'applying Aspect before spring security
i have a application that use spring security and JWT for Authorization And Authentication. here you can see my security config
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers().frameOptions().disable().and().
sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().
addFilter(new JwtUsernamePasswordAuthenticationFilter(authenticationManager(),jwtConfig,secretKey)).
addFilterAfter(new JwtTokenVerifier(secretKey,jwtConfig),JwtUsernamePasswordAuthenticationFilter.class).
httpBasic().and().authorizeRequests()
.antMatchers(HttpMethod.GET,"/usercomment/**").hasAuthority("canReadUser")
.antMatchers("/cartitem/**").hasAuthority("canReadUser")
.antMatchers("/userorder/**").hasAuthority("canReadUser")
.antMatchers("/userproduct/**").hasAuthority(USER_READ.name())
.antMatchers("/").permitAll()
.antMatchers("/h2-console/**").permitAll()
.and().csrf().disable();
}
i face the problem when i want to run my aspect class before spring security check the Authorization And Authentication for the controllers that I protected the URL in the configure method. for example i need my aspect here run before UserOrderController with url in configuration /userorder/** get checked
@Aspect
@Component
public class AuthorizationAndAuthenticationHanding {
@Before(value = "execution(* com.dev.userservice.controller.UserOrderController.*(..))")
public void before(){
System.out.println("hello");
}
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|