Creating Exception Handler in Spring

In this blog i will show how to create Exception handler in Spring. I assume that you already have Spring application setup and it is running. Exception handling is one of the piece which gets ignored and in latter stages of the development it becomes unmanageable task. There will not be a consistent and common approach if it is not taken up at the beginning stages. Spring framework makes developers life pretty simple with the api which it provides for Exception handling at global/application level. Nice thing about this approach is that it becomes a single place for handling all the exception and becomes more manageable.

In this example i will be creating MyAppExceptionHandler. This will be single class which will be responsible for handling any exception scenario.

to start with create a class "MyAppExceptionHandler" this needs to implement an interface named "HandlerExceptionResolver" and "Ordered". Implement the default method which your IDE will ask you to implement.

Ensure that this class is annotated with @Component, otherwise spring will not recognize it as Bean component and it will not be loaded by framework. You can choose xml configuration as well instead of annotation.

Below is the method from "HandlerExceptionResolver" interface.

public ModelAndView resolveException(HttpServletRequest request, HttpServletResponse response,
 Object handler, Exception ex)

This method will handle the exception call from framework. It returns View, which can be a jsp file with custom error message. which will be shown to the user.

Following method from the interface Ordered

public int getOrder()

To manage the placement of exception handler implementation in queue, this method is usefull. If we use Integer.MIN_VALUE, it will put this class in front of the queue for resolving exceptions. If this method is not overrided then this class will not be the first class to be called for handling exception.

below is the sample class file example.

package com.sample.exception;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.core.Ordered;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerExceptionResolver;
import org.springframework.web.servlet.ModelAndView;

@Component
public class MyAppExceptionHandler implements HandlerExceptionResolver, Ordered{
 @Override
 public int getOrder(){
  return Integer.MIN_VALUE;
 }
 @Override
 public ModelAndView resolveException(HttpServletRequest request, HttpServletResponse response,
 Object handler, Exception ex){
  ModelAndView view;
  if(ex instanceof IOException){
   response.setStatus("500");
   view = new ModelAndView();
   view.addObject("message", ex.getMessage());
   view.setViewName("error");
  } else{
   response.setStatus("400");
   view = new ModelAndView("error")
   view.addObject("message",
     "Oops, Unknown Technical error has occurred.");
  }
  return view;
 }
}

error.jsp page code is as mentioned below.

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<!DOCTYPE html>
<html>
<head>
<title>Error Page</title>
</head>
<body>
 <h1> ${message} </h1> 
</body>
</html>

error.jsp page code is as mentioned below.

That's it, now you are good to go. Thanks

Configure SonarQube with Jenkins

   Jenkins provides easy integration with different kinds of plugins which are helpful in overall improvement and management of development life cycle and code quality. One of such plugin is SonarQube.

    SonarQube is code quality analysis software. It runs through the code and identifies code quality issues. It has got web portal where you can generate different kinds of reports like

1. Technical Debt
2. Code Issue, with actual code linkage.
3. Different types of reports.
4. Maintains the history of issue details. Can check increase and decrease.
5. Rules configuration.
6. Quality Gates
7. Code duplication
8. and Many others.

    There is provision in Jenkins to integrate this plugin, which can be executed during the building of applications. Also there is option of failing the build process if the code quality does not match the defined quality gate in Sonar.

  Now i will show how to integrate this plugin with Jenkins. Assumption is that Jenkins is installed in your system. 

  To start first you need to download sonar server in your system or if it already installed and running then you can skip this step.

If Sonar is not installed then follow these steps.

1. Download SonarQube from the link.
2. After download, unzip the file in your system.
3. Then to start SonarQube server, navigate to "SONAR_HOME/bin".
4. Based on your environment, go to specific folder.
5. I am using "windows-x86-64" as i am having Windows, 64Bit system. 
6. Click on "StartSonar.bat" to start the sonar server.
7. Sonar server should start, and you will see new command prompt window opening for you.
8. Sonar can be added into window service as well if you are system admin. There batch files present in same folder.
9. Access the SonarQube in WebBrowser by entering url: "http://localhost:9000/"
10. Empty dashboard page of sonar server if it is fresh installation.
11. Once page is launched, it means that sonar is installed and running fine.
12. Please note this server url will be used in Jenkins when we install SonarQube plugin in coming sections below.

following message in the console tell if sonar server is up and running.

jvm 1    | 2016.08.30 23:02:43 INFO  app[o.s.p.m.Monitor] Process[web] is up

Now coming back to configuring SonarQube in Jenkins.

