Spring AOP
Our Messages App is a simplified demo application. It doesn't have many features that a typical web application should have. For example, it lacks security checking. Currently, we allow anyone to post messages via the/messages
(POST
) API. A simple fix is to add security check logic inside the API handler, theMessageController.saveMessage()
method, as follows:
public ResponseEntity<Message> saveMessage(@RequestBody MessageData data) { checkSecurity(); ... } private void checkSecurity() throws NotAuthorizedException { // Do security checking ... }
Inside thesaveMessage()
method, we invoke thecheckSecurity()
method immediately and, if the request is not authorized,NotAuthorizedException
will be thrown.
Note
Our Messages App doesn't have a user system. Hence, we cannot check whether a request is from an authenticated user. However, there are still several types of security checking we can perform here. For example, we can only allow requests coming from a specific IP address...