Mar 14th, 2011, 04:08 AM
I have a question on what is the best way to validate user session?
i know the code how to check it already, but currently i have to copy the method to all of the page's controller.
Is there any better way to solve it? so i just create a function then every page automatically will be validated by that function without calling the function (put the function in the controller) ? or using something like interceptor (if yes please tell me how to use it)?
Thank you guys.
Mar 14th, 2011, 08:42 AM
Can you describe what you mean by validate session? Are you trying to validate that a user exists and has permission to access the page? If so, Spring Security will do that in its core filters which is outside of the controller.
Mar 14th, 2011, 10:26 AM
Yes something like that, actually its only simple thing. for example is the session expired? or is the session exist?
Currently im using database to validate, thats why i need a function that is created by me to validate. Is it possible if i use interceptor? if so could you tell me how to use it?
Mar 14th, 2011, 11:05 AM
I'm not sure I understand. Usually the session existing/expiration is managed by the Container (i.e. Tomcat). If that session is expired or does not exist then Spring Security will not have an authenticated Authentication in the SecurityContextHolder. This means you should not have to inspect a database to determine if the session exists/is expired under most circumstances. Do you have custom session management needs?
Mar 14th, 2011, 08:37 PM
Yes, i have a custom session management. so i need to use my own code.
Mar 14th, 2011, 09:46 PM
I'm still not sure I understand what you want to do. If you want to do something on every request, you can create a Filter and validate the session in it.
Mar 14th, 2011, 09:58 PM
Hi mr rwinch,
Could you tell me how to use filter?
Mar 15th, 2011, 04:08 AM
Hi mr rwinch,
I managed to follow your suggestion by using filter and it works.
However, i faced some problem which is if the session is already null then my filter will automatically redirect the page into the login page, but here is the funny thing, why my current page's controller or submit code is still executed?
do you know how to stop the process if the the session is null in the filter. actually the redirect is working already, but when i debug the current page controller is still executed.
Mar 15th, 2011, 09:05 AM
This is a bit outside of the scope of Spring Security, but it is probably because you are executing filterChain.doFilter. If you do not call this it will probably fix your problem. If you have any problems specific to Spring Security feel free to post them. If it is a general Java or J2EE question another forum is recommended (i.e. stackoverflow).