Announcement Announcement Module
Collapse
No announcement yet.
i18n && security => which best practice ? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • i18n && security => which best practice ?

    Hi there

    I've a little question for you : I'm writing an i18n application with the language chooser in my spring security form. This form is processed by a custom filter.
    I wish to set the locale at that time, but the two implementations I tried are useless, I explain under here

    Case 1 : LocaleContextHolder
    Code:
    Locale locale = StringUtils.parseLocaleString(lang.toLowerCase());
    LocaleContextHolder.setLocale(locale);
    This just impacts nothing. No error is raised, but the locale set is not used.

    Case 2 : LocaleResolver
    Code:
    Locale locale = StringUtils.parseLocaleString(lang.toLowerCase());
    LocaleResolver localeResolver = RequestContextUtils.getLocaleResolver(request);
    localeResolver.setLocale(request, response, locale);
    This raise a NullPointerException when trying to use the localeResolver, because it's null.

    So, as a fix, in my filter, I put the locale in the session, and in my Spring Controller that is called just next the authentication, I read the locale, use the LocaleResolver and remove the locale from the session. This is a bit tricky, but this is working ...

    Is there any easier way to set the Spring Locale in a Spring Security Filter (AbstractAuthenticationProcessingFilter) ?

  • #2
    You should be able to set the Locale using the LocaleContextHolder. Just be sure to clean it up afterwards by calling resetLocaleContext(). You can look at the RequestContextFilter from spring-web for an example.

    I'm guessing the reason you may not be seeing any changes is if you do not have a messageSource defined in your web application (Spring Security implements MessageSourceAware). If you already have a messageSource add org.springframework.security.messages as a basename. If you do not have a messageSource yet you can use the following:

    Code:
    <bean id="messageSource" class="org.springframework.security.core.SpringSecurityMessageSource"/>
    For more information look at the Spring Reference MessageSource and Spring MVC's Locale Support.

    Comment


    • #3
      I do have a messagesource, and it's working perfectly in my Spring Controller ...
      It's configured like this :
      Code:
      	<!-- Spring MVC Controller -->
      	<bean id="myController" class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping">
      		<property name="order" value="1" />
      		<property name="defaultHandler">
      			<bean class="com.alea.server.controller.FrontController" ></bean>
      		</property>
      		<property name="interceptors">
      			<list>
      				<ref bean="localeChangeInterceptor" />
      		   	</list>
      		</property>
      	</bean>
      	<!-- Enable the locale System -->
      	<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
        		<property name="basenames">
        			<list>
      				<value>/WEB-INF/i18n/messages</value>
      			</list>
      		</property>
      		<property name="defaultEncoding" value="ISO-8859-1" />
      		<property name="cacheSeconds" value="1" />
      	</bean>
      	<bean id="localeChangeInterceptor"  class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
              <property name="paramName" value="language"/>
        	</bean>
      	<bean id="localeResolver" class="org.springframework.web.servlet.i18n.SessionLocaleResolver">
          	<property name="defaultLocale" value="en" />
          </bean>
      What I do not understand, is that, according to the documentation here http://static.springsource.org/sprin...l#localization nothing more has to be done ...

      Comment


      • #4
        It doesn't say nothing more needs to be done - it says you should use the LocaleContextHolder and refers you to the Spring documentation for more information. You can either set this up yourself in a filter or use the support that Spring provides - e.g. RequestContextListener.

        Spring Security's filters are invoked before your controllers, so the locale needs to be set before the filter chain is invoked - relying on Spring MVC isn't enough.

        You'll find this has been discussed before so please search the forum.

        Comment


        • #5
          Just as an FYI from the configuration posted, unless you have setup your own resource bundle for Spring Security's messages, you still need to add org/springframework/security/messages as a basename to the messageSource in addition to setting the Locale.

          Comment


          • #6
            I've also opened an issue, SEC-1527, to add support to one of the sample apps to provide a reference configuration.

            Comment

            Working...
            X