Spring 启动请求 Header 验证

Question

I am using Spring Boot 2.3.8 for creating rest services. I have a requirement to validate the request headers such that it should have certain headers otherwise throw error. This should be common for all the methods or services. I tried below,

public ResponseEntity<Object> addEmployee(
        @RequestHeader(name = "header1", required = true) String header1,
        @RequestHeader(name = "header2", required = true) String header2,
        @RequestBody Employee employee) 
                 throws Exception 
    { 

But I need to add this for all the methods in all the controllers. If this is the case how can I throw an error like "Header1 missing in request headers" / "header2 missing in request headers" for all the services globally?

Answer 1

If you have Zuul in place then you can read the request header attributes there in pre route and on validation failure reply back to the request with error populated.

Answer 2

This is a cross-cutting concern and should be done using AOP . Since you're using Spring , you can do the following:

1. Create an annotation called ValidateHeaders :

   public @interface ValidateHeaders {}

2. Create a @Before advice that intercepts methods annotated with @ValidateHeaders :

    @Before("@annotation(com.somepackage.ValidateHeaders)") public void controllerProxy(JoinPoint jp) { Object[] args = jp.getArgs(); //validation logic, throw exception if validation fails }

Note that you'll have to extract the fields using reflection as:

Annotation[][] pa = ms.getMethod().getParameterAnnotations();

You can iterate through all the annotations and search for request headers as:

if(annotations[i][j].annotationType().getName().contains("RequestHeader")) {
    RequestHeader requestHeader = (RequestHeader) m.getParameterAnnotations()[i][j];
    //now access fields in requestHeader to do the validation
}

Here's an article that can get you started with Advice types: https://www.baeldung.com/spring-aop-advice-tutorial

Answer 3

For global use you can register an interceptor.

@Component
public class MyHandlerInterceptor implements HandlerInterceptor {
    
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object object, Exception arg3) throws Exception {
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object object, ModelAndView model) throws Exception {
    }

   @Override
   public boolean preHandle(HttpServletRequest request,
   HttpServletResponse response, Object handler) throws Exception {

    
    //here check headers contained in request object
    if (request.getHeader("header1") == null || request.getHeader("header2") == null) {
      response.getWriter().write("something");
      response.setStatus(someErrorCode);

      return false;
   }

   return true;
} 

And then register it

@Configuration
public class WebMvcConfig implements WebMvcConfigurer {

@Autowired
private MyHandlerInterceptor interceptor;

@Override
public void addInterceptors(InterceptorRegistry registry) {
    registry.addInterceptor(interceptor).addPathPatterns("/**");
 }
}

Answer 4

This is what filters are for. You want to filter out requests based on a header being there or not and return an error if its missing. Extend OncePerRequestFilter optionally override shouldNotFilter if you do not want it to be used for all request OR you could implement a normal Filter and use FilterRegistrationBean to register it only for a specific path.

then in the filter you could throw an exception and let Spring figure out how to display that, or actually set the response to something meaningful.