionHandler {
    @Around("execution(@your.path.ValidateAction * *(..)) && @annotation(validateAction)")
    public Object doValidate(ProceedingJoinPoint pjp, ValidateAction retryConfig) throws Throwable {
       // Your logic here
       // then
       return pjp.proceed();
    }
}
like image 34
Mạnh Quyết Nguyễn Avatar answered Oct 25 '22 02:10

Mạnh Quyết Nguyễn