0

1. Controller

@Controller
public class myViewController{
    @RequestMapping("myMainPage") public void myMainPage(Model model){
        model.addAttribute("logoImg", "site_logo.png");
    }
}

2. Aspect

@Around("execution(* com.gas..controller.*Controller.*(..))")
public Object checkAuth(ProceedingJoinPoint joinPoint) throws Throwable{
    // this aspect is check "Auth Level" before view Controller running
    // if "User Auth Level" is lower then return error page(new ModelAndView("error");)
    // ... auth Level check

    Object resultObject = null;
    if (authLevel > 0){
        resultObject = joinPoint.proceed();
    } else {
        // permission denied
        resultObject = new ModelAndView("error");
    } 
}

3. Test

My expectation is that I should see an error page, but... it didn't work(I can see mainPage)
always show mainPage

why is not worked when return type is void?

is works, LOL... but I don't understand difference void and modelAndView

help teach me.

4. Solution

@Controller
public class myViewController{
    @RequestMapping("myMainPage") public ModelAndView myMainPage(Model model){
        model.addAttribute("logoImg", "site_logo.png");
        return new ModelAndView("myMainPage");
    }
}
kriegaex
  • 63,017
  • 15
  • 111
  • 202
gf160
  • 21
  • 1
  • 2
  • 1
    You return `void` which you cannot change in your aspect. So you cannot suddenly return `ModelAndView`, as that will be simply ignored. That being said I would strongly advice against what you are trying to do here as it seems like you are implementing your own security framework. Use an existing one like Apache Shiro or Spring Security instead. – M. Deinum Mar 28 '23 at 07:57
  • Welcome to SO. I fixed the formatting issues in your question, especially the excessive use of back-tick characters inside code blocks. I also made your section headers a bit less chatty. Please note that instead of editing the question to also include the solution, you should write an answer. It is perfectly fine to answer your own question for everyone's benefit. If the solution was suggested by another user like in this case, please mention him to give him credit. Finally, it is even possible to accept your own answer in order to mark the question as solved. Kind regards. – kriegaex Mar 28 '23 at 14:53

1 Answers1

0

You return void from your controller method, which is something you cannot change with an Aspect. So you cannot suddenly return ModelAndView, as that will be simply ignored (in the end it will still be void aka nothing).

Instead of returning a ModelAndView you could throw an exception which you globally handle instead of returning a dedicated ModelAndView.

That being said I would strongly advice against what you are trying to do here as it seems like you are implementing your own security framework. Use an existing one like Apache Shiro or Spring Security instead.

M. Deinum
  • 115,695
  • 22
  • 220
  • 224