0

I have multiple HttpSecurity instances one for RESTFul api URL’s that start with /api/ and one for form based login. I also have 2 dispatcher one for normal request and other for rest API call. But do I need two ?

@Bean
    public ServletRegistrationBean dispatcherRegistration(DispatcherServlet dispatcherServlet) {
        ServletRegistrationBean registration = new ServletRegistrationBean(dispatcherServlet);
        registration.addUrlMappings("/api/*", "/");
        return registration;
    }

My REST Controller 

@RestController
@RequestMapping("/cm/dealer")
public class DealerController {
    @Autowired
    DealerMgmt dealerMgmt;

    @RequestMapping(value = "/findByDealerStatus", method = RequestMethod.GET)
    public Page<Dealer> findByDealerStatus(@RequestParam int page, @RequestParam("dealerStatus") String dealerStatus) {        
        Page<Dealer> dealers = dealerMgmt.isEditable(dealerMgmt.findByDealerStatus(page, dealerStatus));
        return dealers;
    }
}

But this REST controller is accessible by both dispatcher. But I want only to be accessible by the one with /api/

/api/cm/dealer/findByDealerStatus
/cm/dealer/findByDealerStatus

Should I have only one default dispatcher and annotate my REST controller to @RequestMapping("/api/cm/dealer") is that the correct way ? or what is the correct way to do it.

Mukun
  • 1,756
  • 10
  • 30
  • 57

1 Answers1

0

You will have to have two separate servlets added, right now you have mapped a single dispatcher servlet 2 path mapping.

Extend AbstractAnnotationConfigDispatcherServletInitializer 

 public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

  @Override
  public void onStartup(ServletContext servletContext) throws ServletException

   ..

  ServletRegistration.Dynamic dispatcher = servletContext.addServlet(
   "dispatcher",
   new DispatcherServlet(dispatcherContext));
  dispatcher.setLoadOnStartup(1);
  dispatcher.addMapping("/");

  ServletRegistration.Dynamic dispatcher = servletContext.addServlet(
   "apidispatcher",
   new DispatcherServlet(dispatcherContext));
  dispatcher.setLoadOnStartup(1);
  dispatcher.addMapping("/api");

 //
 }

 }

or 

@Bean
    public ServletRegistrationBean apiDispather() {
        DispatcherServlet dispatcherServlet = new DispatcherServlet();

        AnnotationConfigWebApplicationContext applicationContext = new AnnotationConfigWebApplicationContext();
        applicationContext.register(ResourceConfig.class);
        dispatcherServlet.setApplicationContext(applicationContext);

        ServletRegistrationBean servletRegistrationBean = new ServletRegistrationBean(dispatcherServlet, "/api/");
        servletRegistrationBean.setName("apiDispather");
        return servletRegistrationBean;
    }

@Bean
    public ServletRegistrationBean dispather() {
        DispatcherServlet dispatcherServlet = new DispatcherServlet();

        AnnotationConfigWebApplicationContext applicationContext = new AnnotationConfigWebApplicationContext();
        applicationContext.register(WebConfig.class);
        dispatcherServlet.setApplicationContext(applicationContext);

        ServletRegistrationBean servletRegistrationBean = new ServletRegistrationBean(dispatcherServlet, "/");
        servletRegistrationBean.setName("dispather");
        return servletRegistrationBean;
    }
kuhajeyan
  • 10,727
  • 10
  • 46
  • 71
  • Does this ensure a call to /cm/dealer/findByDealerStatus is not allowed for my REST Controller ? – Mukun Oct 29 '16 at 06:47