Wednesday, 20 August 2014

Spring MVC Session and Security - Part I.

How to get Session Object In Spring MVC
Getting HttpSession Object in Spring Controller is very easy . Just Put it as a method parameter in controller method and Spring will automatically inject it .
@RequestMapping(value = "/test", method = RequestMethod.POST)
 @ResponseBody
 public JsonResponse getSessionIncontroller
         (@RequestBody String jsonReqString ,HttpSession session)
{

  session.setAttribute("success" , "successfully accessed");
  return jsonResponse;
 } Access the session variable in jsp using EL like this :
<%@ page isELIgnored="false"%>
<c:if test="${not empty success}">
   <div id="success" class="success">
    <c:out value="${success}"></c:out>
   </div>
</c:if>

Or , you can inject HttpServletRequest Object in controller method and get the session object from it
@RequestMapping(value = "/test", method = RequestMethod.POST)
 @ResponseBody
 public JsonResponse getSessionIncontroller
         (@RequestBody String jsonReqString ,HttpServletRequest request)
{
  Session session = request.getSession();
  session.setAttribute("success" , "successfully accessed");
  return jsonResponse;
 }

 There is another approach where we create Session scoped Controller . This Controller get created for each session and controller object is stored in session.
@Controller
@Scope("session")
public class SessionScopedController
{
   private Cart cart = new Cart();

   @RequestMapping("/addToCart")
   public String addToCart(@RequestParam("id") int id)
   {
     
   }
}
Or , you can create a session scoped component and inject this in your controller like this :
@Component
@Scope("session")
public class Cart
{
   // simple POJO fields
}
@Controller
@Scope("request")
public class SessionController
{
   @Autowired
   private Cart cart;

   @RequestMapping("/addToCart")
   public String addToCart(@RequestParam("id") int id)
   {
      //
   }
} ‘

Please note that the scope of controller is request , so for every request a new controller is created and session variable cart is injected in this . Another method is to use Scoped Proxy like this :
@Component
@Scope("session",proxyMode=ScopedProxyMode.INTERFACES)
public class Cart
{
   // simple POJO fields
}
@Controller
public class SessionController
{
   @Autowired
   private Cart cart;

   @RequestMapping("/addToCart")
   public String addToCart(@RequestParam("id") int id)
   {
      //
   }
}
Now the controller need not be request scope. So the overhead of creating a controller for each request is removed , and we don't have to add HttpSession in each controller method either . The Scoped Proxy make sure to get the session each


at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Angular Tutorial (Update to Angular 7)

As Angular 7 has just been released a few days ago. This tutorial is updated to show you how to create an Angular 7 project and the new fe...

  • MySQL Connector/Net ASP.NET Membership and Role Provider
    Many web sites feature the facility for the user to create a user account. They can then log into the web site and enjoy a persona...
  • Writing Cross-Browser Code
    Same Markup: Writing Cross-Browser Code Thursday, April 15, 2010 3:19 AM 68 I recently presented a  session at MIX10  cover...
  • (no title)
    If you are used to developing websites using .NET but are now using Angular 4 without any .NET, you may be wondering “how can I get my web...