I'm developing a web application using spring.
Here's the problem, say I have these three urls,
www.sample.com/login.do
www.sample.com/homePage.do
www.sample.com/about.jsp
What I want to do is about.jsp page should be able to access even if user is logged in or not. And if user is not logged in and try to access homePage.do he should be redirected to login.do page and vice versa.
I think for this to work I need HTTPSessions, but I don't know how to manage HTTPSessions in Spring.
Can I accomplish this using some filters? If so can you please guide me through it?
I'm hoping to use Spring MVC and/or Spring Annotations.
Use Spring Security!
Your spring config file will be look a bit like
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="login.do" access="permitAll"/>
<security:intercept-url pattern="about.jsp" access="permitAll"/>
<security:intercept-url pattern="homePage.do" access="isAuthenticated"/>
<security:form-login
login-page="login.jsp"
authentication-failure-url="login?error=true"
default-target-url="homePage.do"/>
</security:http>
<security:authentication-manager>
...
</security:authentication-manager>