I have some problems with authorization. I don't want to use Spring Security, just simple authorization form (with two fields: UserName, Password and submit button). Then user can work with application data (data representation depends on UserName). But I don't know, how to save UserName of authorized user for any further manipulations (in session scope. for example to show only authorized user data).
Also I want to protect application in a such way: if user somehow knew about addresses of my pages (e.g. /addRataPage, /deleteDataPage, and so on...), but tries to go there without authorization, he should be redirected to some page (for example, again to the authorization page).
Could you help me?
-
why dont you want to use Spring Security ? it does exactly what you are asking ...guigui42– guigui422010年11月25日 12:10:52 +00:00Commented Nov 25, 2010 at 12:10
-
Looks like the term "authorization" here is misleading. The process here is authentication(login) not authorization. Authorization has more to it such as role based access to various resources etc.ring bearer– ring bearer2013年02月05日 22:03:41 +00:00Commented Feb 5, 2013 at 22:03
1 Answer 1
Why not use Spring Security? It looks like it would solve your problems perfectly, as it would manage the authorisation for you, keep the username in scope, and allow only authorised users to access protected URLs. What's your objection to using it?
5 Comments
Explore related questions
See similar questions with these tags.