1. Access jenkins portal by accessing "http;//localhost:8080" url in browser.

2. Go to --> Manage Jenkins menu in left navigation. Then click on "Manage Plugins",

3. Navigate to "Available" Tab, in the "Filter" option, type "SonarQube", you will see "SonarQube Plugin" listed below, select the checkbox and click on "Download now and install after restart" button.


4. Following screen will be shown, restart Jenkins, plugin will be installed and it can be verified in installed Tab under Manage Plugin page.


5. After installation next step will configure SonarQube Plugin.

6. Navigate to "Manage Jenkins" --> "Configure System", look for section named "SonarQube", as shown below.

7. Provide basic  details, like Name, and Server Url, This URL should be the url for SonarQube Server which we installed above.

8. Once the global configuration is complete, next step will be to configure SonarQube for a specific projects. I will show next.

9. Navigate to Jenkins Home, by clicking on Jenkins menu in horizontal menu bar.

10. Next click on "New Item", you will get following screen, provide details of the project. Here we are creating new project which will be mapped to a java project.

• Item Name
• Select Freestyle Project

Click on OK button.

11. It will launch detailed project screen, where project related information can be configured, like SCM, and other configuration. These points is out of scope of this blog.

12. Now to add Sonar configuration to the project, click on "Add Build Step" and click on "Invoke Standalone SonarQube Analysis" menu. it will expand a new section specific to SonarQube configuration.



13. Provide the details for project configuration related to sonar server.

Values inside "Analysis properties" are important for sonar server.

• sonar.projectKey - This will be used to uniquely identify project in sonar server, ensure that this does not repeat if you have multiple project in Sonar Server. Otherwise it will override the project data.
• sonar.projectName - Project will be given in sonar server.
• sonar.projectVersion - Usefull in maintaining history of the changes.
• sonar.sources - folder where source code files are present.
• sonar.language- language of the source code.

14. Once values are entered, then click on "Save" button.
15.  Now setup is complete for the project.

16. Next is to start Build process and verify if sonarqube analysis is getting triggered or not. Click on "Build Now" in project left navigation.



17. Once build starts, then monitor the logs in Jenkins console. You will see following logs. this mean SonarQube analysis is getting triggered and it is getting tracked in sonar server also.



18. To check project in SonarQube server, navigate with following link given in above console. you will see below screen.



That is all which needs to be done for configuring sonarqube in jenkins.

Enable CSRF in Spring Security

In this blog I will show you steps which is needs to enable CSRF in spring application.

CSRF mean "Cross Site Request Forgery". If your application is vulnerable to this security issue, then it will allow malicious user to submit the forged/malicious request to the application and successfully completes it. Check OWASP Website page for detailed understanding about CSRF.

Enabling CSRF will not allow submitting forged request and do the transaction. This happens with CSRF token value which is submitted with all the request. It is difficult for malicious user to guess this value and submit with the request. CSRF token is autogenerated value which keeps changing. Also a reference of that token is maintained on server side for identifying valid request.

Please note i am using spring 4.x version for this blog.

Step1: 

Open web.xml file in WEB-INF folder, and add following line. 

<filter>
 <filter-name>securityFilterChain</filter-name>
 <filter-class>org.springframework.web.filter.DelegatingFilterProxy
 </filter-class>
</filter>
<filter-mapping>
 <filter-name>securityFilterChain</filter-name>
 <url-pattern>/*</url-pattern>
</filter-mapping>

Here  /* in url-pattern means that all the url patterns will be covered.

Step2: In this step we will do changes in applicationContext.xml, which contains security configuration details. Add below code to enable,

<security:http auto-config="true" use-expressions="true">
<security:access-denied-handler  error-page="/htm/denied.html" />
<security:form-login 
    login-page="/login" 
 authentication-failure-url="/login" 
 username-parameter="UserName"
 password-parameter="Password" />
<security:csrf  disabled="false"/>
</security:http>

Incase if you already having http tag then you need to add  <security:csrf disabled="false"/> . By default csrf is enabled so it is not required to add "disabled=false" attribute.  I added as it is easy to understand.

