views:

53

answers:

2

What is the best way to manage user authentication/sessions in a web app, ideally in a clustered environment, using Spring Framework/MVC?

I thought of creating a login bean that creates a jsession for authenticated users and then using AOP to check for the jsession before each controller method inovcation.

If there isn't a better way, what are some possible alternatives? Thanks.

+2  A: 

The best would be to use Spring Security. See http://static.springsource.org/spring-security/site/start-here.html

Eugene Kuleshov
A: 

Spring Security is good, it might be overkill for what you need. Have you considered the basic standard web.xml security (this will play just fine with Spring-MVC as it's just URL based).

Basic Tutorial Here

Many apologies if you knew about web.xml authorization already, it's just that it's often overlooked.

Dick Chesterwood
@Dick: Yes, I did know about web.xml based security; but in any event thanks for the suggestion. I'm looking for a way to manage user authentication and management over multiple servers (thus multiple jvms), so while web.xml is useful it doesn't quite fit what I'm looking for.
Dan