{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 该账号已被封号 的问题《How to create and destroy session in Spring REST W》','https://www.manongdao.com/q-1337213.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have Spring REST webserivce Now from a mobile client webservice is getting called. First, login method is called for log in succes or failure based on sent value userid and password.
@RequestMapping(value = "/login", method = RequestMethod.POST, headers="Accept=application/json")
public @ResponseBody List<LogInStatus> getLogIn(@RequestBody LogIn person , HttpServletRequest request) {
// Call service here
List<LogInStatus> lList = logInService.getUser(person);
//service method and then in DAO database method is there
return lList;
}
Now, for many other call, I need logged in user based values, so need to keep session and need to get current user.And at log out call, need to destroy session. How to do this and achieve,please help with ideas.
You need to integrate spring security in your project and make your rest calls via authentication verifier tokens.
You may refer to the documentation :
http://projects.spring.io/spring-security/
Or this nice tutorial can jumpstart your implementation :
http://www.networkedassets.com/configuring-spring-security-for-a-restful-web-services/
You don't need to create session manually - this is done by servlet container.
You can obtain session from HttpServletRequest
or just add it as a method parameter, and Spring MVC will inject it for you:
You then can save user details in session via
setAttribute()/getAttribute().However, you are much better off using Spring Security, which is intended just for the task - see @Pumpkins's answer for references.
SecurityContextcontains info about currently logged in principal, which you can obtain fromSecurityContextHolder