rstoyanchev
2 years ago
3 changed files with 34 additions and 37 deletions
@ -1,34 +1,29 @@
@@ -1,34 +1,29 @@
|
||||
[[mvc-handlermapping-interceptor]] |
||||
= Interception |
||||
|
||||
All `HandlerMapping` implementations support handler interceptors that are useful when |
||||
you want to apply specific functionality to certain requests -- for example, checking for |
||||
a principal. Interceptors must implement `HandlerInterceptor` from the |
||||
`org.springframework.web.servlet` package with three methods that should provide enough |
||||
flexibility to do all kinds of pre-processing and post-processing: |
||||
|
||||
* `preHandle(..)`: Before the actual handler is run |
||||
* `postHandle(..)`: After the handler is run |
||||
* `afterCompletion(..)`: After the complete request has finished |
||||
|
||||
The `preHandle(..)` method returns a boolean value. You can use this method to break or |
||||
continue the processing of the execution chain. When this method returns `true`, the |
||||
handler execution chain continues. When it returns false, the `DispatcherServlet` |
||||
assumes the interceptor itself has taken care of requests (and, for example, rendered an |
||||
appropriate view) and does not continue executing the other interceptors and the actual |
||||
handler in the execution chain. |
||||
All `HandlerMapping` implementations support handler interception which is useful when |
||||
you want to apply functionality across requests. A `HandlerInterceptor` can implement the |
||||
following: |
||||
|
||||
* `preHandle(..)` -- callback before the actual handler is run that returns a boolean. |
||||
If the method returns `true`, execution continues; if it returns `false`, the rest of the |
||||
execution chain is bypassed and the handler is not called. |
||||
* `postHandle(..)` -- callback after the handler is run. |
||||
* `afterCompletion(..)` -- callback after the complete request has finished. |
||||
|
||||
NOTE: For `@ResponseBody` and `ResponseEntity` controller methods, the response is written |
||||
and committed within the `HandlerAdapter`, before `postHandle` is called. That means it is |
||||
too late to change the response, such as to add an extra header. You can implement |
||||
`ResponseBodyAdvice` and declare it as an |
||||
xref:web/webmvc/mvc-controller/ann-advice.adoc[Controller Advice] bean or configure it |
||||
directly on `RequestMappingHandlerAdapter`. |
||||
|
||||
See xref:web/webmvc/mvc-config/interceptors.adoc[Interceptors] in the section on MVC configuration for examples of how to |
||||
configure interceptors. You can also register them directly by using setters on individual |
||||
`HandlerMapping` implementations. |
||||
|
||||
`postHandle` method is less useful with `@ResponseBody` and `ResponseEntity` methods for |
||||
which the response is written and committed within the `HandlerAdapter` and before |
||||
`postHandle`. That means it is too late to make any changes to the response, such as adding |
||||
an extra header. For such scenarios, you can implement `ResponseBodyAdvice` and either |
||||
declare it as an xref:web/webmvc/mvc-controller/ann-advice.adoc[Controller Advice] bean or configure it directly on |
||||
`RequestMappingHandlerAdapter`. |
||||
|
||||
|
||||
|
||||
WARNING: Interceptors are not ideally suited as a security layer due to the potential for |
||||
a mismatch with annotated controller path matching. Generally, we recommend using Spring |
||||
Security, or alternatively a similar approach integrated with the Servlet filter chain, |
||||
and applied as early as possible. |
||||
|
||||
|
||||
Loading…
Reference in new issue