Spring boot: How to add interceptors to static resources?

Question

I have several folders in /static/img/** and I need to add interceptors to some of them to check user permissions. I've used interceptors earlier and added them this way:

@SpringBootApplication
@EnableTransactionManagement
public class Application extends WebMvcConfigurerAdapter {

  ...

  @Override
  public void addResourceHandlers(ResourceHandlerRegistry registry) {
    registry
      .addResourceHandler("/static/**")
      .addResourceLocations("classpath:/static/");
  }

  @Bean
  public AuthHeaderInterceptor authHeaderInterceptor() {
    return new AuthHeaderInterceptor();
  }

  @Bean
  public AuthCookieInterceptor authCookieInterceptor() {
    return new AuthCookieInterceptor();
  }

  @Override
  public void addInterceptors(InterceptorRegistry registry) {
    registry
      .addInterceptor(authHeaderInterceptor())
      .addPathPatterns(REST_URL)
      .excludePathPatterns(
        new String[] {
          REST_SECURITY_URL,
          REST_SETTINGS_URL,
          REST_REPORTS_URL
        }
      );

    registry
      .addInterceptor(authCookieInterceptor())
      .addPathPatterns(REST_REPORTS_URL);
  }
}

All works fine for rest controllers and their URLs, but now I need to secure some static resources and I added this:

@SpringBootApplication
@EnableTransactionManagement
public class Application extends WebMvcConfigurerAdapter {

  ...

  @Bean 
  public RoleAdminInterceptor roleAdminInterceptor() {
    return new RoleAdminInterceptor();
  }

  @Override
  public void addInterceptors(InterceptorRegistry registry) {
    registry
      .addInterceptor(authHeaderInterceptor())
      .addPathPatterns(REST_URL)
      .excludePathPatterns(
        new String[] {
          REST_SECURITY_URL,
          REST_SETTINGS_URL,
          REST_REPORTS_URL
        }
      );

    //THIS NOT WORK
    registry
      .addInterceptor(roleAdminInterceptor())
      .addPathPatterns("/static/img/admin/**");

    registry
      .addInterceptor(authCookieInterceptor())
      .addPathPatterns(REST_REPORTS_URL);
  }
}

Commented line doesn't work. When I send request to /static/img/admin/test.png RoleAdminInterceptor is never called.

What I'm doing wrong?

Answer 1

I know this is an old question, but since it's unanswered it might help others searching for it.

This is what worked for me:

1- Declare an interceptor class:

class RoleBasedAccessInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        AntPathMatcher matcher = new AntPathMatcher();
        String pattern = "/static/img/admin/**";

        String requestURI = request.getRequestURI();

        if (matcher.match(pattern, requestURI)) {
            //Do whatever you need 
            return validateYourLogic();
        }

        return true;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {

    }
}

2- Configure WebMvcConfigurer

public class WebMvcConfiguration implements WebMvcConfigurer {
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new RoleBasedAccessInterceptor());
    }
}