How to Intercept HTTP Request Response in Spring Boot

Interceptors in Spring are used to intercept client requests or responses before they are handled by the controller or before the response is sent back to the client. Interceptors are part of the Spring Web MVC framework and provide a way to add pre/post- processing logic to your application's request-response lifecycle. Realtime Use Cases of Interceptors Some of the the common use cases for interceptors include tasks, such as: Interceptors can be used to log HTTP requests and responses. This can be useful for debugging or tracking the performance of an application. Logging: Interceptors can be used to enforce security policies. For example, an interceptor could be used to check that a user is authenticated before allowing them to access a resource. Security: Interceptors can be used to cache HTTP requests and responses. This can improve the performance of an application by reducing the number of times that requests need to be made to the underlying resources. Caching: Interceptors can be used to transform HTTP requests and responses. For example, an interceptor could be used to convert requests to XML responses. Transformation: JSON Spring Request Life-Cycle In a typical application flow, when the client sends an HTTP request to a specific endpoint(URL), the request is first received by the web server (e.g., Apache Tomcat or Jetty) and then forwarded to the Spring Boot application. Spring Boot The Dispatcher Servlet is the entry point for incoming requests in the Spring Boot application. Once the DispatcherServlet receives the request, it consults the HandlerMapping. The HandlerMapping is responsible for determining which controller should process the incoming request based on the URL mapping defined within your controller. Creating Interceptor in Spring Boot To create an interceptor in Spring Boot, you typically create a class that implements the interface. HandlerInterceptor The interface has three methods: HandlerInterceptor : The preHandle() method is the most important method in the HandlerInterceptor. This method is executed before the actual controller method is called. It returns a boolean value indicating whether the request should continue to the controller or be stopped. preHandle() : This method is executed after the controller method is called but before the response is sent to the client. It allows you to modify the model and view before rendering the response. You can use this method to perform any tasks that you need to do after the request has been handled. For example, you could use the method to add additional information to the response, or to log the response. postHandle() postHandle() : This method is executed after the response has been sent to the client. This method is called even if an exception was thrown during the processing of the request. It's useful for cleanup or resource release tasks. afterCompletion() Interceptor to Check Basic Authentication Let us now create an interceptor to perform the basic authentication check. This interceptor will be invoked only for a specific endpoint. It will do the basic authentication check before allowing access to the controller. /products/new For this example, we will hardcode a username and password to verify the credentials passed by the user. import lombok.extern.slf4j.Slf4j; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.nio.charset.StandardCharsets; import java.util.Base64; @Slf4j public class BasicAuthInterceptor implements HandlerInterceptor { private static final String USERNAME = "admin"; private static final String PASSWORD = "admin"; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { log.info("BasicAuthInterceptor::preHandle()"); String authHeader = request.getHeader("Authorization"); if (authHeader != null && authHeader.startsWith("Basic ")) { String base64Credentials = authHeader.substring("Basic ".length()); byte[] decodedCredentials = Base64.getDecoder().decode(base64Credentials); String credentials = new String(decodedCredentials, StandardCharsets.UTF_8); String[] parts = credentials.split(":"); String username = parts[0]; String password = parts[1]; if (USERNAME.equals(username) && PASSWORD.equals(password)) { return true; } } response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized"); return false; } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { log.info("BasicAuthInterceptor::postHandle()"); } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { log.info("BasicAuthInterceptor::afterCompletion()"); } } Enter fullscreen mode Exit fullscreen mode Registering Interceptor in Spring Boot Once you have created your custom interceptor, you need to register it with the Spring Boot application using configuration: WebMvcConfigurer import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @Configuration public class WebConfig implements WebMvcConfigurer { @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new BasicAuthInterceptor()) .addPathPatterns("/products/new"); } } Learn more about using interceptors with this video: https://youtu.be/DuMf8Nwb-9w?embedable=true This tutorial is first published on . stacktips.com The lead image for this article was generated by HackerNoon's AI Image Generator via the prompt "a screen displaying a website’s backend”. If you like this article, follow me on Twitter or check out my Youtube channel for more such content. @ask_nilan @TheTechMojo Happy learning!