Announcement Announcement Module
No announcement yet.
Forms, views, and resolving to a controller... Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Forms, views, and resolving to a controller...

    Hey all... this is sort of an architecture question, and my first post on this forum, so please be gentle.

    This is my first experience with Spring, and really my first "from-ground-up" web application development experience after PHP. I've helped add on to Struts applications before, and I'm perfectly certain that I'm making all sorts of mistakes, but I'll get to those later. So that all said...

    I've got a nicely running application that's allowing database access, and I understand how most of it works. I understand how SimpleUrlHandlerMapping can map root URIs to controller beans. The problem is that some of these beans require permissions to access them, and I haven't found out how to return a view that would "trigger" (so to speak) the form bean.

    Example: I have an account form that needs to be hidden from some users. So mapping account.htm-->accountForm (where accountForm can be /WEB-INF/jsp/accountForm.jsp) wouldn't work, because account.htm is accessible by everyone. But I can't, in my navigation controller code, return "accountForm" (that maps to "WEB-INF/jsp/accountForm.jsp", but it complains about missing request objects... and I like using the jstlView for some things)... nor can I return "new RedirectView("/account.htm")" for previous security reasons...

    What's the middle ground that I'm missing? Thanks in advance!

    EDIT: And one more thing... would reading Expert One-on-One J2EE Development without EJB help me significantly in development? I learned about Spring through Better, Faster, Ligher Java. Thanks again!

  • #2

    Why not use security to restrict access to certain resources, such as account.htm. If someone is trying to access this resource you can direct them to a login page.

    There are of course several ways to implement security, but one of the most flexible ways is to use Acegi Security.

    Arjan Huijzer


    • #3
      You may want to add interceptors to the urlMapping as shown below. The interceptor has to extend HandlerInterceptorAdapter where you override the preHandle method to check if the user is logged in or not and do the appropriate. Doing this way, you can protect new resources very easily just by adding the htm form mapping to the props.

      <bean id="urlMapping" class="org.springframework.web.servlet.handler.Sim pleUrlHandlerMapping">
      <property name="interceptors">
      <ref bean="loggedOnStatusInterceptor"/>
      <property name="mappings">
      <prop key="/account.htm">accountForm</prop>