0

Suppose that user has opened 2 different pages of my application in two different tabs. If the user logs out from the first tab and performs some action on another tab then he must be redirected to index.jsp (login page). This is what should happen ideally. But in my case in the second tab NullPointerException is thrown because session is null as user has logged out from the first tab. In order to avoid this problem, I added a check in pageLoad method of my controller

HttpSession session = pRequest.getSession(false);
    if (session == null) {
    Map lDataMap = new HashMap();
    return new ModelAndView("index", lDataMap);
}

But I cant return ModelAndView object from all of my controller methods. Because few methods are there in my controller which are being called from JavaScript using DWR. They are returning boolean. I cant change their return type.

I need a different solution to avoid this problem. Main problem is want to stop the user from entering the application after he has logged out until he logs in again.

user55926
  • 315
  • 1
  • 14
  • just check whether user is authentic or not – Arijit Mukherjee Jul 11 '14 at 08:09
  • If this method is called this basically means this method isn't passing through Spring Security or is allowed to be accessed by everyone. Make sure that you secure all URLs and if you need authentication then declare it in your spring security config. – M. Deinum Jul 11 '14 at 12:12

2 Answers2

0

I suggest to user a Servlet Filter that manages the logged in status.

The logged-in status should be a setted attribute of the session, not a not-null session!

There are lots of examples if you google for login servlet filter, like: How implement a login filter in JSF?

Community
  • 1
  • 1
DavidC
  • 218
  • 1
  • 12
  • I have added a LoginFilter to my application which basically does this Object infoMap = req.getSession().getAttribute("CURRENT_USER"); if (infoMap != null) { chain.doFilter(request, response); } else { HttpServletResponse res = (HttpServletResponse) response; res.sendRedirect(req.getContextPath() + "/myapp/index.jsp"); } I am using the url pattern as /wlmmaint/* But the problem is it goes on in a loop- checks if CURRENT_USER is null - it is null for a new login and goes to index.jsp again on index.jsp same cycle repeats. even the login page contains /wlmmaint/* in the url so prob – user55926 Jul 11 '14 at 10:25
  • Adding a filter worked. I checked for a session attribute and if it was not present then I redirected user to the login page. Problem I was facing was that it was going around in circles because when the request was coming for login page it was again checking if that session attribute was present (which naturally wont be there). To avoid that I checked if request.getRequestURI() contains login.jsp then call chain.doFilter(request,response). – user55926 Jul 14 '14 at 05:13
  • well done! another solution could be to use a fine configured in web-xml to do that. This way your filter class is independent and reusable. – DavidC Jul 14 '14 at 13:08
0

Disabling cache will stop the user from entering the application after he has logged out until he logs in again. Following configuration is required:

<bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter">
        <property name="cacheSeconds" value="0" />
</bean>

Demo of use case: http://www.youtube.com/watch?v=vR6jYVEMJS0&list=UUdFttVqX3UDsia9U8mcJzUg

nikhil
  • 53
  • 1
  • 5