javaspringspring-bootservletsservlet-filters

@WebFilter(urlPatterns) not mapping HTTP request properly


I have a function with @GetMapping(value = "/getToken") that writes JSON content.

@GetMapping(value = "/getToken")
public String getToken(HttpServletRequest request, HttpServletResponse response, Model model) {
    // jsonObject
    PrintWriter out = response.getWriter();
    out.print(jsonObject);
}

Now, a user can make a GET request to above mapping using a URL like this:

localhost:8080/getToken?username="username"&password="password"

I have also created a class called CORSFilter that implements javax.servlet.Filter and i want this filter to intercept only those request that have /getToken in the request path.

@WebFilter(urlPatterns = "/getToken")
public class CORSFilter implements Filter {

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        // validate user and password
        chain.doFilter(requestToUse, responseToUse);
    }
}

Now, when I hit localhost:8080 or localhost:8080/thankyou in the browser then the above filter is getting called.

How can I stop this?

I want to call above filter only if the URL path is

localhost:8080/getToken?username="user"&password="pass"


Solution

  • Unfortunately, Spring Boot doesn't honor the urlPatterns for filters declared with WebFilter. If you need to apply a pattern, you'll have to declare the filter as a bean and declare a filter registration for that bean, in a configuration class. For example:

    @Bean
    public FilterRegistrationBean<CORSFilter> corsFilterRegistration() {
        FilterRegistrationBean<CORSFilter> filterRegistrationBean =
            new FilterRegistrationBean<>(corsFilter());
        filterRegistrationBean.setUrlPatterns(Collections.singleton("/getToken"));
        return filterRegistrationBean;
    }
    
    @Bean
    public CORSFilter corsFilter() {
        return new CORSFilter();
    }
    

    Note however that Spring Boot has native support for CORS. You don't need any filter for that.