2

I have the following spring security configuration:

 <security:http>
   ......
     <security:intercept-url pattern="/auth/**"  access="ROLE_ADMIN"/>
   ......... 
</security:http>

I would like to log every case when "ROLE_ADMIN" user hits any of "/auth/**" URL pattern.

Can I put some kind of interceptor on this pattern?

danny.lesnik
  • 18,479
  • 29
  • 135
  • 200

1 Answers1

1

I had to do the same thing. Use an @Aspect which fires for every execution of a handler method in your /auth/ controller. Annotate the class as a @Component so its a Spring bean, add the AspectJ @Aspect annotation, and you can then inspect the JoinPoint for whatever the user is doing - method signature, objects, etc. Write whatever you find to an audit table.

See http://static.springsource.org/spring/docs/current/reference/aop.html for full details. I would think a @Before or @After would work for your purposes.

atrain
  • 9,139
  • 1
  • 36
  • 40
  • yes I'm familiar with SPRING AOP and I understand that I can use it, but I just wonder if I can use some kind of interceptor to solve it. – danny.lesnik Jul 25 '11 at 07:46
  • Just addressed the interceptor question: http://stackoverflow.com/questions/6781396/spring-responseentity/6783872#comment-8096826 – atrain Jul 25 '11 at 13:13