How @RequestBody can handle encrypted jSON structure in request

Question

I have a requirement, a JSON will be encrypted and added in request body from rest client. At server Side, I have a REST API with this method.

createOrder(@RequestBody(required = true) final OrderDTO item), @RequestParam(required = false) final String flag) {.....}

The architecture is using Spring.

Now What can be done to decrypt the incoming JSON so that @RequestBody can assign it properly into OrderDTO.

plz help in detail as early as possible.

1) if Filter can be used or some other mechanism ?

2) The method createOrder() only the @RequestBody parameter will be encrypted. rest of the parameters will be sent from client as plaintext.

Answer 1

You need to write a custom HttpMessageConverter. The HttpMessageConverter API is responsible for converting beans to & from HTTP entities (query parameters, request body etc.)

You will need to write a Converter which decrypts the JSON and passes it to Jackson or similar.

See

• Spring docs, 1.11.7. Message Converters
• A tutorial on how to Configure HttpMessageConverter in Spring (www.baeldung.com)

(You could also accept the request body as a String and decrypt and deserialize it in the controller method body. That might be "ugly", but will probably be simpler and quicker.)

Answer 2

You need to intercept the incoming HttpServletRequest.
The only way you can do that is by registering a Filter, and wrapping the actual HttpServletRequest with a custom implementation of HttpServletRequestWrapper.

You can override the getReader() method and provide your BufferedReader.
The BufferedReader could be constructed using a StringReader containing the decrypted request body (you need to entirely read the original BufferedReader first).

@Rich approach is more appropriate.