Announcement Announcement Module
Collapse
No announcement yet.
Session validation Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Session validation

    Hello all,

    I have a question on what is the best way to validate user session?
    i know the code how to check it already, but currently i have to copy the method to all of the page's controller.

    Is there any better way to solve it? so i just create a function then every page automatically will be validated by that function without calling the function (put the function in the controller) ? or using something like interceptor (if yes please tell me how to use it)?


    Thank you guys.

  • #2
    Can you describe what you mean by validate session? Are you trying to validate that a user exists and has permission to access the page? If so, Spring Security will do that in its core filters which is outside of the controller.

    Comment


    • #3
      Yes something like that, actually its only simple thing. for example is the session expired? or is the session exist?
      Currently im using database to validate, thats why i need a function that is created by me to validate. Is it possible if i use interceptor? if so could you tell me how to use it?


      Thanks

      Comment


      • #4
        I'm not sure I understand. Usually the session existing/expiration is managed by the Container (i.e. Tomcat). If that session is expired or does not exist then Spring Security will not have an authenticated Authentication in the SecurityContextHolder. This means you should not have to inspect a database to determine if the session exists/is expired under most circumstances. Do you have custom session management needs?

        Comment


        • #5
          Yes, i have a custom session management. so i need to use my own code.
          Thanks

          Comment


          • #6
            I'm still not sure I understand what you want to do. If you want to do something on every request, you can create a Filter and validate the session in it.

            Comment


            • #7
              Hi mr rwinch,

              Could you tell me how to use filter?

              Thanks

              Comment


              • #8
                Hi mr rwinch,

                I managed to follow your suggestion by using filter and it works.
                However, i faced some problem which is if the session is already null then my filter will automatically redirect the page into the login page, but here is the funny thing, why my current page's controller or submit code is still executed?

                do you know how to stop the process if the the session is null in the filter. actually the redirect is working already, but when i debug the current page controller is still executed.


                Thanks

                Comment


                • #9
                  This is a bit outside of the scope of Spring Security, but it is probably because you are executing filterChain.doFilter. If you do not call this it will probably fix your problem. If you have any problems specific to Spring Security feel free to post them. If it is a general Java or J2EE question another forum is recommended (i.e. stackoverflow).

                  Cheers,

                  Comment

                  Working...
                  X