Contents
What is AOP?
AOP allows modularization of concerns. These concerns are common concerns for all applications. And codes to mitigate such concerns are generally spread across all ports of an application. Such covers are often called cross cutting concerns. Examples of such concerns are transaction management, logging or security that cut across multiple types and objects. AOP is implemented in java in AspectJ. Spring's AOP annotation enables us to inject aspects in spring. Read the spring documentation to know more about spring’s AOP.
Around Advice in AOP?
In this blog post today I will explain how you can leverage Aspect Oriented Programming (AOP) in Java spring, to handle exceptions. There are different ways to apply AOP in Java, they are called advice. Most powerful advice type is Around Advice. Around Advice surrounds a join point such as a method invocation. Around advice can perform custom behaviour before and after the method invocation.
How to use Around Advice in spring security Filter?
Spring comes with lots of magic that does things for developers. One of them is a spring security filter chain. Sometimes when the incoming requests fail in the springs security filter chain we would like to handle errors scenarios raised by springs security filter chain and would like to return a customized response. We need to be able to catch the raised exceptions and modify the error message. This blog shows how we can do that using AspectJ annotations. See the code example below.
package com.mycomp.myproject.config;
import javax.servlet.http.HttpServletResponse;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.http.HttpStatus;
import org.springframework.security.web.firewall.RequestRejectException;
import org.springframework.stereotype.Component;
@Astpect
@Component
public class MyProxyAdvice {
@Around("execution(public void org.springframework.security.web.FilterChainProxy.doFilter(..))")
public handleException( ProceedingJoinPoint pjp) throws Throwable {
try{
pjp.proceed();
} catch( RequestRejectException e) {
HttpServletResponse resp = ( HttpServletResponse )pjp.getArgs()[1];
resp.setStatus(<your custom status as int>);
resp.getWriter().writer(e.getMessage());
}
}
}This Advice catches the request reject exception that arises in org.springframework.security.web.FilterChainProxy.doFilter method in the security filter chain. Then it provides a custom return code and error message.
You need to add the below dependency module in pom.xml to use aspectJ.
<!-- https://mvnrepository.com/artifact/org.aspectj/aspectjweaver -->
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<version>1.9.4</version>
</dependency>