0

Desired behaviour:

There is a Spring Boot Application that has a Controller which hosts an endpoint which will retrieve data (via HTTP call) through a separate service. However, it will need to pass along the Bearer token from the original headers in the original request.

Current Implementation:

A. There is a GenericFilter which will save the "Authorization" header into a bean instance.

    @Component
public class exampleFilter extends OncePerRequestFilter {

    @Autowired
    private POJO pojo;


    @Override
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
            FilterChain filterChain) throws ServletException, IOException {

        pojo.setAuthorization(httpServletRequest.getHeader("Authorization"));
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }
}

Issue:

Since the Authorization value is stored in a bean, it is not thread safe.
From online research, the pattern is to use a method variable in an HTTPServlet class' "doGet()" or "service()" method; however, this has not worked correctly for this issue.

Is that pattern still the right solution for this problem ? any suggestions on what should be ?

Thanks in advance!

C Chow
  • 3
  • 2
  • Changing the scope of your bean to prototype (one new instance for each injection) would help? https://www.baeldung.com/spring-bean-scopes – marcellorvalle Apr 04 '20 at 02:13
  • Thx! "Prototype" did not change the behaviour, as i believe the container only calls the POJO once. The "Request" scope seemed promising: it worked for my scenario described above, however, if the logic were to make multiple HTTP calls, the POJO is available in the first call, but NOT for subsequent ones. I am guessing because each HTTP call is a different Request scope. – C Chow Apr 06 '20 at 14:29

0 Answers0