1

I have some controllers in which some methods annotated with request mapping are expecting request param of codes (list of string) and I want to authorize those list of codes to check if the current user has access to all the codes in the list and filter on those. What I want is to create a generic filter for those controllers I cannot apply this with URL mapping. Is there a way to create a filter and apply an annotation to only some methods(Request Mapping)?

Another question is it OK to keep list of 600 codes in session or is a db call more appropriate? I am expecting these authorization of codes calls frequently (user can view (more frequent), update(less frequent) of the data associated with codes)

Update:

For example I have two methods :

@RequestMapping(value="/getInfo")
public void viewInfo(@RequestParam("codes") List<String> codes)

@RequestMapping(value="/getDetailInfo")
public void getDetailInfo(@RequestParam("codes") List<String> codes)

Now if I want to validate the codes I have to put validation logic in both method what i want is to write a filter/Interceptors to check if user has access to see all the codes in the list I can user url mapping to intercept the request I was asking that is there a generic way that I can use on method to validate the codes without adding url mapping.

Nicholas K
  • 15,148
  • 7
  • 31
  • 57
Haider
  • 615
  • 1
  • 16
  • 38

1 Answers1

1

Creating Spring Filters

This thread might help:

Example of registering a HandlerInterceptor to a given path pattern (complete example in the link above):

@EnableWebMvc
@Configuration
public class WebConfig extends WebMvcConfigurerAdapter {

    @Bean
    SessionManager getSessionManager() {
         return new SessionManager();
    }

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(getSessionManager())
        .addPathPatterns("/**")
        .excludePathPatterns("/resources/**", "/login");
     // assuming you put your serve your static files with /resources/ mapping
     // and the pre login page is served with /login mapping
    }
}

Storing values returned by a function call

You can easily keep your list of codes (without having to store it in the session) using Caching.

This way, the first call of your function to retrieve the codes will hit the database and be saved in cache. Subsequent calls won't go all the way to the database, but use the value stored in your cache, as long as it is alive.

Gustavo Passini
  • 2,348
  • 19
  • 25
  • agreed with second answer but for filter i know how to create filter but don't know how can i add it to some request mapping methods? – Haider Sep 10 '18 at 06:33
  • Hi @Haider. I updated my answer. In the links I posted for the first part there are examples for how to limit the Filter (more precisely, a HandlerInterceptor) to a path pattern. I copied one of the examples in the answer. I hope it helps! – Gustavo Passini Sep 11 '18 at 11:26