Heee there,
right now I am totally stuck. I spend hours asking google but I haven't found any solution or approach yet. Maybe you guys can help me.
Some background information:
I am developing a microservice into an existing microservice infrastructure. I want to use spring boot and connect the service to our existing authentication service. There are plenty of other jax rs microservices which are already connected to it. I started with an authentication and an authorization filter. The authentication filter works perfectly.
The problem:
I want to use my own "Secured" annotation like in the other services. So there are some annotated resource methods in controllers like this example one:
@Secured({Role.ADMIN,...})
@RequestMapping(value = "/interfaces", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<ExportInvoiceInterfaceResponseRepListWrapper> getAll() {
...
}
so when the following filter gets triggered I want to read the roles of the annotated controller method. In jax rs I just used the Class ResourceInfo to do so. As you may know I can't use this class in a default spring boot setup. Is there any way to get the class "the spring boot way"?
public class AuthorizationFilter extends GenericFilterBean {
@Context
private ResourceInfo resourceInfo;
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
// Get the resource class which matches with the requested URL
// Extract the roles declared by it
Class<?> resourceClass = resourceInfo.getResourceClass();
List<Role> classRoles = extractRoles(resourceClass);
...
}
Any help would be awesome. Thank you in advanced.
Cheers Frank
