Похожие чаты

Thank you very much for your answer. I'm familiar with spring

security concepts.

I have used spring mvc and thymeleaf as view technology and enabled spring security by extending WebSecurityConfigurerAdapter.

I have two table in db :
User and VerificationToken.

User can login with social login or custom login.

After Successfully logged in, user will be redirect to a dashboard page.

Untill now i dont show user id in the url.
In fact i used a controller class with @ModelAttribute method that check user is logged in or not with SecurityContextHolder.getContext.getAuthentication.getName

then this method check this name exist in database and its token in database is expired or not.

Then i will use this user object in other @RequestMapping method to check if the user object is null or not.
If the user is null so redirect to 403 or login page.
And if user is not null let to continue in that method.

Is true this scenario?

3 ответов

9 просмотров

I think Spring Security managed this scenario automatically just you can add a filter chain for managing verification token you can see this mkyong.com link.x

No need to check null user, spring sec filter will handle this.

As gyus already said, spring security already does that for you. Let me explain in more detail. The backbone of all interactions with your app is Servlet. Spring uses "jsessionid" to distinguish connected clients (another word to not use "user"), to distinguish http sessions in other words. Another layer of your app is database and User, Role, UserRole entities. Spring security maps jsessionid (for the most simple case, any other thing also may be used, like token) to the actual User+Role from db, and applies access rules (expressed with spring security filters). This mechanism already performs what you are trying to achieve by storing userid in http session or in views. I see that you have a "dashboard" page and assume that you are building an spa app. Try googling "spring security spa" or "srping security rest", this is another topic.

Похожие вопросы

Обсуждают сегодня

30500 за редактор? )
Владимир
47
а через ESC-код ?
Alexey Kulakov
29
Anyone knows where there are some instructions or discort about failed bridge transactions ?
Jochem
21
Чёт не понял, я ж правильной функцией воспользовался чтобы вывести отладочную информацию? но что-то она не ловится
notme
18
Привет)) уже кажется эту тему перемусолили, но вот я так и не понял. Я сейчас сижу на 27дюймов 2к мониторе. На Актуальной макоси, если я куплю 27д 4к монитор: - будет ли изобр...
Vladislav Piskunov
16
Also, why can’t the community have a vote/ say when it comes to initiatives like buybacks. Isn’t the point of crypto decentralisation? Don’t we deserve input as long term supp...
👨🏽‍🦰
13
any reference of this implementation?
BitBuddha
29
Страшнейшая правда про списки ЦБ. С первых дней жизни P2P сферы, молодые человеки, начитавшись законодательной базы и "внутренних" документов, решили, что им противостоит сер...
Foxcool
3
У меня есть функция где происходит это: write_bit(buffer, 1); write_bit(buffer, 0); write_bit(buffer, 1); write_bit(buffer, 1); write_bit(buffer, 1); w...
~
14
Hi guys, any problem with Pulsebrige? Trying to transfer from wETH to ETH. First it tells me to connect my metamask "through mobile app" not desktop. Then I did and confirmed ...
Snowflakecrypto
13
Карта сайта