Spring MVC 3.0 Basic Authentication Implementation

Question

I'm currently transforming my Web Application tn Java with Spring MVC framework from ASP.NET (good way to learn it though -:) ) I need to implement authentication in my application: Please tell me if my approach is good and professional enough and if not what is the best practice to do that:

First of all I'm writing User class which holds all information about current user firstname/lastname/email/id/etc....

class User implements Serializable{
private String firstName;
private String lastName;
private Long id;
private String email;

///Settters and Getters

}

I'm implementing class Named DlSession and implementing it on sesison level.

<bean id="MySession" class="DlSession" scope="session">
<aop:scoped-proxy/>

class DlSession implements Serializable{
private User currentUser;

public DlSession(){}

// getters and setters:
}

When User submits his user/pass I'm verifying the credential and if user exists retrieving all the user Data to the instance of User class. Then I'm setting currentUser in Session to b the user I retrieved:

mySesison.setCurrentUser(user);

In order to verify authentication I need to check:

if (mySession.getcurrentUser() == null)
//return unauthenticated 
else 
//return authenticated

To logout user from system I just doing:

mySession.setcurrentUser(null);

Is this approach correct? any suggestions are more then welcomed. :)

Answer 1

If you are already using SpringMVC , why don't you use also SpringSecurity ( manual )? It has all the components built-in that you need to set up your form-based- or basic-authentication . And, you can easily add new authentication methods in the future.

EDIT : see also this question for a possible solution, using Spring Security.