Interceptors
You can register interceptors to apply to incoming requests, as the following example shows:
@Configuration
public class WebConfiguration implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new LocaleChangeInterceptor());
//registry.addInterceptor(new ThemeChangeInterceptor()).addPathPatterns("/**").excludePathPatterns("/admin/**");
}
}| Interceptors are not ideally suited as a security layer due to the potential for a mismatch with annotated controller path matching, which can also match trailing slashes and path extensions transparently, along with other path matching options. Many of these options have been deprecated but the potential for a mismatch remains. Generally, we recommend using Infra Security which includes a dedicated MvcRequestMatcher to align with Web MVC path matching and also has a security firewall that blocks many unwanted characters in URL paths. |
The XML config declares interceptors as MappedInterceptor beans, and those are in
turn detected by any HandlerMapping bean, including those from other frameworks.
By contrast, the Java config passes interceptors only to the HandlerMapping beans it manages.
To re-use the same interceptors across Web MVC and other framework HandlerMapping
beans with the MVC Java config, either declare MappedInterceptor beans (and don’t
manually add them in the Java config), or configure the same interceptors in both
the Java config and in other HandlerMapping beans.
|