-1

I'm new to spring mvc , I'm working on a web project admin panel.

Here is some example of my admin pages controllers :

@Controller
@RequestMapping("/admin/article/**")
public class ArticleController {
    private ArticleDao articleDao;
    private String fileName;
    private String baseUrl;

    public ArticleController() {
        articleDao = ArticleDaoFactory.create();
    }
    @RequestMapping(value = "/admin/article",method = RequestMethod.GET)
    public String doGet(ModelMap model,HttpServletRequest request,ArticleForm articleForm) {
        //some codes
    }


    @RequestMapping(value = "/admin/article/add",method = RequestMethod.GET)
    public String doGetAdd(ModelMap model,ArticleForm articleForm) {
        model.addAttribute("article", articleForm);
        return "admin/articleAdd";
    }
    @RequestMapping(value = "/admin/article/add",method = RequestMethod.POST)
    public String doPost(@ModelAttribute ArticleForm article, BindingResult result ,ModelMap model){
        //some codes
    }

    @RequestMapping(value = "/admin/article/edit/{id}",method = RequestMethod.GET)
    public String getEdit(ModelMap model, @PathVariable("id") int id) {
        //some codes
    }

    @RequestMapping(value = "/admin/article/edit/{id}",method = RequestMethod.POST)
    public String postEdit(ModelMap model, @PathVariable("id") int id, ArticleForm article, BindingResult result) {
        //some codes
    }
    @RequestMapping(value = "/admin/article/delete/{id}",method = RequestMethod.GET)
    public void getDelete(ModelMap model, @PathVariable("id") int id, HttpServletResponse response) {
        //some codes
    }
}

now I need another mapping in another contoller named AdminController (for example) to Authenticate admin and bring him to login page if he is not logged in. for sure Authenthication is one example, I might want to use more classes on every admin page.

Note that my authenthication class needs request and session references (and for sure my other classes will need other references created by spring)

I got to know that I can not get HttpServletRequest and ... using a constructor method so I wrote another request mapping to call a method.

Eventhough I can set my properties this way ,but I can not use this method on every admin url.

@Controller
@RequestMapping(value = "/admin/**",method = RequestMethod.GET)
public class AdminController {
    Authentication authentication;
    HttpServletRequest request;
    HttpSession session;
    HttpServletResponse response;
    public void checkAndSet(HttpSession session,HttpServletRequest request,HttpServletResponse response) {
        authentication = new Authentication(session,request);
        this.request = request;
        this.session = session;
        this.response = response;
        if(!authentication.isLoggedIn()){
            System.out.println(" I'm not logged in");
            response.setHeader("Location","/admin/login");
        }

    }

So I need some suggestion on how to write a request mapping in a controller to call a method on every other controllers that are 'admin' page child ?

FYI : I'm not thinking for spring security for this.

thanks;

Sepehr GH
  • 1,297
  • 1
  • 17
  • 39

1 Answers1

1

I think you can do it by implementing a servlet filter.

For example :

public class AuthenticationFilter extends GenericFilterBean {

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
        String url = request.getServletPath();
        HttpSession session = request.getSession(false);
        Authentication authentication = new Authentication(session,request);


        if (isAdminUrl(url) && !authentication.isLoggedIn()) {
            res.sendRedirect/admin/login");
        }
        chain.doFilter(req, res);
    }
}

And then, you have to implement the method isAdminUrl(String url) to determine if you want to apply your filter.

Otherwise, I strongly recommend you to take a look at Spring Security

victor gallet
  • 1,819
  • 17
  • 25
  • Agree with Spring Security. Since SpringMVC is alreardy used, HandlerInterceptors(http://docs.spring.io/spring-framework/docs/current/spring-framework-reference/html/mvc.html#mvc-handlermapping-interceptor) could be another option (but not for security!). – jny Nov 10 '15 at 14:09
  • Thank for your great answer and advice. I should note that as I already mentioned I might need something more than spring security or default authentication . If I'm not wrong, I should write a method in same class, named `isAdminUrl` to check if entered url is admin url .... right ? – Sepehr GH Nov 11 '15 at 07:08
  • Well , I figured how to work with this . Thank you :) – Sepehr GH Nov 11 '15 at 08:04