when user login -> authenticate with DB and if all the credentials are correct then store the user object in cache with a key and store the key in request object.
From the next request get the key from request object in preHandle() method of HandlerInterceptorAdapter and check in cache if exist, or redirect to login page.
In postHandle() again set the token back to client.
maintain the token in a common jsp, thus it can be attached with all request.
What is the way to implement it, please suggest ..../