• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Paul Clapham
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Liutauras Vilda
Saloon Keepers:
  • Tim Holloway
  • Carey Brown
  • Roland Mueller
  • Piet Souris
Bartenders:

Spring session management

 
Ranch Hand
Posts: 361
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am trying to build a simple web application. I want to work on session management and security related stuff. Prior to spring framework i have build a web application using front controller model, where I managed the session and user credentials.

Similarly i want to do session management(user login, userlog out, session time out, privilege based access to resource) etc in spring framework. I have searched on net but am not able to find anything useful. I am also currently reading spring in action3, but some how the security part is not that user friendly for me to understand. It concentrated more on login stuff and not on session management. Can someone please point me to good resource.

I was checking out http://spring.io/guides/gs/securing-web/, but i did not find it much useful since it makes use of spring boots and has nothing to do with session management.

Can someone please provide some pointers.
 
Ranch Hand
Posts: 37
jQuery Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Take a look at Spring MVC, part of the Spring Framework. MVC provides a concept of Interceptors (similar to Servlet filters), where you can manage security and session management.

- Link to Spring MVC Interceptor Example: http://www.mkyong.com/spring-mvc/spring-mvc-handler-interceptors-example/
- Authentication management with Interceptors: http://www.sivalabs.in/2011/06/authentication-checking-using-springmvc.html

You can also take a look at Spring Security, which is also based on Interceptors, for securing an application.

The examples on the spring.io site are invaluable, but there are also a LOT of videos on YouTube for each of these frameworks. Let me know if there is anything more specific I can help with.
 
Naresh Chaurasia
Ranch Hand
Posts: 361
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am trying to build a online e-store website. My UI is divided into Header/Body/Footer. In the header section, I have a link login, which call the loginPage() method from below controller and transfers control to login page. In the login page, i have a form with username and password fields. When user enters user name and password, it is validated and user is able to login.



Now I want to implement shopping cart, where user can store his items to be purchased. User can choose to login using the above functinality, else when user checks out for payment he should be prompted for login in, otherwise use can browse without login. I want to implement such functionality by harnessing the spring framework functionality. Can you please guide.
 
Michael A Hoffman
Ranch Hand
Posts: 37
jQuery Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It depends on your requirements. Most shopping cart checkouts are a flow (some support multi-cart, some require more steps, some less steps). If this is the case and the login may be required at more than one step in your flow, you can consider an Interceptor to centralize the logic. Otherwise, you can re-direct them to the login page as part of the shopping cart controller.

Also, some best practice / standard suggestions. I would narrow the scope of your @SessionAttributes annotation to the user form object if that is all you plan to store. I would create another component with the @Service annotation and put the logic for getting the user from the database:



Hopefully you are encrypting your password in the database? If not, highly recommend that you should, especially in a purchasing capability.

Finally, you may want to add a check to see if the user is already in session; otherwise, you are authenticating them every time.
 
reply
    Bookmark Topic Watch Topic
  • New Topic