Reputation: 26874
Performing custom authorization in Spring annotated controller
I'm getting started at building REST APIs with Spring annotated controllers.
My question is very simple: how to perform authentication/authorization in a common place rather than the APIs?
Being an expert C# developer I usually create a custom FilterAttribute for my controllers in order to implement any required authentication code.
I'm not going to use @Secured attribute because I work on custom REST authorization based on custom HTTP headers. I have understood that @Secured works with predefined roles, or perhaps I didn't understand its usage well.
Does Spring offer annotations to perform early filtering of Controllers working on the HttpRequest?
Upvotes: 0
Views: 925
Answers (1)
Reputation: 28746
There is a filter-based authentication and authorization plugin at the web container level, provided by Spring Security. However, you can also apply security annotations to the controllers. . . Behind the scenes this uses Aspect Oriented programming to modularize the security concern. Take a look at Spring Security and AOP.
Once you understand a little about the AOP side of things you can customize the authorization however you like - role-based, time of day, whatever - this can be driven by custom annotations.
Upvotes: 1
Related Questions
- How to add a custom security annotation to Spring MVC controller method
- Custom Annotation for Authorization
- Spring security with @RestController - JSONish CustomAuthenticationProvider response
- Authorizing methods in Spring MVC Controller
- Spring MVC custom authorization/security for controller methods
- Spring custom Authorization not working using @PreAuthorize
- Implementing A Controller for Authorization
- Spring MVC authorization in REST resources
- Custom authorization in Spring MVC
- Custom authentication in Spring