2

I am developing a Spring application and I am authenticating user in HandlerInterceptorAdapter's prehandle() method and if user authenticated I am setting request attribute like this:

@Override
public boolean preHandle(HttpServletRequest request, 
                         HttpServletResponse response, 
                         Object handler) throws Exception {  

    request.setAttribute("isAuthenticated",true);
    request.setAttribute("user",user);    
}

if user not authenticated I am setting like this

@Override
public boolean preHandle(HttpServletRequest request, 
                         HttpServletResponse response, 
                         Object handler) throws Exception {

    request.setAttribute("isAuthenticated",false);
    request.setAttribute("user",null);        
}

and then later in controller method I am retrieving user with HttpServletRequest like this:

@GetMapping(value = "/user", produces = "application/json")
public Object getUserByToken(HttpServletRequest request) {

    if((Boolean) request.getAttribute("isAuthenticated")) {
        return request.getAttribute("user");
    }

    return ResponseEntity.status(UNAUTHORIZED).body("unauthorized");       
}

The problem is I need to receive HttpServletRequest in each controller method to check if user authenticated.

What I want is that a method that is called before controller method and inside the controller class, so that I can set user in one place and get from all other controller methods

Improve this question
2
  • 4
    Is there a reason why you don't using spring-security and writing implementation of your own? Commented Jul 6, 2017 at 9:21
  • Can solve this problem using spring-security Commented Jul 6, 2017 at 10:20

1 Answer 1

Reset to default
2

Write a base controller this way: 

public class BaseController {

    @ModelAttribute("user")
    public User getUser(HttpServletRequest request) {
        return (User)request.getAttribute("user");
    }
}

Extend all you controllers from BaseController. 

@RequestMapping(value = "/user", produces = "application/json")
public Object getUserByToken(@ModelAttribute("user") User user) {
   // play with user object
}

I have shown you the example for user, similarly do for authentication flag.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

also instead of returning ResponseEntity, use RestController annotation on your controller class. Instead of setting status in the body of controller method, do that using @ResponseStatus annotation on your controller method.
It does not still solve the problem I still have to give (@ModelAttribute("user") User user) in all controller methods
Can't I just catch HttpServletRequest in BaseController' method and set it and then use it my controller methods
I mean prehadler() like method in BaseController
no you need to use a interceptor. Also, the way you are doing this authentication thing is highly insecure. Stick to Spring security rather than creating your own implementations. If at all you need custom behavior, try using a custom filter in Spring security

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.