How to create and destroy session in Spring REST Webservice called from Mobile client

前端 未结 2 1006
生来不讨喜
生来不讨喜 2021-02-15 12:43

I have Spring REST webserivce Now from a mobile client webservice is getting called. First, login method is called for log in succes or failure based on sent value userid and p

2条回答
  •  悲哀的现实
    2021-02-15 13:07

    You don't need to create session manually - this is done by servlet container.

    You can obtain session from HttpServletRequest

    HttpSession session = request.getSession();
    

    or just add it as a method parameter, and Spring MVC will inject it for you:

    public @ResponseBody List getLogIn(@RequestBody LogIn person , HttpServletRequest request, HttpSession httpSession) 
    

    You then can save user details in session via setAttribute()/getAttribute().

    However, you are much better off using Spring Security, which is intended just for the task - see @Pumpkins's answer for references. SecurityContext contains info about currently logged in principal, which you can obtain from SecurityContextHolder

提交回复
热议问题