It seems like a simple task but I did not yet find a straight answer how to do it. I'm using Mustache in a small Spring Boot application. In my header partial I'd like to render logout link only when user is authenticated. How can I achieve this?
If you have a mapped object on your view for your logged user like "userObject" you can do it like this:
{{^userObject}}<a href='/login'>Login</a>{{/userObject}}{{#userObject}}<a href='/logout'>logout</a>{{/userObject}}
Related
I'm migrating a Play! 1.2 web application and moving to Spring Boot + Spring MVC. Some views contain URLs to other endpoints. For example, I display the book title on the page and next to it I want to add the URL to go the book's details page (e.g. localhost/books/{id}).
In Play! 1.2 the controllers are static, and there is also a Router which can create the full URL for a method belonging to another controller (Router.getFullUrl("BookController.bookDetails", args)), but how do I achieve this with Spring MVC?
Best regards,
Cristian.
If you are trying to get the app/deployed name automatically in .jsp files to make the urls, then please make use of context path. An example below :
<c:set var="context" value="${pageContext.request.contextPath}" />
<script src="${context}/themes/js/jquery.js"></script>
From your requirement "admin.myapp.com","admin-test.myapp.com" are server names right? Something like http://admin.myapp.com/book/{bookId},http://admin-test.myapp.com/book/{bookId}. In Spring app, relative path in jsp can be accessed using pageContext.request.contextPath
I also found the UriComponentsBuilder and ServletUriComponentsBuilder. They are similar to the Play! Framework router and provide methods for building URI's, handling parameters and the query etc. We chose to annotate the controllers' methods using constants and then use the same constants with the UriComponentsBuilder to build back the path and create the request query for GET requests.
Suppose I have a Grails 2.4.3 application, with one controller:
#Secured(['ROLE_USER'])
Class HeyController {
def doSomething() { render "Do something" }
def doSomethingElse() { render "Do something else" }
}
I would like to tell the underlying Spring Security framework to secure access like so:
Form based login for http://myhost:8080/app/hey/doSomething
Basic HTTP authentication for http://myhost:8080/app/hey/doSomethingElse
I know it's possible to configure this access using vanilla Spring security using two <http> configuration sections for each access pattern in the security context configuration file.
Therefore, there must be some way to setup Spring Security via Grails right? Thanks!
... nevermind facepalm. It seems to be the case:
http://grails-plugins.github.io/grails-spring-security-core/guide/authentication.html
I'll mark the answer as soon as I get it working in practice. Thanks!
In my application, after a user is logged in, every time he sends a request (get/post), before calling the method in controller, i want to verify the session attribute set in the request (i set a session attribute during his login). I see that this can be implemented through spring interceptors (OR) spring AOP. which one should i use?. I have a feeling interceptors are outdated. Or is there a way in spring security which does this for me?
So you want this intercept to happen only for all the controller methods ..? Does the controller have Base URL that its getting invoked for (post/get/delete)...? Is it more like you want to intercept the http request for a particualt URL ..? like this one
<intercept-url pattern="/styles/**" filters=" .." />
If your use case is boiled down to a particular URL pattern then you can write a custom filter extending GenericFilterBean and you can plug it to the filters attribute.So this will get called for every request matching url pattern and in your custom filter you can do whatever you wanted to do.
What if you try implementing a simple Filter? You can extend already existing Spring filter, or create your own by implementing javax.servlet.Filter
The spring security way seems the best way to me with access to specific roles also can be assigned. very good example given in http://www.mkyong.com/spring-security/spring-security-form-login-using-database/
In my web application I am using Spring login form (with Spring-security). By default the login form has the fields j_username and j_password. I need to add one more element(checkbox for Terms&Conditions). The current code doesn't have LoginForm as well as LoginController since Spring is internally handling it.
Can anyone please tell how to handle/override this?
I have seen this link Spring security custom login page
But I need to add the new element in LoginForm (which is not existing currently) - where I need to add this new element(in Form - .java file)
Also should I write a new controller (LoginController) or can I use any existing filter as given here? http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#filter-stack
Does the user just have to check the box in order to procede, or does it bind to a backing model object.
If it's the former, I'd just handle it through javascript. If the latter, the easiest way would probably be implementing an Authentication Filter, this area of the documentation might help:
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/core-web-filters.html#form-login-filter
I'm trying to show a login box in my page only if the user is not authenticated yet.
I'm using Spring Security 3.0.
Do I have to check inside the view (JSP page) through some value I set on the model while processing the request in the Controller or is there another way to achieve this?
Checking inside the JSP seems the most straightforward here. The Spring Security taglib lets you do just that.
See http://static.springsource.org/spring-security/site/docs/3.0.x/reference/taglibs.html