How to show different error jsp page by intercepting request on the JSP page in Spring MVC?

Question

I am working on Spring MVC controller project. I have different JSP pages around 7-8 jsp page.

People will make a call to these different JSP pages from different IP address, meaning from different different machines.

Now what I am trying to do is - I will intercept the call and extract the IP Address from it and if the IP Address is in our valid list, then only I will show the jsp page they are requesting otherwise I will show an error jsp page.

Now there is another tricky situation here. I don't want to do above check on all the JSP pages I have, I just want to do that only on two JSP page. Meaning if the people are requesting those two JSP pages, then only I will do the above check otherwise I don't want to do the above IP Address check.

Below are my two jsp code in which I need to have the above IP Address check. Meaning if people are requesting below jsp page from the IP Address which is not in our list, I would like to show an error jsp page.

Below is my testWorkflow.jsp -

@RequestMapping(value = "testWorkflow", method = RequestMethod.GET)
public @ResponseBody
ZookeeperResponse testWorkflow(@RequestParam("workflow") final String workflow,
    @RequestParam("conf") final String value, @RequestParam("dc") final String dc) {

    // if ipAddress is not in the valid list
    // then show error jsp page.

    // some code here related to my JSP page


    }

Below is my testOperation.jsp -

@RequestMapping(value = "testOperation", method = RequestMethod.GET)
public Map<String, String> testOperation() {

    // if ipAddress is not in the valid list
    // then show different error jsp page.

    // some code here related to my JSP page

    }

And below is the code I can use to extract the IP Address from the header -

//is client behind something?
String ipAddress = request.getHeader("X-FORWARDED-FOR");  
if (ipAddress == null) {  
   ipAddress = request.getRemoteAddr();  
}       

Now I am not sure what I should do to restrict the invalid ip address in making the call and show them the error jsp page if they are not valid. I need to show different error jsp page for the above two jsp page call.

Is this possible to do? And what is the best way to achieve this? I just started working with Spring MVC controller so not sure what the options I have and what is the best way for my problem?

Any suggestions and example will be of great help.

Note:-

I already have Valid IP Address list in the code itself. So I don't need to define those valid IP Address in a file or xml somewhere.

Answer 1

There is some thing simple and can solve your problem.

You can use an interceptor, it doesn't require any external module.

Code:

public class LoginInterceptor extends HandlerInterceptorAdapter {

public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String requestUri = request.getRequestURI();
        //Only check on several pages not all
        //Check if user is requesting the two JSP pages
        if (requestUri.startsWith(...)) {
        //Yes, user is requesting the two JSP
            if(/*Check if ip address is on the list*/) {
                //Yes, it is.
                 if (/*check sth else maybe?*/) {
                      //test passes
                      return true;
                 } else {
                      //test fails.
                      response.sendRedirect(request.getContextPath() + "error_1";
                       return false;
                 }
            } else {
                //oops, not on the list, redirect to error url
                response.sendRedirect(request.getContextPath() + "error_2";
                return false;
            }

        } else {
        //no need to check, just grant access
        return true;
        }
    }
}

Config is also simple:

<mvc:interceptors>
    <bean id="loginInterceptor" class="....LoginInterceptor" />
</mvc:interceptors>

Now, assume the user's ip address is not on the list, he or she is redirected to error page url (say abc.com/error_denied). Here, I assume you don't have a controller mapped to that url, then <mvc:view-controller path="/error_denied" view-name="error.jsp"/> will do the job :)