token-validation-*: look for annotations more robustly, support for meta annotations #191
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The JwtTokenAnnotationHandler inspects the handler method of an incoming rest call in order to determine which (if any) annotations of type Protected, ProtectedWithClaims or Protected are present, and thus need to be honoured. The currrent implementation only inspects the direct/immediate annotations on the method or the class. This makes it impossible to group common annotations into a meta-annotation e.g like
It also makes it impossible for these annotations to be detected if they are present on an interface or a superclass. This PR creates a subclass SpringJwtTokenAnnotationHandler that overrides the getAnnotations method. This methods then uses a Spring utility class AnnotationsUtils to detect annotations on the method/class also if they are provided via meta-annotations or superclasses/interfaces.
Note that this will only work when using Spring Boot. Ideally this extension should be on the JwtTokenAnnotationHandler itself, but implementing this using JDK-methods only is quite a mouthful, and left as an exercise to the maintainers. :-)