Spring boot: Serving public and private (restricted) static content

I’m using spring-boot-starter-web along with embedded-jetty and starter-jersey starter. The Jersey servlet context-path is configured in application.properties to serve from /api. So all /api/.* calls are handled over to Jersey.

Since I’m using starter-web, the static content is being served from static/ directory as shown here:

enter image description here

All the resources listed under static/public/ can be accessed without any restrictions. But the resources under static/private should be restricted and will be shown only if logged in.

To achieve this, I’ve written a filter:

@Component
@Order(1)
public static class PrivateContentFilter implements Filter {
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        if (request.getRequestURI().matches(".*/static/private/.*")) {
            // Check for authentication in the cookie and procceed
            // The cookie is handed to an auth mirco-service, that does the actual validation. 
        }
    }
}

But this filter is only reached when the path is api/.* and not for the static content: /public/.* nor for /private.*. What am I missing here?

Answer

Everything that is under /static is the context / so your filter regex must look like this:

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
    HttpServletRequest request = (HttpServletRequest) servletRequest;
    if (request.getRequestURI().matches("/private/.*")) {
        System.out.println("private");
    } else {
        System.out.println("public");
    }
    filterChain.doFilter(servletRequest, servletResponse);
}