I’m currently migrating a project that is using Spring MVC without annotations to Spring MVC with annotations. This is causing less problems than expected but I did come across one issue.

In my project I have set up an access mechanisme. Whether or not a User has access to a certain view depends on more than just the role of the User (e.g. it also depends on the status of the entity, the mode (view/edit), …). To address this I had created an abstract parent controller which has a method hasAccess. This method calls also other methods like getAllowedEditStatuses which are here and there overridden by the child controllers.

The hasAccess method gets called from the showForm method (below code was minimized for your readability):

@Override
protected ModelAndView showForm(final HttpServletRequest request,
                                final HttpServletResponse response,
                                final BindException errors) throws Exception {
    Integer id = Integer.valueOf(request.getParameter("ID"));
    Project project = this.getProject(id);
    if (!this.hasAccess(project, this.getActiveUser())) {
        return new ModelAndView("errorNoAccess", "code", project != null ? project.getCode() : null);
    }
    return this.showForm(request, response, project, errors);
}

So, if the User has no access to the view then he gets redirected to an error page.

Now the ‘pickle’: how to set this up when using annotations. There no longer is a showForm or other method that is always called by the framework.
My (and maybe your) first thought was: simply call this method from within each controller before going to the view. This would of course work but I was hoping for a nicer, more generic solution (less code duplication). The only other solution I could think of is preceeding the hasAccess method with the @ModelAttribute annotation but this feels a lot like raping the framework :-).

Does anyone have a (better) idea?