Announcement Announcement Module
No announcement yet.
Creating secure pages Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Creating secure pages

    Hi all,

    You'll have to forgive me if this question is gut-renchingly obvious or annoyingly vague, but I've only started learning Spring recently. Please forgive my inevitable n00bness. Right - disclaimer over with...

    I want to have a secure pages on my website only available to logged in users. So my spring controllers should check in the session for the particular key and value, and if it is not found, I want the controllers to return a ModelAndView for the login page. I don't particularly want to be writing request.getSession().contains( key ) in each servlet - so I was wondering what the best spring-like approach to this would be?

    cheers for any help / advice,

  • #2


    • #3
      Thanks for the link, looks pretty heavy-weight so I've been playing around with interceptors first to get the general idea.

      I've managed to use an interceptor for what I want - it checks the session and if not found does a response.sendRedirect(). However I'd prefer to use a ModelAndView somehow. Is there a way to achieve this?


      • #4
        You can apply advice to the Controllers.

        In that example the handleRequestBefore method returns void, but you can instead return a ModelAndView. If the user is not logged in, handleRequestBefore returns a modelAndView to the login page. If the user is logged in, handleRequestBefore returns null.


        • #5
          Personally I like to have login/security info "above" the actual application rather than within it, so I use a filter with a standard J2EE security layer (JAAS, Groups and Principals) for this type of thing.

          That's just a personal preference though.