Adding csrf will inform spring to provide application necessary setup to use csrf while submitting request.

Basically anything action which changes the state in application should be covered. Generally GET method is not used for any changes in application data. But incase if your application uses GET for change operation then that also should be covered.

Incase if you need to specify methods/url's which should be scanned by spring for CSRF, then use following "request-matcher-ref" attribute of csrf tag. I will not covering this here in this blog.

<security:csrf  disabled="false" request-matcher-ref="ref of class"/>

hello
In the JSP page add following code in the form.

<input name="${_csrf.parameterName}" type="hidden" value="${_csrf.token}" />

This will generate a tag for CSRF and spring will take care of verifying the token for the submitted request. Token value can be passed either by hidden field or as URL parameter.

Following value will be visible in view source of page, if you are able to generate the CSRF token.

If the token is invalid then spring will throw invalid CSRF token was sent and will take user to error page. Application will throw "InvalidCsrfTokenException".

Note, if you using AJAX with Json parameter, then you can submit CSRF token as http parameter, you need to use either meta tags to pass this information to the application. As shown below.

    <meta name="_csrf" content="${_csrf.token}"/>
    <meta name="_csrf_header" content="${_csrf.headerName}"/>

Or include it all the ajax calls, by having below function in the jsp or view file.

$(function () {
    var token = $("meta[name='_csrf']").attr("content");
    var header = $("meta[name='_csrf_header']").attr("content");
    $(document).ajaxSend(function(e, xhr, options) {
        xhr.setRequestHeader(header, token);
    });
});

That is all on CSRF front.

Configure Quality Gates in SonarQube Server

In this blog i will show how to configure Quality Gates in SonarQube server.

What is Quality Gate?
   Quality Gate is combination of various conditions, against which SonarQube server measures project quality thresholds. There are different categories/severity of issue which sonar reports, like Critical, Blocker, Major, Code Coverage, blocker issues since last build and many others.

Before I explain further, let me explain when need arises to create custom quality gates.

   Sonarqube works with many technologies, all these technologies will have different standard and process. And measuring criteria can't be same for all these applications, in such scenarios different Quality Gates will be needed for each of these projects/application.

   Now moving on with the Quality Gate creation process.

   Login to SonarQube server, for me it is hosted at "http://localhost:9000/", incase it defers then access the url on which sonarqube server is hosted.

  Login to sonarqube portal, click on Menu "Quality Gates" in top menu bar.



Sonar will show default Quality Gate which comes with Sonar setup.

To create new Quality Gate, click on "Create" button in left navigation. Enter quality gate name and click on Create button in the popup.



Click on "Add Condition" drop down and select the appropriate metrics specific to project requirement.



after adding the conditions, select following details for each row.

• First Drop Down - select the value
• Second Drop Down - select the condition
• Warning Field Value- value
• Error Field Value - enter value

Next will click on "Add" button. It will add the metrics to QualityGate. There are many metrics which is provided in the dropdown, select based on the project needs.

After above step, project needs to be associated to Quality Gate.

In below project display area on the same screen, search for the project and select the checkbox, which will associate the project to created Quality Gate.



This is last step in creation of Custom Quality Gate.

For the above project if new build is initiated then it will validate the project against this quality gate. That can be verified in logs.

Configure SonarQube with Jenkins

   Jenkins provides easy integration with different kinds of plugins which are helpful in overall improvement and management of development life cycle and code quality. One of such plugin is SonarQube.

    SonarQube is code quality analysis software. It runs through the code and identifies code quality issues. It has got web portal where you can generate different kinds of reports like

1. Technical Debt
2. Code Issue, with actual code linkage.
3. Different types of reports.
4. Maintains the history of issue details. Can check increase and decrease.
5. Rules configuration.
6. Quality Gates
7. Code duplication
8. and Many others.

    There is provision in Jenkins to integrate this plugin, which can be executed during the building of applications. Also there is option of failing the build process if the code quality does not match the defined quality gate in Sonar.

  Now i will show how to integrate this plugin with Jenkins. Assumption is that Jenkins is installed in your system. 

  To start first you need to download sonar server in your system or if it already installed and running then you can skip this step.

