I want to add a validation layer on top of an existing authentication and authorisation layer in Spring for some my REST Controller. The validation will applicable for certain API only and I want to mark them with, say, some annotation over the controller method. This API requiring such validation will carry a parameter which will be checked with the value in the database (somewhat like the 2 step verification but this will be authorization for some API and only in special cases for eg. enter OTP for accessing sensitive data)
I tried using standard Spring AOP using @annotation point cut expression and it does not work on controllers. I am not sure but stackoverflow question suggests that point cut cannot be used on controller methods as they are already proxied (suggest me if i am wrong here).
I thought of using HandlerInterceptorAdapter but this doesn't seem right as it concerns with MVC not REST.
Using filters, i have a concern that how do i restrict to certain API only. Also, i need to access service layer to fetch some details to check if the authorisation is required and to fetch the data. Moreover, i don't want to increase the load for every request for making DB call one more time.
Is there any elegant/clean way of achieving this?
