WebMvcConfigurer - VittorioDeMarzi/hero-beans GitHub Wiki
Purpose of WebMvcConfigurer Configuration Class
This configuration class customizes Spring MVC behavior for our application. It mainly serves two purposes:
- Registering application-specific interceptors
- Registering custom method argument resolvers
1. Interceptors (addInterceptors)
We register the JwtAuthInterceptor to handle authentication for specific API endpoints.
This interceptor is responsible for:
- Extracting and validating the JWT token from incoming requests.
- Setting the authenticated userβs data in the request attributes so that downstream components can access it.
We apply it only to the relevant paths:
/api/user/wishes/**β Protects user wish-related endpoints./api/admin/**and/api/admin/stats/**β Protects administrative endpoints./api/payments/**β Secures payment-related operations.
Reason: By specifying path patterns, we avoid running the interceptor on public endpoints, improving performance and keeping authentication checks targeted.
2. Argument Resolvers (addArgumentResolvers)
We register two custom HandlerMethodArgumentResolver implementations:
-
LoginMemberArgumentResolver: Automatically injects the currently logged-in member into controller method parameters without requiring manual lookups. -
AdminOnlyResolver: Resolves and validates that the current user is an admin before allowing the method to be executed.
Reason: Argument resolvers keep controller code cleaner by moving authentication and authorization logic out of controller methods, following the Separation of Concerns principle.
Why This Approach?
- Centralized Configuration β All authentication and argument-binding logic is declared in one place.
- Reusability β Interceptors and resolvers can be reused across multiple controllers without code duplication.
- Security β Ensures that authentication and role-based access control are consistently applied.
- Maintainability β If we need to adjust authentication rules or add new resolvers, we do it in one place.