If Sonar is not installed then follow these steps.

1. Download SonarQube from the link.
2. After download, unzip the file in your system.
3. Then to start SonarQube server, navigate to "SONAR_HOME/bin".
4. Based on your environment, go to specific folder.
5. I am using "windows-x86-64" as i am having Windows, 64Bit system. 
6. Click on "StartSonar.bat" to start the sonar server.
7. Sonar server should start, and you will see new command prompt window opening for you.
8. Sonar can be added into window service as well if you are system admin. There batch files present in same folder.
9. Access the SonarQube in WebBrowser by entering url: "http://localhost:9000/"
10. Empty dashboard page of sonar server if it is fresh installation.
11. Once page is launched, it means that sonar is installed and running fine.
12. Please note this server url will be used in Jenkins when we install SonarQube plugin in coming sections below.

following message in the console tell if sonar server is up and running.

jvm 1    | 2016.08.30 23:02:43 INFO  app[o.s.p.m.Monitor] Process[web] is up

Now coming back to configuring SonarQube in Jenkins.

1. Access jenkins portal by accessing "http;//localhost:8080" url in browser.

2. Go to --> Manage Jenkins menu in left navigation. Then click on "Manage Plugins",

3. Navigate to "Available" Tab, in the "Filter" option, type "SonarQube", you will see "SonarQube Plugin" listed below, select the checkbox and click on "Download now and install after restart" button.


4. Following screen will be shown, restart Jenkins, plugin will be installed and it can be verified in installed Tab under Manage Plugin page.


5. After installation next step will configure SonarQube Plugin.

6. Navigate to "Manage Jenkins" --> "Configure System", look for section named "SonarQube", as shown below.

7. Provide basic  details, like Name, and Server Url, This URL should be the url for SonarQube Server which we installed above.

8. Once the global configuration is complete, next step will be to configure SonarQube for a specific projects. I will show next.

9. Navigate to Jenkins Home, by clicking on Jenkins menu in horizontal menu bar.

10. Next click on "New Item", you will get following screen, provide details of the project. Here we are creating new project which will be mapped to a java project.

• Item Name
• Select Freestyle Project

Click on OK button.

11. It will launch detailed project screen, where project related information can be configured, like SCM, and other configuration. These points is out of scope of this blog.

12. Now to add Sonar configuration to the project, click on "Add Build Step" and click on "Invoke Standalone SonarQube Analysis" menu. it will expand a new section specific to SonarQube configuration.



13. Provide the details for project configuration related to sonar server.

Values inside "Analysis properties" are important for sonar server.

• sonar.projectKey - This will be used to uniquely identify project in sonar server, ensure that this does not repeat if you have multiple project in Sonar Server. Otherwise it will override the project data.
• sonar.projectName - Project will be given in sonar server.
• sonar.projectVersion - Usefull in maintaining history of the changes.
• sonar.sources - folder where source code files are present.
• sonar.language- language of the source code.

14. Once values are entered, then click on "Save" button.
15.  Now setup is complete for the project.

16. Next is to start Build process and verify if sonarqube analysis is getting triggered or not. Click on "Build Now" in project left navigation.



17. Once build starts, then monitor the logs in Jenkins console. You will see following logs. this mean SonarQube analysis is getting triggered and it is getting tracked in sonar server also.



18. To check project in SonarQube server, navigate with following link given in above console. you will see below screen.



That is all which needs to be done for configuring sonarqube in jenkins.

How to change log level in logback at runtime

Here i am going to show how to change the log level in logback logging api at runtime.

Following are the possible log level available in logback.

• TRACE
• DEBUG
• INFO
• WARN
• ERROR

Below is the set of code if it gets executed will changes the level to the one it is being set. First retrieve the LoggerContext using LoggerFactory, then retrieve the root logger or you can retrieve any specific logger as well. After getting the rootLogger then call setLevel method to specify the new log level.

  LoggerContext loggerContext = (LoggerContext)LoggerFactory.getILoggerFactory();
  Logger rootLogger = loggerContext.getLogger(Logger.ROOT_LOGGER_NAME);
  ((ch.qos.logback.classic.Logger) rootLogger).setLevel(Level.DEBUG);

Setting in Tomcat to enable SSL for certain pages

Use following setting in your web application to enable SSL for certain pages.


