Mar 14th, 2011, 04:08 AM
I have a question on what is the best way to validate user session?
i know the code how to check it already, but currently i have to copy the method to all of the page's controller.
Is there any better way to solve it? so i just create a function then every page automatically will be validated by that function without calling the function (put the function in the controller) ? or using something like interceptor (if yes please tell me how to use it)?
Thank you guys.
Mar 14th, 2011, 08:42 AM
Can you describe what you mean by validate session? Are you trying to validate that a user exists and has permission to access the page? If so, Spring Security will do that in its core filters which is outside of the controller.
Mar 14th, 2011, 10:26 AM
Yes something like that, actually its only simple thing. for example is the session expired? or is the session exist?
Currently im using database to validate, thats why i need a function that is created by me to validate. Is it possible if i use interceptor? if so could you tell me how to use it?
Mar 14th, 2011, 11:05 AM
I'm not sure I understand. Usually the session existing/expiration is managed by the Container (i.e. Tomcat). If that session is expired or does not exist then Spring Security will not have an authenticated Authentication in the SecurityContextHolder. This means you should not have to inspect a database to determine if the session exists/is expired under most circumstances. Do you have custom session management needs?
Mar 14th, 2011, 08:37 PM
Yes, i have a custom session management. so i need to use my own code.
Mar 14th, 2011, 09:46 PM
I'm still not sure I understand what you want to do. If you want to do something on every request, you can create a Filter and validate the session in it.