Databases
StackOverflow2013
Postsdbo
POSpring Security + Spring MVC interceptor - mapping to the same pattern conflict?
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POSpring Security + Spring MVC interceptor - mapping to the same pattern conflict?
    primarykey
    data
    text
    <p>I'm facing the following problem (although I'm not quite sure if it is a problem or not...): </p> <p>I have implemented a 3-step user registration wizard using Spring MVC. Upon 3rd step success, new <code>UserDetails</code> object is created and placed in the security context, as in: </p> <pre><code>... UserDetails newUser = new PanelUser(customer, AuthenticationService.getFixedAuthorities()); Authentication authentication = new UsernamePasswordAuthenticationToken(newUser, null, newUser.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(authentication); </code></pre> <p>because new user should be treated as authenticated (i.e. logged on). The intercept URL pattern is defined as follows: </p> <pre><code>&lt;intercept-url pattern="/account/**" access="IS_AUTHENTICATED_REMEMBERED" /&gt; &lt;intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /&gt; </code></pre> <p>Now, here is "the problem".<br> While the user is successfully registered, there may be a long operation still running in the background, triggered by the registration process. And until this operation is not finished (essentially it just sets a specific bool flag in the <code>user</code> table upon completion), the user, even though logged in, should not be able to see any page with the very same URL pattern, i.e. <code>/account/**</code>, but instead should be redirected (I guess) to the info page, telling him that account access is pending while this background operation completes. </p> <p>What I tried is the following:<br> I defined MVC interceptor, implementing <code>HandlerInterceptor</code> and did the following in the <code>preHandle</code> method </p> <pre><code>@Override public boolean preHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2) throws Exception { // omitted for brevity... // explicitly load from DB Customer customer = this.customerService.getUserByUsername(pUser.getUsername()); if(customer.getStatus() == CustomerStatus.Suspended.getCode()) { //arg1.sendRedirect("../pending"); // it should actually return appropriate info view, // or redirect, this is just for test... arg1.getOutputStream().write("Account access pending".getBytes()); return false; } return true; } </code></pre> <p>and the config </p> <pre><code>&lt;mvc:interceptors&gt; &lt;mvc:interceptor&gt; &lt;mvc:mapping path="/account/**"/&gt; &lt;bean id="accountAccessInterceptor" class="rs.slb.customerpanel.utils.AccountAccess"&gt; &lt;property name="customerService" ref="customerService" /&gt; &lt;/bean&gt; &lt;/mvc:interceptor&gt; &lt;/mvc:interceptors&gt; </code></pre> <p>With this, I faced a bit of a strange behaviour, that kinda resembles a race condition (in my opinion) between Spring Security interceptor, and Spring MVC interceptor on the same URL pattern (sometimes the response is returned first, sometimes the login form). </p> <p><strong>EDIT</strong><br> The strange behaviour was actually presenting itself when I actually tried to do the redirect, instead of straight write back some response. Now I cannot seem to reproduce it...</p> <p>Can someone advise something here, how should I properly go about this?</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USLess
    1. USLess
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. POSpring Security + Spring MVC interceptor - mapping to the same pattern conflict?
      1. This table or related slice is empty.
      1. VTUpMod
    1. COQuick question: is your application using Spring Security filters (as defined at http://static.springsource.org/spring-security/site/docs/3.2.x/reference/ns-config.html#ns-custom-filters) somewhere else? Is it possible to have your mvc interceptor converted to a Security filter?
      singulars
      1. POSpring Security + Spring MVC interceptor - mapping to the same pattern conflict?
      1. USvincentks
    2. COWell no, I haven't configured any custom security filters, if that's what you're asking. It came to mind that I could maybe do something purely with Spring security, but could you be more specific ?
      singulars
      1. POSpring Security + Spring MVC interceptor - mapping to the same pattern conflict?
      1. USLess
    3. COI've removed my previous answer for the sake of correctness. I do not have a large experience with SS filters, but I'll post something else if I find something related to your question.
      singulars
      1. POSpring Security + Spring MVC interceptor - mapping to the same pattern conflict?
      1. USvincentks
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload