2

I've looked everywhere but haven't found a simple solution.

We have a special JSP, timeout.jsp, that needs to be shown whenever a SpringMVC module intercepts an invalid session action. The timeout is already configured in web.xml and works correctly.

Previously in Struts, it was a matter of defining a forward and intercepting dispatchMethod,

<forward name="sessionTimeout" path="/WEB-INF/timeout.jsp" redirect="false" />

   @Override
    protected ActionForward dispatchMethod(final ActionMapping mapping, final ActionForm form,
            final HttpServletRequest request, final HttpServletResponse response, final String name)
            throws Exception {
           //...
          if (!isSessionValid())
             return mapping.findForward("sessionTimeout");
}

But how would you implement a catch-all solution in SpringMVC modules?

All my SpringMVC URLs come to this servlet mapping, *.mvc:

<servlet-mapping>
    <servlet-name>mvc-dispatcher</servlet-name>
    <url-pattern>*.mvc</url-pattern>
</servlet-mapping>

Anything that sends a URL with this pattern should be cross-checked for session validity and if invalid, redirected to timeout.jsp.

NOTE The solution given here (https://stackoverflow.com/a/5642344/1005607) did not work:

<web-app>
    <error-page>
        <exception-type>org.springframework.web.HttpSessionRequiredException</exception-type>
        <location>/index.jsp</location>
    </error-page>
</web-app>

There's a NullPointerException in my SpringMVC Form Code even before any kind of SessionRequiredException, as soon as I try to access the session. I need to globally protect against these NullPointerExceptions.

Community
  • 1
  • 1
gene b.
  • 10,512
  • 21
  • 115
  • 227
  • 1
    Hi gene you could use interceptors for this functionality a SO thread to get you started http://stackoverflow.com/questions/8295977/interceptors-in-spring-mvc – Robert Ellis Feb 24 '16 at 19:50

1 Answers1

1

My final solution: an old-fashioned Filter. It works for me, no other simple solution available.

web.xml

<filter>
    <filter-name>spring_mvc_controller_filter</filter-name>
    <filter-class>myapp.mypackage.SpringMVCControllerFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>spring_mvc_controller_filter</filter-name>
    <url-pattern>*.mvc</url-pattern>
</filter-mapping>

SpringMVCControllerFilter

public class SpringMVCControllerFilter implements Filter
{

    @Override
    public void destroy() {
        // TODO Auto-generated method stub

    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {

        HttpSession session = request.getSession(false);
        if (session.isValid() && !session.isNew())
        {
            chain.doFilter(request, response);
        }
        else
        {
            request.getRequestDispatcher("/WEB-INF/jsp/sessionTimeout.jsp").forward(request, response);
        }


    }

    @Override
    public void init(FilterConfig arg0) throws ServletException {
        // TODO Auto-generated method stub

    }

}
gene b.
  • 10,512
  • 21
  • 115
  • 227
  • Why are you using a `SessionHandler` for that ??? AFAIK it is a Jetty class, so it will not work in Tomcat for example. Why not `if (request.getSession(false) != null) { chain.doFilter(...` And you should also say that you have to make the filter to not process the initial *login* page... – Serge Ballesta Feb 26 '16 at 16:26
  • And as you were said in comment, a Spring interceptor would be perfectly acceptable (and probably simpler to write and integrate in a Spring MVC application) – Serge Ballesta Feb 26 '16 at 16:27
  • thanks yes SessionHandler was our own class, I edited my answer to clarify it was merely doing the usual session.isValid checks. – gene b. Feb 26 '16 at 16:38