Skip to main content
Version: 1.4.0

RenewTokenFilter

The RenewTokenFilter is a org.springframework.web.filter.OncePerRequestFilter Spring filter that serves as the Feature Checker component of Pricing4SaaS. It filters incoming requests to determine which ones are consistent with the current pricing configuration, saving the server from unnecessary business logic execution.

In addition, the RenewTokenFilter is responsible for renewing the JWT everytime the feature evaluation context change. In those cases, the filter will add a new header to the response: New-Token, which contains the new JWT. This header must be processed by the client to update the token in the local storage.

warning

If you have Cross-Origin Resource Sharing (CORS) within your application, remember to add the New-Token header to the list of exposed headers. This will allow the client to access the new token.

To enable this option within your spring application, you can use the following application level configuration:

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@SpringBootApplication(scanBasePackages = {"io.github.isagroup", "org.springframework.samples.myapplication"})
public class MyApplication {
@Bean
public WebMvcConfigurer corsConfigurer() {
    return new WebMvcConfigurer() {
        @Override
        public void addCorsMappings(CorsRegistry registry) {
            registry.addMapping("/**") // Will affect all paths
                    .allowedOrigins("*") // Will enable the access from any origin
                    .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS") // Methods to be allowed
                    .exposedHeaders("New-Token"); // Expose the New-Token header
        }
    };
}
}

Usage

To leverage the functionality of the RenewTokenFilter, you must inject it within your Web Security Configuration class. The following snippet shows how to do this:

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;


import io.github.isagroup.filters.RenewTokenFilter;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{
    // Other configurations...

    @Bean
	public RenewTokenFilter renewJwtTokenFilter() {
		return new RenewTokenFilter();
	}

    @Override
	protected void configure(HttpSecurity http) throws Exception {
        // Path access configurations...
    }
}