For example:
Certain page in the application should be accessible on https, like

SSL:

• https://www.dummy.com/app/login
• https://www.dummy.com/app/payment

Non SSL:

• http://www.dummy.com/app/help
• http://www.dummy.com/app/contact

This setting can be enabled at application level by specifying appropriate configuration in deployment descriptor file i.e. web.xml.

Open web.xml located inside WEB-INF folder in application. Add following code

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Non SSL</web-resource-name>        
        <url-pattern>/help</url-pattern>
  <url-pattern>/contact</url-pattern>
    </web-resource-collection>    
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>   
</security-constraint>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>SSL</web-resource-name>        
        <url-pattern>/*</url-pattern>
    </web-resource-collection>    
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

url-pattern - here you need specify the url pattern to be considered.

transport-guarantee - value in this tag manages if the mentioned url under url-pattern should be under SSL or Non SSL. if "CONFIDENTIAL" value is specified then it will be secure otherwise non SSL.

Apache Tomcat SSL and TLS configuration

This blog will explain how to enable SSL on Tomcat7.x server on Linux.

Step1: Generation of Key file.

How to generate the key file using OpenSSL.

Prerequisites:

• OpenSSL

Run following command to generate the key file.

openssl genrsa -out myapp.key 2048

output of this command will be "myapp.key" file on current directory, if you want to create this file in different directory, you can specify the file name with the path. Last parameter is for size of the key to generate. I have used 2048 which is considered to be secure. But you can use 4096 or lesser values based on your need.

openssl genrsa -out /app/key/myapp.key 2048

Step2: Generation of CSRfile.

Once you get the key file you need to generate the CSR file for getting the signed public certificate.

For generating the CSR use following command.

openssl req -new -key app.key -out myapp.csr

Step3: Generation of public certifcate

  After generating the CSR file, get the certificate generated. And once you receive the public certificate you need to do following steps. In my case I received myapp.cer file.

Step4: Create PKCS12 keystore from private key and public certificate.

I executed following command for adding my private key and the certificate to the keystore file. Using openssl command.

openssl pkcs12 -export -name myservercert -in /app/cer/myapp.cer -inkey /app/key/myapp.key -out /app/keystore/keystore.p12

Step5: Convert PKCS12 keystore into a JKS keystore.

I executed following command for adding my private key and the certificate to the jks keystore file.

keytool -importkeystore -destkeystore /app/keystore/myappkeystore.jks 
-srckeystore /app/keystore/keystore.p12 -srcstoretype pkcs12 -alias myservercert 

Now after generation of jks keystore, next step will be to configure tomcat server to enable SSL.

Step6: Change in <TOMCAT_HOME>/conf/server.xml

uncomment the <connector> related to SSL

<!-- Define a SSL HTTP/1.1 Connector on port 8443
     This connector uses the BIO implementation that requires the JSSE
     style configuration. When using the APR/native implementation, the
     OpenSSL style configuration is required as described in the APR/native
     documentation -->
<Connector SSLEnabled="true" clientAuth="false" keyPass="changeit" keystoreFile="conf/myappkeystore.jks" 
  keystorePass="changeit" keystoreType="JKS" maxThreads="150" port="8443"  protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>
  

How to persist password in Spring Authenticator Object

In this short blog I will show a small change in configuration which will persist password in spring org.springframework.security.core.Authentication object.

It is not best practice to keep password in object after authenticating the user, but in case if you want to persist the password then following is the code which needs to be added in spring application configuration.

For the "authentication-manager" tag you need to add "erase-credentials" attribute and set the value to false. Below is code snippet:

<security:authentication-manager  erase-credentials="false">
  <security:authentication-provider ref="AuthenticationProvider"/>
 </security:authentication-manager>

Hope this will be useful.

Role Based access to Method with Spring Security @PreAuthorize

In this blog i am going to show how to implement role based method permission with Spring Security. Here i am showing "@PreAuthorize"  and its integration,

 To start with let me show you the dependencies which needs to be there in your project to start. I am using spring Spring 4.x. Apart from basic spring jars you need to have following jar which is specific to spring security in your project.

