Spring MVC 3.0 Basic Authentication Implementation
If you are already using SpringMVC, why don't you use also SpringSecurity (manual)? It has all the components built-in that you need to set up your form-based- or basic-authentication. And, you can easily add new authentication methods in the future.
EDIT: see also this question for a possible solution, using Spring Security.
danny.lesnik
Java Expert at Tikal Knowledge. Interesting in Spring/Hibernate/NoSQL/Spring MVC and other Java top edge technology. Twitter LinkedIn Facebook
Updated on June 04, 2022Comments
-
danny.lesnik almost 2 years
I'm currently transforming my Web Application tn Java with Spring MVC framework from ASP.NET (good way to learn it though -:) ) I need to implement authentication in my application: Please tell me if my approach is good and professional enough and if not what is the best practice to do that:
First of all I'm writing User class which holds all information about current user firstname/lastname/email/id/etc....
class User implements Serializable{ private String firstName; private String lastName; private Long id; private String email; ///Settters and Getters }
I'm implementing class Named DlSession and implementing it on sesison level.
<bean id="MySession" class="DlSession" scope="session"> <aop:scoped-proxy/> class DlSession implements Serializable{ private User currentUser; public DlSession(){} // getters and setters: }
When User submits his user/pass I'm verifying the credential and if user exists retrieving all the user Data to the instance of User class. Then I'm setting currentUser in Session to b the user I retrieved:
mySesison.setCurrentUser(user);
In order to verify authentication I need to check:
if (mySession.getcurrentUser() == null) //return unauthenticated else //return authenticated
To logout user from system I just doing:
mySession.setcurrentUser(null);
Is this approach correct? any suggestions are more then welcomed. :)