Menu
I have a method in my controller like this:
@RequestMapping(value="getData", method=RequestMethod.GET)
@ResponseBody
public List<MyDataObj> getData()
{
return myService.getData();
}
The data is returned as JSON or xsl, depending on the request.
If the person making the request is not authorized to access the data I need to redirect the user to a "not authorized" page, so something like this:
@RequestMapping(value="getData", method=RequestMethod.GET)
@ResponseBody
public List<MyDataObj> getData()
{
if (!isAuthorized())
{
// redirect to notAuthorized.jsp
}
return myService.getData();
}
All the examples I've seen using Spring require the method to return either a String or a ModelAndView. I thought about using HttpServletResponse.sendRedirect() but all my JSPs are under WEB-INF and can't be reached directly.
How can I deny access gracefully to the data request URL?
299
A more elegant solution may be to use a HandlerInterceptor which would check for authorization, blocking any requests which are not permitted to proceed. If the request then reaches your controller, you can assume it's OK.
175
The answer is below. But your particular case would rather to handle with other approach.
@RequestMapping(value = "/someUrl", method = RequestMethod.GET)
@ResponseBody
public Response someMethod(String someData, HttpServletResponse response){
if(someData=="redirectMe"){
response.sendRedirect(ppPageUrl);
}
...
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
