It's so frustating, but I cannot upgrade Spring core to 3.1, only MVC.
The thing is that I need to use Flash Attributes after a redirect.
Or maybe there's a "howto" to do the same as RedirectAttributes, in Spring 3.0.
Thank you so much!
You can just implement it yourself.
For the flash request attributes, add them to the session with a special flag attribute (a prefix in their string key value), like REDIRECT_HAPPENING_<attributeName>.
Then create an interceptor that checks if you have any attributes named that way in the session. If you do, add them as request attributes (and remove them from the session - you can do this in postHandle()), otherwise return.
Related
Some one please me to find out the spring mvc examples,
Because usually, once we log in into the application we will create a session and put some objects into session . we will access later point of time , request scope as well. but spring MVC3 is difficult to understand even documentation also confusing, but every one giving example is basic examples only.
You can access these objects in a JSP/JSTL:
applicationScope
cookie
header
headerValues
initParam
pageContext
pageScope
param
paramValues
requestScope
sessionScope
As well as any request attributes that you add, including model attributes (who's default name is command).
More info here: http://www.informit.com/articles/article.aspx?p=30946&seqNum=7
If you want to access HttpRequest, HttpResponse, HttpSession, add them as arguments to a Spring Controller Handler Method . Spring will pass them in for you.
In my application, after a user is logged in, every time he sends a request (get/post), before calling the method in controller, i want to verify the session attribute set in the request (i set a session attribute during his login). I see that this can be implemented through spring interceptors (OR) spring AOP. which one should i use?. I have a feeling interceptors are outdated. Or is there a way in spring security which does this for me?
So you want this intercept to happen only for all the controller methods ..? Does the controller have Base URL that its getting invoked for (post/get/delete)...? Is it more like you want to intercept the http request for a particualt URL ..? like this one
<intercept-url pattern="/styles/**" filters=" .." />
If your use case is boiled down to a particular URL pattern then you can write a custom filter extending GenericFilterBean and you can plug it to the filters attribute.So this will get called for every request matching url pattern and in your custom filter you can do whatever you wanted to do.
What if you try implementing a simple Filter? You can extend already existing Spring filter, or create your own by implementing javax.servlet.Filter
The spring security way seems the best way to me with access to specific roles also can be assigned. very good example given in http://www.mkyong.com/spring-security/spring-security-form-login-using-database/
So we're using spring-security-redirect as a parameter in the form that is sent to j_spring_security_check, in order to send the user to the correct page after a successful login. Migrating from Spring security 3.0 to 3.1, this stopped working. We use a subclass of SavedRequestAwareAuthenticationSuccessHandler, overriding onAuthenticationSuccess(), and debugging that method I see that getTargetUrlParameter() returns null. isAlwaysUseDefaultTargetUrl() returns false.
Browsing around I can't find anyone having similar problems... I find some references to AbstractAuthenticationTargetUrlRequestHandler.DEFAULT_TARGET_PARAMETER, which seems to have disappeared in 3.1.
Any ideas?
As per Spring security 3.1 xsd,
Attribute : authentication-success-handler-ref
Reference to an AuthenticationSuccessHandler bean which should be used to handle a successful authentication
request. Should not be used in combination with default-target-url (or always-use-default-target-url) as the
implementation should always deal with navigation to the subsequent destination.
So, in your subclass, you have to perform the redirection.
In my web application I am using Spring login form (with Spring-security). By default the login form has the fields j_username and j_password. I need to add one more element(checkbox for Terms&Conditions). The current code doesn't have LoginForm as well as LoginController since Spring is internally handling it.
Can anyone please tell how to handle/override this?
I have seen this link Spring security custom login page
But I need to add the new element in LoginForm (which is not existing currently) - where I need to add this new element(in Form - .java file)
Also should I write a new controller (LoginController) or can I use any existing filter as given here? http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#filter-stack
Does the user just have to check the box in order to procede, or does it bind to a backing model object.
If it's the former, I'd just handle it through javascript. If the latter, the easiest way would probably be implementing an Authentication Filter, this area of the documentation might help:
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/core-web-filters.html#form-login-filter
I have difficult understand the proper usage of #SessionAttribute annotation.
I wonder does the #SessionAttribute is used to store user authentication object or use to store the form object that exist within the session only.
I want to check whether a use has been login before invoke the handler.
I really confuse between these three class object.
Session scope bean
#SessionAttribute
HttpSession
Please give a proper example of #SessionAttribute usage and pron/cons of each of this
Thanks.
#SessionAttribute is for temporarily storing model objects in the session. Examples include storing a set of search criteria or storing data for a multi-page wizard.
If you're after checking for authentication status, while in theory you could probably hack something together with #SessionAttribute, you're much better off using Spring Security. There are many other authentication and authorization concerns that you aren't addressing if you don't have a security solution in place.