views:

16

answers:

0

This is more of a discussion, rather than a real question...

I'm building a site and I am struggling with how to force a user to login to the site to access certain areas and take certain actions. I'm using spring security and have it integrated fairly well, however, I also have some AJAX calls that need to be secured and when Spring Security intercepts my calls it attempts to send back the HTML for login page to my AJAX callback which doesn't do me any good.

In passed applications, when I was using Struts, I was able to override the html:link tag and check login in the tag and rewrite the href to point to my login page (instead of my ajax script), however, I'm using Spring MVC and I don't have that luxury (if you can call it one).

I'm playing with some ideas such as:

  1. Iterating through all my links on the page and rewriting the href of the links that have a certain class if the user is not logged in
  2. Create a custom tag from scratch
  3. Ditch the fancy AJAX stuff

It looks like other sites, such as, DZONE and Digg do something similar; so I know it's possible.

I'm looking for any ideas at this point, just something fresh to try, other than the three options above. Of the three, I think I'm leaning more towards #1.