Spring HandlerInterceptors


Until now, we developed our Timesheet List and Enter Hours screens without worrying about authentication. However, one of our fundamental requirements from Chapter 2 is that employees can see only their own timesheets, which brings us to our Sign In and Sign Out features.

Spring provides the concept of interceptors for web application development; these enable you to intercept HTTP requests. We will use this feature to provide authentication for Time Expression.

To implement our sign in/out features, we will need to create the following files under the src/java/com/visualpatterns/timex directory:

  • controller/HttpRequestInterceptor.java

  • controller/SignInController.java

  • controller/SignInValidator.java

  • controller/SignOutController.java

  • util/ApplicationSecurityManager.java

  • util/DateUtil.java

  • view/signin.jsp

Authentication for Time Expression

The authentication for Time Expression is enabled by having all HTTP requests requiring authentication to be mapped as they go through our interceptor class, HttpRequestInterceptor.java. The following code excerpt demonstrates how an intercepted request can be preprocessed:

public class HttpRequestInterceptor extends HandlerInterceptorAdapter {    private ApplicationSecurityManager applicationSecurityManager;     public boolean preHandle(HttpServletRequest request,                              HttpServletResponse response,                              Object handler)            throws Exception     {         Employee employee =             (Employee)applicationSecurityManager.getEmployee(request);         if (employee == null)         {             response.sendRedirect(this.signInPage);             return false;         }         return true;


Notice the use of ApplicationSecurityManager here (and referenced several times earlier in this chapter). The complete code for this class should be fairly straightforward to follow because it essentially provides methods for seting, getting, and removing a HTTP session attribute named user (of type Employee, one of our domain objects), as demonstrated in the following code excerpt, which sets this attribute:

public static final String USER = "user"; public void setEmployee(HttpServletRequest request, Object employee) {     request.getSession(true).setAttribute(USER, employee); }


The SignInController class validates the login and also sets the Employee domain object using the ApplicationSecurityManager.setEmployee method, as shown next:

Employee formEmployee = (Employee) command; Employee dbEmployee = (Employee) command; if ((dbEmployee = employeeManager.getEmployee(formEmployee         .getEmployeeId())) == null)     errors.reject("error.login.invalid"); else     applicationSecurityManager.setEmployee(request, dbEmployee);


Our SignOutController class signs the user out by removing the Employee attribute from the session, as shown here:

applicationSecurityManager.removeEmployee(request);


Note

Our application uses a minimal index.jsp file, which will serve as our welcome file; this is placed under our src/web directory and forwards the request to the our signin.htm URL, as shown here:

<c:redirect url="signin.htm"/>





Agile Java Development with Spring, Hibernate and Eclipse
Agile Java Development with Spring, Hibernate and Eclipse
ISBN: 0672328968
EAN: 2147483647
Year: 2006
Pages: 219

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net