0

I have a request scoped bean with a @PostConstruct annotated method that has some additional logic to check whether the client is authorized to call the endpoint. Due to constraints outside my control I have to perform this check. I would like ideally like to catch an exception within my code and return a 401 or 403 to the client but I'm under the impression that this would be impractical within the post construct method. Does anyone see a clean way I could do this without adding this security check to every method in the bean?

scriptkiddie
  • 41
  • 1
  • 5
  • 1
    The clean way *is* to add security check to all handler methods that need the check, e.g. by having them call a `private` method that does the actual check, e.g. named `checkSecurity` or `verifyAuthorized` or something like that. The methods may not even need the same *level* of authorization, so the level could be a parameter to the method. Maybe you even have other classes that needs such a check, so moving the method to a shared helper class would be prudent. – Andreas Nov 30 '19 at 01:45
  • 4
    Learn about interceptors – Kukeltje Nov 30 '19 at 08:05

0 Answers0