login/ logout implementation using cache and interceptor in spring

StackOverflow https://stackoverflow.com/questions/20946741

  •  24-09-2022
  •  | 
  •  

Question

I want to implement login/logout in my web application, I am using Spring MVC , and for login / logout i am using Ehcache and HandlerInterceptorAdapter. The basic idea is:

  • when user login -> authenticate with DB and if all the credentials are correct then store the user object in cache with a key and store the key in request object.

  • From the next request get the key from request object in preHandle() method of HandlerInterceptorAdapter and check in cache if exist, or
    redirect to login page.

code for storing in cache is:

 if(validateUserFromDB()){
  /* if a valid user */

     userDtlForm = iHomePageService.getUserDetails(emailIdOfUser);
     String token = generateSomeUniqueTokenForTheUser();

    /* put the user in cache :  [ key --> token || value--> userDtlForm ] */
    storeTheTokenInCache();
    request.setAttribute("token ", token );
}

now for every other request i am checking the cache against the token in my interceptor.

  public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
     String token = request.getAttribute("token");
     /* isValid == true when user exists inthe cache */
     boolean isValid =  checkCacheForTheToken(token);
     if (!isValid) {
           //redirect to login page
           return false;
    }
    return true;
}

but the problem is I am getting null value by request.getAttribute("token") in my interceptor.what i am doing wrong

Was it helpful?

Solution

  1. when user login -> authenticate with DB and if all the credentials are correct then store the user object in cache with a key and store the key in request object.

  2. From the next request get the key from request object in preHandle() method of HandlerInterceptorAdapter and check in cache if exist, or redirect to login page.

  3. In postHandle() again set the token back to client.

  4. maintain the token in a common jsp, thus it can be attached with all request.

What is the way to implement it, please suggest ..../

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top