Make simple servlet filter work with @ControllerAdvice Make simple servlet filter work with @ControllerAdvice spring spring

Make simple servlet filter work with @ControllerAdvice


spring filter exception-handling spring-security spring-boot

As specified by the java servlet specification Filters execute always before a Servlet is invoked. Now a @ControllerAdvice is only useful for controller which are executed inside the DispatcherServlet. So using a Filter and expecting a @ControllerAdvice or in this case the @ExceptionHandler, to be invoked isn't going to happen.

You need to either put the same logic in the filter (for writing a JSON response) or instead of a filter use a HandlerInterceptor which does this check. The easiest way is to extend the HandlerInterceptorAdapter and just override and implement the preHandle method and put the logic from the filter into that method.

public class ClientKeyInterceptor extends HandlerInterceptorAdapter {    @Value('${CLIENT_KEY}')    String clientKey    @Override    public boolean preHandle(ServletRequest req, ServletResponse res, Object handler) {        String reqClientKey = req.getHeader('Client-Key')        if (!clientKey.equals(reqClientKey)) {          throw new AccessForbiddenException('Invalid API key')        }        return true;    }}

spring filter exception-handling spring-security spring-boot

You can't use @ControllerAdvice, because it gets called in case of an exception in some controller, but your ClientKeyFilter is not a @Controller.

You should replace the @Controller annotation with the @Component and just set response body and status like this:

@Componentpublic class ClientKeyFilter implements Filter {    @Value('${CLIENT_KEY}')    String clientKey    public void init(FilterConfig filterConfig) {    }    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {        HttpServletRequest request = (HttpServletRequest) req;        HttpServletResponse response = (HttpServletResponse) res;        String reqClientKey = request.getHeader("Client-Key");        if (!clientKey.equals(reqClientKey)) {            response.sendError(HttpServletResponse.SC_FORBIDDEN, "Invalid API key");            return;        }        chain.doFilter(req, res);    }    public void destroy() {    }}

spring filter exception-handling spring-security spring-boot

Servlet Filters in Java classes are used for the following purposes:

  • To check requests from client before they access resources at backend.
  • To check responses from server before sent back to the client.

Exception throw from Filter may not be catch by @ControllerAdvice because in may not reach DispatcherServlet. I am handling in my project as below:

protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)            throws IOException, ServletException {        String token = null;        String bearerToken = request.getHeader("Authorization");        if (bearerToken != null && (bearerToken.contains("Bearer "))) {            if (bearerToken.startsWith("Bearer "))                token = bearerToken.substring(7, bearerToken.length());            try {                AuthenticationInfo authInfo = TokenHandler.validateToken(token);                logger.debug("Found id:{}", authInfo.getId());                authInfo.uri = request.getRequestURI();                                AuthPersistenceBean persistentBean = new AuthPersistenceBean(authInfo);                SecurityContextHolder.getContext().setAuthentication(persistentBean);                logger.debug("Found id:'{}', added into SecurityContextHolder", authInfo.getId());                            } catch (AuthenticationException authException) {                logger.error("User Unauthorized: Invalid token provided");                raiseException(request, response);                return;            } catch (Exception e) {                raiseException(request, response);                return;            }

// Wrapping the error response

private void raiseException(HttpServletRequest request, HttpServletResponse response)        throws IOException, ServletException {    response.setContentType(MediaType.APPLICATION_JSON_VALUE);    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);    ApiError apiError = new ApiError(HttpStatus.UNAUTHORIZED);    apiError.setMessage("User Unauthorized: Invalid token provided");    apiError.setPath(request.getRequestURI());    byte[] body = new ObjectMapper().writeValueAsBytes(apiError);    response.getOutputStream().write(body);}

// ApiError class

public class ApiError {    // 4xx and 5xx    private HttpStatus status;    // holds a user-friendly message about the error.    private String message;    // holds a system message describing the error in more detail.    private String debugMessage;    // returns the part of this request's URL    private String path;    public ApiError(HttpStatus status) {      this();      this.status = status;    }   //setter and getters

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last