Authentication Checking using SpringMVC Interceptors

For many web applications, some URLs need to protect from public access and some other URLs need to be protected based on the User Roles and privileges. To achieve this we can use Filters that comes with Servlet API or we can use JAAS(Java Authentication and Authorization Service).

SpringMVC provides Interceptors which can be used to intercept the URL and pre-process, post-process the requests.

Let us write a simple AuthenticationInterceptor to check whether the user is already logged in or not. If the User is already logged into the system we will let him continue otherwise we will redirect him to login page.

AuthenticationInterceptor .java

package com.sivalabs.web.controllers;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.sivalabs.entities.User;

public class AuthenticationInterceptor extends HandlerInterceptorAdapter
 public boolean preHandle(HttpServletRequest request,
   HttpServletResponse response, Object handler) throws Exception
  String uri = request.getRequestURI();
  if(!uri.endsWith("") && !uri.endsWith(""))
   User userData = (User) request.getSession().getAttribute("LOGGEDIN_USER");
   if(userData == null)
    return false;
  return true;

package com.sivalabs.web.controllers;

public class LoginController
 @RequestMapping(value="/login", method=RequestMethod.POST)
    public ModelAndView login(@ModelAttribute("login")User user, 
         BindingResult result, SessionStatus status,
         HttpServletRequest request)
     String viewName = "login";
     ModelAndView mav = new ModelAndView(viewName);
     loginFormValidator.validate(user, result);
        if (result.hasErrors())
            return mav;
        User userData = userService.login(user);
        if(userData == null){
         mav.getModel().put("ERROR", "Invalid UserName and Password");
         viewName = "welcome";
         request.getSession().setAttribute("LOGGEDIN_USER", userData);
        return mav;



    <context:component-scan base-package="com.sivalabs"/>
     <bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter"/>
     <bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping">
      <property name="interceptors">
        <ref bean="authenticationInterceptor"/>

     <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" 
      p:prefix="/WEB-INF/jsp/" p:suffix=".jsp"/>

Now if we try to access any other URLs without logging into the application it will automatically redirect to login page.

5 thoughts to “Authentication Checking using SpringMVC Interceptors”

  1. hi shivalabs

    my eclipse is showing error at <ref tag when i copy pasted your dispatcher-servlet.xml

Leave a Reply

Your email address will not be published. Required fields are marked *