Basically, I have created a webapp - which should restrict access to users who are not logged in to the system.
The system is utilising a "user" object to persist session state between the client and the server, this effectively serves as the cookie.
The urls /index, /login, /register can be accessed by all users visiting the webapp, regardless if they are registered, or logged in.
However, anything outside of this url boundary should redirect the user to the registration page.
In order to achieve this, I've been using springs HandlerInterceptorAdapter - and implementing some basic checking in the preHandle(). However - everything I've come up with is getting caught up in a redirect loop.
Any and all suggestions on how to resolve this are most welcome and appreciated. Any advice, articles or examples on where I can expand my knowledge of this use case are most appreciated. Comments on if and why my approach is flawed, and what best practices are I am keen to hear.
Keep in mind id rather not go down the spring security route just yet - trying to keep this as simple as possible.
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response,
Object handler) throws Exception {
HttpSession session = request.getSession();
User user;
try {
user = (User) request.getAttribute("user");
} catch (Exception e) {
e.toString();
return true;
}
if (user == null && request.getPathInfo() != "/login"
|| user == null && request.getPathInfo() != "/register"
|| user == null && request.getPathInfo() == "/index") {
response.sendRedirect("register");
return true;
} else {
return true;
}
}
