While designing RESTful web services in a Spring-based web application, we may have a requirement that some web services should be allowed to run only from specific IP addresses. Spring framework provides a simple procedure to verify if the incoming IP address in available in the whiteList Address list or not.
Following are the steps that we have to follow to achieve our goal:
Step1: Create an annotation which should be available for reflections at runtime:
@Retention(RetentionPolicy.RUNTIME) public @interface RestrictIp { }@RequestMapping( value ="test" ,method = RequestMethod.POST ,produces = "application/json", headers = "Accept=application/json" ) @RestrictIp public @ResponseBody TestRequest cardUpdate(@RequestBody(required=false) String request) { //return response; }
Step2: Define a spring interceptor and apply the check to a whitelist IP address:
package com.test; import java.util.ArrayList; import java.util.HashSet; import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.log4j.Logger; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import antlr.collections.List; public class RestrictAccessInterceptor extends HandlerInterceptorAdapter{ @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { if (handler instanceof HandlerMethod) { HandlerMethod method = (HandlerMethod)handler; if (method.getMethodAnnotation(RestrictIp.class)!=null) { //add your ip check here. This will execute only for those classes Having RestrictIp annotation. }} return accessAllowed; } }
The above code in bold will execute only for those methods having RestrictIp annotation. Inside this you , an check the incoming IP address and can decide whether to allow it or not.
Step 3: Add your interceptor inside applicationContext.xml file: Demo applicationContext.xml:
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:p="http://www.springframework.org/schema/p" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd"> <context:component-scan base-package="com.mm.webhook,com.mm.lev8" /> <context:annotation-config /> <mvc:annotation-driven /> <mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**" /> //your interceptor class complete path here <bean class="com.test.RestrictAccessInterceptor"> </bean> </mvc:interceptor> </mvc:interceptors> <context:component-scan base-package="com.test" /> </beans>