Class RequestWardInterceptor
- All Implemented Interfaces:
org.springframework.web.servlet.AsyncHandlerInterceptor,org.springframework.web.servlet.HandlerInterceptor
The following rules apply:
- A request must be of type POST, PUT, PATCH or DELETE in order to be considered as potentially modifying a session.
- The request must target a controller method that has a parameter annotated with
AquimaSessionId. - If the controller method is annotated with
RequestWard.validate()= false, verification is skipped - A modification request for a session will always generate a new request ward and send it in the response headers, even if request ward verification is skipped for that controller method
The X-Request-Ward header is used both for sending the request ward from the back-end to the front-end (in the response) and from the front-end to the back-end (in the request). For multipart requests, the front-end may also send the request ward as a request parameter named X-Request-Ward. This exception is made because not all front-ends support adding headers to multipart requests (eg. when what should be an AJAX file upload is simulated with a form inside a hidden iframe on older browsers).
If request ward verification fails, this interceptor will send an HTTP 400 Bad Request response and the targeted
controller method will no longer be called. The error response body also contains a JsonError with
JsonError.getErrorType() = ErrorType.INVALID_REQUEST_WARD. A failed request ward verification
typically indicates that the session state is desynchronized between the front-end and the back-end. In this case,
the front-end should refresh the state (e.g. the user should refresh the page). The title and message in the
JsonError are internationalized. The message keys are:
- Since:
- 11.0
- Author:
- Petru Galanton
-
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionRequestWardInterceptor(com.blueriq.component.api.IAquimaSessionsMap sessionManager, org.springframework.web.multipart.MultipartResolver multipartResolver, BlueriqSessionProperties properties) -
Method Summary
Methods inherited from class com.aquima.web.session.AbstractSessionAwareRequestHandler
extractEffectiveFlushMode, extractSessionId, getSession, getSession, getSessionManagerMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.springframework.web.servlet.AsyncHandlerInterceptor
afterConcurrentHandlingStartedMethods inherited from interface org.springframework.web.servlet.HandlerInterceptor
afterCompletion, postHandle
-
Field Details
-
REQUEST_WARD_HEADER
The name of the header checked by this interceptor for the presence and correctness of the request ward.- See Also:
-
INVALID_TITLE_KEY
The message key for the error message title.- See Also:
-
INVALID_MESSAGE_KEY
The message key for the error message itself.- See Also:
-
-
Constructor Details
-
RequestWardInterceptor
public RequestWardInterceptor(com.blueriq.component.api.IAquimaSessionsMap sessionManager, org.springframework.web.multipart.MultipartResolver multipartResolver, BlueriqSessionProperties properties)
-
-
Method Details
-
preHandle
public boolean preHandle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Object handler) throws Exception Description copied from class:AbstractSessionAwareInterceptorThis implementation always returnstrue.- Specified by:
preHandlein interfaceorg.springframework.web.servlet.HandlerInterceptor- Overrides:
preHandlein classAbstractSessionAwareInterceptor- Throws:
Exception
-
handleRequestWardException
@ExceptionHandler(RequestWardException.class) @ResponseStatus(BAD_REQUEST) @ResponseBody public JsonError handleRequestWardException(RequestWardException ex)
-