Spring aspect around POST: Accessing the HTTPRequest to find the logged on user

StackOverflow https://stackoverflow.com/questions/17344857

  •  01-06-2022
  •  | 
  •  

Question

I've got an interface for restful service that I wrap with an Aspect.

@Path("/rs-service/")
public interface ServiceRSI 
{
  @Override
  @POST
  @Path("/lookupParam/")
  @Produces(MediaType.APPLICATION_XML)
  ParamValue getParamValue(GetParamValue request);
}

Then my XML aspect..

<aop:config>
    <aop:aspect id="auditLoggingAspect" ref="auditLogging">
        <aop:pointcut id="aspectA" expression="execution(* com.ServiceRSI.*(..))" />
               <aop:around pointcut-ref="aspectA" method="logRequest" />
             />
    </aop:aspect>
</aop:config>

What I want/need to do is log in the aspect who was the User that was authenticated to make this request. I'm using MessageDigest as part of my authentication.

Normally I'd access the HTTPRequest to find out the user that was authenticated when the call was made, but in this case that isn't passed to the method, so I can't intercept this in the aspect.

Can anyone suggest a way to get access to the authenticated user from within an aspect around a restufull call?

Thanks

Was it helpful?

Solution 2

Add to web.xml

<listener>  
  <listener-class>  
   org.springframework.web.context.request.RequestContextListener  
  </listener-class>  
</listener>
<listener>  
  <listener-class>
   org.springframework.web.context.ContextLoaderListener  
  </listener-class>  
</listener>

In the class you need access to it...

@Autowired
  private HttpServletRequest context;

Then some code... (in this case it extracts it from Message Digest loggon)

private String getAuthenticationUser()
  {
    String authorization = context.getHeader("authorization");
    if (authorization.startsWith("Digest response")) {
      String[] splits = authorization.split(",");
      for (String split : splits)
      {
        String[] splitKeyValue = split.trim().split("=");
        if(splitKeyValue[0].equalsIgnoreCase("username")) {
          authorization = splitKeyValue[1];
          authorization = authorization.replace("\"", "");
          break;
        }
      }
    }
    return authorization;
  }

OTHER TIPS

If you can access the information you need from the HttpServletRequest, then you could use the RequestContextHolder of Spring to get access to this information.

ServletRequestAttributes t = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();  
HttpServletRequest req = t.getRequest();

Does it help?

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top