Hi.
I use the following technique in authenticating my users :
If there is an instance of Visit class in session scope, then the user is authenticated, no,he should be redirected to login page.
This technique is implemented using a
servlet filter.
And ofcourse, the previous authentication is also applied to 'Add To Cart' opertaion.
Currently, I'm reimplementing 'Add To Cart' using Ajax (througnt DWR).
With DWR, I created a class called Service to add items to cart and in order to apply my desired authentication to Service class, I copied and pasted the authentication logic from the security filter to Service class.
So, do you suggest a way that doesn't duplicate the security logic twice ?
What about AOP (through Spring) ?
Yes, I know that DWR integerates well with
JEE security roles, but I'm not using them.