-
Notifications
You must be signed in to change notification settings - Fork 37.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
3 changed files
with
34 additions
and
37 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
45 changes: 20 additions & 25 deletions
45
...-docs/modules/ROOT/pages/web/webmvc/mvc-servlet/handlermapping-interceptor.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,34 +1,29 @@ | ||
[[mvc-handlermapping-interceptor]] | ||
= Interception | ||
|
||
All `HandlerMapping` implementations support handler interceptors that are useful when | ||
you want to apply specific functionality to certain requests -- for example, checking for | ||
a principal. Interceptors must implement `HandlerInterceptor` from the | ||
`org.springframework.web.servlet` package with three methods that should provide enough | ||
flexibility to do all kinds of pre-processing and post-processing: | ||
|
||
* `preHandle(..)`: Before the actual handler is run | ||
* `postHandle(..)`: After the handler is run | ||
* `afterCompletion(..)`: After the complete request has finished | ||
|
||
The `preHandle(..)` method returns a boolean value. You can use this method to break or | ||
continue the processing of the execution chain. When this method returns `true`, the | ||
handler execution chain continues. When it returns false, the `DispatcherServlet` | ||
assumes the interceptor itself has taken care of requests (and, for example, rendered an | ||
appropriate view) and does not continue executing the other interceptors and the actual | ||
handler in the execution chain. | ||
All `HandlerMapping` implementations support handler interception which is useful when | ||
you want to apply functionality across requests. A `HandlerInterceptor` can implement the | ||
following: | ||
|
||
* `preHandle(..)` -- callback before the actual handler is run that returns a boolean. | ||
If the method returns `true`, execution continues; if it returns `false`, the rest of the | ||
execution chain is bypassed and the handler is not called. | ||
* `postHandle(..)` -- callback after the handler is run. | ||
* `afterCompletion(..)` -- callback after the complete request has finished. | ||
|
||
NOTE: For `@ResponseBody` and `ResponseEntity` controller methods, the response is written | ||
and committed within the `HandlerAdapter`, before `postHandle` is called. That means it is | ||
too late to change the response, such as to add an extra header. You can implement | ||
`ResponseBodyAdvice` and declare it as an | ||
xref:web/webmvc/mvc-controller/ann-advice.adoc[Controller Advice] bean or configure it | ||
directly on `RequestMappingHandlerAdapter`. | ||
|
||
See xref:web/webmvc/mvc-config/interceptors.adoc[Interceptors] in the section on MVC configuration for examples of how to | ||
configure interceptors. You can also register them directly by using setters on individual | ||
`HandlerMapping` implementations. | ||
|
||
`postHandle` method is less useful with `@ResponseBody` and `ResponseEntity` methods for | ||
which the response is written and committed within the `HandlerAdapter` and before | ||
`postHandle`. That means it is too late to make any changes to the response, such as adding | ||
an extra header. For such scenarios, you can implement `ResponseBodyAdvice` and either | ||
declare it as an xref:web/webmvc/mvc-controller/ann-advice.adoc[Controller Advice] bean or configure it directly on | ||
`RequestMappingHandlerAdapter`. | ||
|
||
|
||
|
||
WARNING: Interceptors are not ideally suited as a security layer due to the potential for | ||
a mismatch with annotated controller path matching. Generally, we recommend using Spring | ||
Security, or alternatively a similar approach integrated with the Servlet filter chain, | ||
and applied as early as possible. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters