Set an object in session automatically
i'm developing a web application using spring mvc, spring security and hibernate.
Is there any way to set an object in session with the user credentials automatically?? I mean, I have the current code in which I set the user object to the session manually:
@RequestMapping(value = { "/privados/procesarLogin",
"/sesiones/procesarLogin" }, method = RequestMethod.GET)
public ModelAndView procesarLogin(HttpServletRequest req) {
ModelAndView mav = new ModelAndView();
String usuario = (String) SecurityContextHolder.getContext()
.getAuthentication().getCredentials();
Usuario usuarioSesion = us.retornarUsuario(usuario);
HttpSession sesion = req.getSession(true);
sesion.setAttribute("usuarioSesion", usuarioSesion);
mav.setViewName("/privados/principal");
return mav;
}
but I won to create the user object and set it on session automatically after his login is successfully authenticated. How should I configurate my xml file?? my current one is:
//header
<global-method-security secured-annotations="enabled" />
<http auto-config="true" access-denied-page="/app/sesiones/procesarLogin">
<logout logout-success-url="/app/sesiones/login" />
<form-login authentication-failure-url="/app/sesiones/login?error=true"
login-page="/app/sesiones/login" default-target-url="/app/sesiones/procesarLogin" />
<intercept-url pattern="/app/privados/*" access="ROLE_USER" />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
开发者_如何学Go users-by-username-query="Select usuario, contrasena,true from Usuarios where usuario=?"
authorities-by-username-query="Select usuario, role from Usuarios where usuario=?" />
<password-encoder ref="passwordEncoder" />
</authentication-provider>
</authentication-manager>
<beans:bean id="jasyptPasswordEncryptor"
class="org.jasypt.util.password.BasicPasswordEncryptor" />
<beans:bean id="passwordEncoder" class="org.jasypt.spring.security3.PasswordEncoder">
<beans:property name="passwordEncryptor">
<beans:ref bean="jasyptPasswordEncryptor" />
</beans:property>
</beans:bean>
I hope your help Thanks in advance!
You can create a bean with scope=session which will instantiate it when a session is created. see 3.4 Bean Scopes.
Hope this helps.
If you are putting Usuario
object in session because you want to to reuse it in other methods of controller (or in other controllers), then better and cleaner way will be to inject it in method itself as following:
@RequestMapping(value = { "/privados/procesarLogin",
"/sesiones/procesarLogin" }, method = RequestMethod.GET)
public ModelAndView procesarLogin(HttpServletRequest req, Usuario usuario) {
/* Use usuario */
...
}
To do that, you will have to implement WebArgumentResolver and register it with AnnotationMethodHandlerAdapter. Transfer your existing code to resolveArgument
method of your WebArgumentResolver
implementation; that is, first check usuario in session otherwise build it from SecurityContextHolder
.
Spring also provides a HandlerInterceptors which could automatically be executed for every request and be programmed only once. Kind of like servlet filters, but interceptors allow to interact before and after handling the request.
精彩评论