Adding logic validation aspect best practice.

**sandstorm** · Dec 18th, 2008, 02:02 PM

Hi. I am not used to practicing AOP, but anyway can someone tell me which one is the best practice:

I want to use this logic in some controllers of mine:
if User attribute is not set in HttpSession then forward to loginController

..so the alternatives are:

using a common superclass such as LoginRedirectingSimpleFormController/whateverTheNameIs.., or using AOP

(in which case I dont know how to implement it), but which is best: AOP or common superclass ?

Thanks

**NubKnacker** · Dec 19th, 2008, 12:30 AM

Best to use Spring Secutiry for that sort of a thing. No point in reinventing the wheel.

**sandstorm** · Dec 19th, 2008, 08:22 AM

I would stick to the point, which is stated explicitly within the question, but anyway you have made a good point as well, which I appreciate.

**Rossen Stoyanchev** · Dec 19th, 2008, 02:25 PM

As NubKnacker pointed out Spring Security does that with the help of filters. Even if you don't plan to use Spring Security you can benefit a lot from looking up the way it works.

**Rober2D2** · Dec 19th, 2008, 06:28 PM

Another option, appart form HttpFilters and Spring Security, is the use of interceptors.

Probably, they are not the best option to manage security, but unlike HtppFilters, the great advantage they have, is that they are fully integrated into Spring MVC, understand about ModelAndView objects and they get a reference of the controller that is being invoked.

See the class org.springframework.web.servlet.handler.HandlerInt erceptorAdapter

If you want to use AOP, I think the best way is to intercept the call to "handlerRequest", and return an addequate ModelAndView when access is forbidden

**NubKnacker** · Dec 19th, 2008, 11:27 PM

Originally Posted by sandstorm

I would stick to the point, which is stated explicitly within the question, but anyway you have made a good point as well, which I appreciate.

I gave your requirement some thought and realised that it was a valid one because I need something along the same lines on the project i'm currently working on. I can't use spring security either for reasons I can't go into. (Although I'm still of the opinion that Spring security is the best solution)

What I came up with was to annotate controller methods which required the above stated validation (user object, access validation etc) and then advise them. I'm in the process of writing such an aspect but ran into trouble while advising methods with annotations. I have posted a thread here with the problem, feel free to post there since i'm a beginner in aop.

**sandstorm** · Dec 20th, 2008, 01:48 PM

well i am a way-below-noob in AOP (< beginner), so if you come with a solution - id be glad to have it

Thread: Adding logic validation aspect best practice.

Thread Tools

Display

Adding logic validation aspect best practice.

Posting Permissions