How to check every request in spring boot & if it is invalid - return 401

How to check every request in spring boot & if it is invalid – return 401

Posted on by Toma Velev

How to check for presence of specific header in every request with spring boot and if it is not – return 401? You can achieve this by implementing a custom HandlerInterceptor in Spring Boot. Here’s an example:

import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
//import javax.servlet.http.HttpServletRequest;
//import javax.servlet.http.HttpServletResponse;
import java.util.Arrays;

@Component
public class HeaderInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response) {
        String[] requiredHeaders = {"Authorization"}; // Add your header name here
        for (String header : requiredHeaders) {
            if (request.getHeader(header) != null && !request.getHeader(header).isEmpty()) {
                return true;
            }
        }
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        return false;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) {
        // You can add your logic here if needed
    }
}

Then, you need to configure Spring Boot to use this interceptor. You can do it by adding the following configuration in your application properties file:

spring.mvc.interceptor-only-mapped-requests=false

Or, you can configure it in your configuration class:

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class WebConfig implements WebMvcConfigurer {

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new HeaderInterceptor()).addPathPatterns("/**");//This will filter all
        //registry.addInterceptor(new HeaderInterceptor()).addPathPatterns("/endpoint1", "/endpoint2", "/endpoint3");//This will filter only listed
    }
}

This configuration will apply the interceptor to the requests configured. I’ve build several micro Spring Boot apps. They are currently intertwined/dependent together.