Issue
I'm using spring-boot-starter-web
along with embedded-jetty
and starter-jersey
starter. The Jersey servlet context-path is configured in application.properties to serve from /api
. So all /api/.*
calls are handled over to Jersey.
Since I'm using starter-web
, the static content is being served from static/
directory as shown here:
All the resources listed under static/public/
can be accessed without any restrictions. But the resources under static/private
should be restricted and will be shown only if logged in.
To achieve this, I've written a filter:
@Component
@Order(1)
public static class PrivateContentFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
if (request.getRequestURI().matches(".*/static/private/.*")) {
// Check for authentication in the cookie and procceed
// The cookie is handed to an auth mirco-service, that does the actual validation.
}
}
}
But this filter is only reached when the path is api/.*
and not for the static content: /public/.*
nor for /private.*
. What am I missing here?
Solution
Everything that is under /static is the context / so your filter regex must look like this:
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
if (request.getRequestURI().matches("/private/.*")) {
System.out.println("private");
} else {
System.out.println("public");
}
filterChain.doFilter(servletRequest, servletResponse);
}
Answered By - Simon Martinelli