1. spring-security-config jar
2. spring-security-core jar
3. spring-security-web jar

Once these jar files are added to the project, following changes needs to be done in step wise manner to better understand their purpose and understanding.

Step1:
  Add following code to applicationContext.xml or configuration file which you are using.

Add namespace details in xml file.

xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-4.0.xsd"

Add following bean tags to enable security feature

<security:global-method-security pre-post-annotations="enabled">
  <security:expression-handler ref="expressionHandler"/>
</security:global-method-security> 
<bean id="expressionHandler" class="org.springframework.
security.access .expression.method.DefaultMethodSecurityExpressionHandler">
     <property name="permissionEvaluator" ref="permissionEvaluator"/>
</bean>  
<bean id="permissionEvaluator" class="com.sample.security.SampleMethodPermissionEvaluator"/>

security:global-method-security:  This tag will enable method level security using spring configuration.
expressionHandler :This parameter will be mapped to class "DefaultMethodSecurityExpressionHandler" out of the box provided by spring.
This bean will take property named permission evaluator this property will take reference for custom Method evaluator which will have method to validate the access role.

Step2: Create Method evaluator class which will have method to validate the role permission.

package com.sample.security;

import java.io.Serializable;

import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

public class SampleMethodPermissionEvaluator implements PermissionEvaluator {

 public SampleMethodPermissionEvaluator() {
  super();
 }

 @Override
 public boolean hasPermission(Authentication authentication, Object targetDomainObject, 
Object exeMethodRole) {
  boolean hasPermission = false;
  if (authentication != null && exeMethodRole != null && exeMethodRole instanceof String) {
   for (GrantedAuthority auth : authentication.getAuthorities()) {
    if (exeMethodRole.equals(auth.getAuthority())){
     hasPermission = true;
     break;
    }else {
     hasPermission = false;
    }
   }
  }
  return hasPermission;
 }
 @Override
 public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType,
   Object exeMethodRole) {
  throw new Exception("Not supported by this application");
 }
}  

hasPermission method in the above class will have permission check, you need to ensure that Authentication object is available in context. So that it is available to the method.

Step3: Add the following line to any of the interface methods.

@PreAuthorize("hasPermission(#user,'admin')")

Here is sample code.

@PreAuthorize("hasPermission(#user,'admin')")
 boolean createUser(String userDetails);

#user will be populated with the Authentication object by spring framework. Second parameter is the role which is allowed for the method.

You are good to go, start your application and test the method access. If logged in user does not have permission then it will throw "AccessDeniedException", this you need to handle and show proper message to the user.

Using Interceptor in Websphere Portal and Spring Portlet 3.0

Spring has come up with Spring Portlets for websphere portal. There are lot of documentation available which talks about integration steps for Spring and websphere portal. But i struggled to find how to use interceptor with spring portlet 3.0.

I have used Spring with J2EE applications and using interceptor was very straight forward. We need to put entry in springContext.xml file and map all the controller who needs to use this interceptor.

For Spring portlet there are different steps which you need to do to configure Interceptor.

  Follow the below steps:

1. Create Interceptor class in your project. check the sample interceptor code below. 

package com.custom.interceptor;
import javax.portlet.PortletRequest;
import javax.portlet.PortletResponse;
import javax.portlet.PortletSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.portlet.ModelAndView;
import org.springframework.web.portlet.ModelAndViewDefiningException;
import org.springframework.web.portlet.handler.HandlerInterceptorAdapter; 
public class YourInterceptorImpl extends HandlerInterceptorAdapter {
    @Override
    protected boolean preHandle(PortletRequest request,PortletResponse response, Object handler) throws Exception {
        System.out.println("Inside Prehandle method");
        //business logic
    }
// there are other method which we can use based on when you want to //execute the logic.
} 

2. Locate applicationname-portlet.xml file and below code in the file.

<bean id="customInterceptor" class="com.custom.interceptor.YourInterceptorImpl" />    
<bean class="org.springframework.web.portlet.mvc.annotation.DefaultAnnotationHandlerMapping">
<property name="interceptors">
    <list>
        <ref bean="customInterceptor" />
    </list>
</property>
</bean>

3. Restart server and access in via browser.

You should see in console "Inside Prehandle method" message. You can add the business logic which needs to be executed before any logic in controller gets executed.