Spring Session Management
Question
I'm using Spring for my web app. I have used several SimpleFormControllers. I've created a session in the first SimpleFormController for the login page using:
HttpSession session = request.getSession(true);
How can I protect other SimpleFormControllers using Sessions, ie so that other controllers won't load if the user is not loged in.
Thank you
2 answers
solution1
6 2010-12-28 05:52:39
You probably want to use Spring Security. It's flexible and allows restrictions based on roles.
Without it, you will need to manually check in every controller whether the user logged in or not. Or you'll have to "reinvent" a security framework by adding filter to the webapp.
If you only want to protect the operation of getting the session, you need to write a filter that wraps the original request and overrides the getSession methods. There you can check for login data using the original request's getSession() .
BTW, getSession() is equivalent to getSession(true)
solution2
0 2014-03-01 00:39:05
To protect the Controller from access outside of the intended Session, you may want to compare the Scoping rules you need with this clearly written Guide. How to get Session Object In Spring MVC
The author gives an example of creating a Controller annotated with @Scope("session")
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.