1

In a Spring MVC application using Sitemesh to decorate my views, I want to inject into every Model a security attribute called sec of type WebSecurityExpressionRoot.

This way I could call hasAnyRole(), hasAuthority()... in all my views so administrators would be presented extra stuff by the underlying templating engine (Thymeleaf BTW).

A custom HandlerInterceptorAdapter with an overridden postHandle(...) seems to be Spring MVC's way of accomplishing this, but it seems that my master Sitemesh decorator is kind of stealing my security attribute, because whenever I try to reference in some views it is null.

BUT only the views rendered after one of my controllers are affected, the ones mapped with mvc:view-controller do have the sec attribute.

I'm considering writing a Filter to stash sec into the current HttpServletRequest to solve this issue but I'm maybe missing something.

Thanks in advance!

reevesy
  • 3,452
  • 1
  • 26
  • 23
sylvain
  • 246
  • 2
  • 5

1 Answers1

0

Are you sure the mvc:view-controller views/path are hitting the interceptor?

Also, I don't know about Thymeleaf, but using JSPs (eg, JstlView) makes Spring MVC copy Model into Request attributes (for purposes of rendering the view) -- the fact that Sitemesh also gets the values via request attributes is, I think, a consequence.

Ricardo Pardini
  • 922
  • 7
  • 17