Reputation: 31
Validation of JWT token along with requestBody parameter in springBoot
I have an reactive spring boot application where I am having different controllers and all the controller having get, post, put, delete methods GET and DELETE method URI format => /{userName}/{others} and it's ensured that put and post method must have a field userid in their request body. Also All the request having an authorization header.
And I already have a method called validate that accepts 2 parameters authorizationHeader and userName and returns true if this mapping exists false if not.
I am trying to write generic filter can filter incoming request and validate before going to controller.
How can I write this generic webfilter especially how to extract body from post request and validate requests.
I tried writing this
@Component
@Slf4j
public class ExampleWebFilter implements WebFilter {
@Override
public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
ObjectMapper mapper = new ObjectMapper();
return serverWebExchange
.getRequest()
.getBody()
.next()
.flatMap(body -> {
try {
return validate(body, serverWebExchange
.geHeaders().get(0))
} catch (IOException e) {
return Mono.error(e);
}
})
.flatMap((boolean s) -> {
return webFilterChain.filter(serverWebExchange);
});
}
Mono<Boolean> validate(DataBuffer body, String Header){
//my logic to validate
}
}
But it seems it's hanging after this filter method executed. so my question is
- How can I write webfilter which will read body and validate?
- Is there any other generic solution available for this type of problem in spring-boot?
Upvotes: 1
Views: 2236
Answers (1)
Reputation: 594
I think you should use Interceptors. You can intercept the http call, and make your validations on the request. You can do this as global or you can do this for specific endpoints/paths. Here is a example for your case.
@Component
public class ProductServiceInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(
HttpServletRequest request, HttpServletResponse response, Object handler) throws
Exception {
return true;
}
@Override
public void postHandle(
HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
//make validations
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response,
Object handler, Exception exception) throws Exception {
//make validations
}
}
After this you need to register your interceptor like below.
@Component
public class ProductServiceInterceptorAppConfig extends WebMvcConfigurerAdapter {
@Autowired
ProductServiceInterceptor productServiceInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(productServiceInterceptor);
}
}
For more depth information you can visit the links below.
- https://www.youtube.com/watch?v=agBadIAx0Wc
- https://www.tutorialspoint.com/spring_boot/spring_boot_interceptor.htm
Upvotes: 1
Related Questions
- Is there any way to validate token before execution of rest api using spring
- How to configure spring boot to validate JWT token with call instropection endpoint of authorization server
- How to handle a valid JWT token with Spring Security?
- How to validate JWT by passing to custom auth server in spring boot
- How to validate tokens received from authorization server
- Authentication using jwt how to validate http requests
- Can I get the request parameter at authentication time with spring security?
- jwt validation in backend springboot
- Sending JWT Token in the body of response Java Spring
- JWT Token Security