Home/ Questions/Q 3876246
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T22:21:34+00:00

I have a basic Spring MVC controller that looks like this: @Controller public void

  • 0

I have a basic Spring MVC controller that looks like this:

@Controller
public void MyController {
     @RequestMapping("/secret")
     public String show() {
         return "secret.jsp";
     }
}

I am going to have several similar URLs that can only be reached by signed-in users. Since this is a cross-cutting concern, I’d like to use AOP, and I’d like to make this work via annotations. In other words, I’d like to throw a @RequiresLogin annotation on every controller method that needs to be secret.

AnnotationMethodHandlerAdapter supports the concept of interceptors, which seems on the surface like the right way to go for this. However, I want to know which method is going to be invoked so that I can check it for my @RequiresLogin annotation. I see that there’s an “Object handler” parameter that’s passed in, but I’m not sure how to turn that into a Class and Method that will be invoked.

Ideas?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As axtavt writes correctly, Spring-AOP works well with controllers if using proxy-target-class. But there is also the possibility of using JDK proxies if you follow some (tedious) conventions:

    Working with interface-based @Controller classes

    A common pitfall when working with
    annotated controller classes happens
    when applying functionality that
    requires creating a proxy proxy for
    the controller object (e.g.
    @Transactional methods). Usually you
    will introduce an interface for the
    controller in order to use JDK dynamic
    proxies. To make this work you must
    move the @RequestMapping annotations
    to the interface     as the mapping
    mechanism can only “see” the interface
    exposed by the proxy. As an
    alternative, you may choose to
    activate proxy-target-class=”true” in
    the configuration for the
    functionality applied to the
    controller (in our transaction
    scenario in <tx:annotation-driven />).
    Doing so indicates that CGLIB-based
    subclass proxies should be used
    instead of interface-based JDK
    proxies. For more information on
    various proxying mechanisms see
    Section 7.6, “Proxying mechanisms”.

    Source: 15.3.2 Mapping requests with @RequestMapping

    • 0