Hi,
I would like to have a custom controller annotation that can check things before getting into the code. Something like PreAuthorize from org.springframework.security.access.prepost but which can take a custom Exception in parameter not just AccessDeniedException
The goal is to make all the check in the annotation to avoid having checks in the controller code. This would avoid code like
@ResponseStatus(HttpStatus.OK)
public ResponseType doSomething(InputType input) {
if (!service.canHandleInput(input)) {
throw new Exception(MyCustomException);
}
return service.doRealWork();
}
And to replace it by something like
@ResponseStatus(HttpStatus.OK)
@PreCheck("@service.canHandleInput(input)", MyCustomException)
public ResponseType doSomething(InputType input) {
return service.doRealWork();
}
Is there something like that already existing ?
If not and if you think it is a good idea I would be willing to work on it.
Thank you !
Comment From: philwebb
I suspect you might be able to use org.springframework.web.servlet.HandlerInterceptor to apply cross-cutting concerns. You might also be able to use aspect oriented programming to apply advisors to your @Controller beans.
I'll transfer this issue to the Framework team to see if they have any other suggestions or are interested in the annotation approach that you suggest.
Comment From: poutsma
As @philwebb has indicated, we have the handler interceptor for true cross-cutting concerns, and Spring AOP as well.
As for the approach suggested, I don't see any benefit in writing
@PreCheck("@service.canHandleInput(input)", MyCustomException)
public ResponseType doSomething(InputType input) {
return service.doRealWork();
}
instead of
public ResponseType doSomething(InputType input) {
service.canHandleInput(input);
return service.doRealWork();
}
I don't see how putting the logic on top of the method improves this sample. It increases the dependency to Spring, and replaces the sophisticated control flow of Java with an inferior alternative.