Issues with HandlerInterceptor in Spring 2.5.4

[lappinl]

I am trying to configure my new annotation based controllers to use my HandlerInterceptor which controls security. Basically the interceptor checks for a security header from RSA and if it doesnt find it the user is not logged in and it passes them to a login controller.

However I do not want the interceptor to intercept every controller, in this example the login controller. In Spring 2.0 I was able to define which controllers were intercepted using SimpleUrlHandlerMapping. However I have found no such feature in Spring 2.5 because DefaultAnnotationHandlerMapping intercepts every controller regardless . I tried a Spring plugin written by Scott Murphy which attemped to fix this issue and allows you to specify what is intercepted but it just throws 404 errors for the methods that are not intercepted. Any example code or suggestions would be much apprecaited. I have never used aspects for security so If that is my only solution could you please provide some example code. Thanks in advance.

[Tom Trommelaar]

I am having the same problem. This is basically the only thing that is holding me back of upgrading to Spring @MVC right now. My application uses several SimpleUrlHandlerMappings that all have different interceptors configured. The problem with the new DefaultAnnotationHandlerMapping in Spring 2.5.4 is that it processes all controllers by default.

Couldn't it be it possible to introduce a "package" property on the DefaultAnnotationHandlerMapping that defines which controllers to process? This way you could have multiple DefaultAnnotationHandlerMappings that each point to a different set of controllers.

[Marten Deinum]

You can simply mix and match. You can have the SimpleUrlHandlerMapping for the coarse grained stuff and do finer grained mapping inside your controllers. So you can still have multiple HandlerMapping(s) with the corresponding HandlerInterceptors.

Rossen wrote a nice blog about this.