Spring interceptor does not add header to @RestController services

Question

Spring interceptor does not add header to @RestController services

I have the following interceptor:

public class SecurityInterceptor extends HandlerInterceptorAdapter {

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
        response.addHeader("X-Frame-Options", "DENY");
    }
}

I checked - spring calls it with every http retry.

I notice a strange thing. It works great for such controllers:

@Controller
public class AdminViewController {
    @GetMapping ("data")
    public String dataTemplate() {
        return "data";
    }
}

But it does not add the response header to the controller as follows:

@RestController
@RequestMapping(Constants.MY_API_URL)
public class DataServiceController {
     @PostMapping(value = "/mapping", consumes = "application/json")
     public ResponseEntity<Void> saveMapping(@RequestBody MappingDTO mapping, HttpServletRequest request) {
        ...
        return new ResponseEntity<>(CREATED);
    }
}

But I can explain this because the interceptor is calling.

How to add a title for all responses to a request?

+4

java spring http spring-mvc interceptor

gstackoverflow Feb 16 '18 at 9:37

source share

3 answers

HandlerInterceptorAdaptercannot work with methods @ResponseBodyand ResponseEntity, because they are processed HttpMessageConverter, which writes the answer to postHandle, which makes it difficult to change the answer.

ResponseBodyAdvice @ControllerAdvice, .

@ControllerAdvice
public class ResponseDTOFilterAdvice implements ResponseBodyAdvice<Object> {
    @Override
    public boolean supports(final MethodParameter returnType, final Class<? extends HttpMessageConverter<?>> converterType) {
        return true;
    }

    @Override
    public Object beforeBodyWrite(final Object body, final MethodParameter returnType, final MediaType selectedContentType,
        final Class<? extends HttpMessageConverter<?>> selectedConverterType, final ServerHttpRequest request,
        final ServerHttpResponse response) {
        if (body instanceof ResponseEntity) {
            ResponseEntity responseEntity = (ResponseEntity) body;
            responseEntity.getHeaders().add("X-Frame-Options", "DENY");
        }
        return body;
    }
}

+3

shazin 16 . '18 9:59

,

    @RestController
    @RequestMapping(Constants.MY_API_URL)
     public class DataServiceController {
    @PostMapping(value = "/mapping", consumes = 
     "application/json")
     public ResponseEntity<Boolean> 
     saveMapping(@RequestBody MappingDTO mapping) {
     .........
     ...........
     ......
      HttpHeaders headers = new HttpHeaders();
      headers.addHeader("X-Frame-Options", "DENY");
       return new ResponseEntity<Boolean>(true, headers, 
        HttpStatus.OK);
     }
      }

spring , . xframe

    http.headers().frameOptions().disable();

PostHandle HandlerInterceptor @ResponseBody ResponseEntity. HttpMessageConverter , postHandle, , , . ResponseBodyAdvice @ControllerAdvice bean RequestMappingHandlerAdapter.

https://mtyurt.net/post/spring-modify-response-headers-after-processing.html

Or

@gstackoverflow the mail owner is already finding a solution. We can send his decision.

+1

Sibin cms Feb 17 '18 at 18:50

source share

gstackoverflow · Accepted Answer · 2018-02-16T10:10:10+0000

It works, I created a filter:

public class SecurityFilter extends OncePerRequestFilter {
    @Override
    protected void doFilterInternal(HttpServletRequest httpRequest,
                                    HttpServletResponse httpResponse,
                                    FilterChain filterChain) throws ServletException, IOException {
        httpResponse.setHeader("X-FRAME-OPTIONS", "DENY");
        filterChain.doFilter(httpRequest, httpResponse);
    }
}

and registered:

@Configuration
public class SecurityConfiguration {
    @Bean
    public FilterRegistrationBean dawsonApiFilter() {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(new SecurityFilter());
        return registration;
    }
}

Spring interceptor does not add header to @RestController services

More articles: