Oct 28th, 2005, 09:03 AM
Creating secure pages
You'll have to forgive me if this question is gut-renchingly obvious or annoyingly vague, but I've only started learning Spring recently. Please forgive my inevitable n00bness. Right - disclaimer over with...
I want to have a secure pages on my website only available to logged in users. So my spring controllers should check in the session for the particular key and value, and if it is not found, I want the controllers to return a ModelAndView for the login page. I don't particularly want to be writing request.getSession().contains( key ) in each servlet - so I was wondering what the best spring-like approach to this would be?
cheers for any help / advice,
Oct 28th, 2005, 09:08 AM
Oct 28th, 2005, 10:09 AM
Thanks for the link, looks pretty heavy-weight so I've been playing around with interceptors first to get the general idea.
I've managed to use an interceptor for what I want - it checks the session and if not found does a response.sendRedirect(). However I'd prefer to use a ModelAndView somehow. Is there a way to achieve this?
Oct 28th, 2005, 11:14 AM
You can apply advice to the Controllers.
In that example the handleRequestBefore method returns void, but you can instead return a ModelAndView. If the user is not logged in, handleRequestBefore returns a modelAndView to the login page. If the user is logged in, handleRequestBefore returns null.
Oct 28th, 2005, 12:04 PM
Personally I like to have login/security info "above" the actual application rather than within it, so I use a filter with a standard J2EE security layer (JAAS, Groups and Principals) for this type of thing.
That's just a personal preference though.