0

I am working on Spring MVC controller project. I have a JSP page which contains certain forms and people will type certain entries in it and then press submit button.

As soon as I hit this url on the browser, it will show the JSP page -

http://localhost:8080/testweb/testOperation

Now what I am supposed to do is - I will intercept the IP Address from the request header as soon as the above url is hit and if that IP Address is in my access list, then only I will show my actual jsp page otherwise I will show an error JSP page.

And I was reading about Spring MVC Handler Interceptors here but not sure how would I implement this in my example as this is my first time with Spring MVC so confuse little bit.

Now below is my code base - As soon as I hit this url on the browser -

http://localhost:8080/testweb/testOperation

It automatically goes to below method and then it shows me my testOperation jsp page on the browser and it works fine.

@RequestMapping(value = "testOperation", method = RequestMethod.GET)
public Map<String, String> testOperation() {
    final Map<String, String> model = new LinkedHashMap<String, String>();
    return model;
}

How would I do this using Spring MVC Handler Interceptors if possible at all?

Is this possible to do somehow?

Below is the code I use to extract IP Address from the header -

   String ipAddress = request.getHeader("X-FORWARDED-FOR");  
   if (ipAddress == null) {  
       ipAddress = request.getRemoteAddr();  
   }

   System.out.println(ipAddress);
tereško
  • 58,060
  • 25
  • 98
  • 150
john
  • 11,311
  • 40
  • 131
  • 251

1 Answers1

2

This should be possible to implement using either interceptors or servlet filters. Using an interceptor, the code would look somewhat like this:

@Component
public class IpCheckingInterceptor extends HandlerInterceptorAdapter {
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        // Your header-checking code
        String ipAddress = request.getHeader("X-FORWARDED-FOR");  
        if (ipAddress == null) {  
            ipAddress = request.getRemoteAddr();  
        }
        if (<ipAddress not OK>) {
            throw new ForbiddenException("You are not allowed to access this page");
        }
        return true;
    }
}

Depending on how your Spring app is configured, you may need to register the interceptor in your XML config, or it could get registered automatically based on conventions - some examples can be found here: Is it possible to wire a Spring MVC Interceptor using annotations?

Community
  • 1
  • 1
Michał Kosmulski
  • 9,855
  • 1
  • 32
  • 51
  • Thanks Michal for the help. One quick question after this preHandle method. What I should next to show my actual `testOperation jsp`. The part you gave me as an example makes sense but after that how do I make sure if the IP Address is in my ok list, then I should show `testOperation jsp`. Any thoughts? – john Apr 12 '14 at 16:03
  • Unless you do something "special", like throwing an exception, the request will proceed as usual, so if the client requested testOperation.jsp, and you don't throw the exception in interceptor, the client will see the page they requested. – Michał Kosmulski Apr 12 '14 at 16:25
  • Nice.. That's really cool. So basically this is just an interceptor in between so that call first goes to prehandle and if it succeeds then only it goes to my above code as I have in the question.. Right? – john Apr 12 '14 at 16:45
  • Cool.. So it is not specific to any JSP page right? Whatever page I am requesting, first call always goes to `preHandle` and then if it succeeds, next call goes to that particular page which I have requested. – john Apr 12 '14 at 21:23
  • Exactly. If you wanted to add such behavior to just one page, you could add the `HttpServletRequest` as a parameter to your request-handling method in controller and perform the IP-check there. – Michał Kosmulski Apr 12 '14 at 21:52
  • I want to do this for all the page and this is really cool thing. Thanks for letting me know.. Appreciated all your help. – john Apr 12 '14 at 22:12
  • It works fine for valid IP Address case. One last question, If the IP Address is not valid, I would like to show some error JSP page meaning you are not authorized to see this page. In your example you only have `ForbiddenException` which just get thrown. Is there any way I can show proper message to the user so that they can understand that they are not authorized to see this page? – john Apr 12 '14 at 22:58
  • You can create a method marked with `@ExceptionHandler` annotation to handle the exception and redirect to a specific view (your error page). You can find a nice explanation in this [Spring blog entry](http://spring.io/blog/2013/11/01/exception-handling-in-spring-mvc) – Michał Kosmulski Apr 13 '14 at 11:01
  • Thanks for suggestion. I am not sure how to use ExceptionHandler with interceptor scenario. Can you provide an example on this if possible? – john Apr 17 '14 at 21:36