Spring MVC 3 のセッションに基づいて登録とログインを行う単純な Web アプリを作成しました。これは、JSTL を使用して値を表示していたときに完全に機能しました。次に、Freemarker を追加しましたが、問題が発生しました。リクエストごとに新しい UserSession オブジェクトが作成されるため、情報を保存できません。
いくつかのコード:
ディスパッチャーサーブレット.xml:
<context:component-scan base-package="com.revicostudio.web" />
<mvc:annotation-driven />
<bean id="freemarkerConfig" class="org.springframework.web.servlet.view.freemarker.FreeMarkerConfigurer">
<property name="templateLoaderPath" value="/WEB-INF/ftl/"/>
<property name="freemarkerVariables">
<map>
<entry key="xml_escape" value-ref="fmXmlEscape"/>
</map>
</property>
</bean>
<bean id="viewResolver" class="org.springframework.web.servlet.view.freemarker.FreeMarkerViewResolver">
<property name="cache" value="true"/>
<property name="prefix" value=""/>
<property name="suffix" value=".jsp"/>
<property name="exposeSpringMacroHelpers" value="true"/>
<property name="exposeRequestAttributes" value="true"/>
<property name="exposeSessionAttributes" value="true"/>
<property name="exposePathVariables" value="true"/>
</bean>
<bean id="fmXmlEscape" class="freemarker.template.utility.XmlEscape"/>
インデックスコントローラー:
@Controller
@RequestMapping("/index")
public class IndexController {
@RequestMapping(method=RequestMethod.GET)
public String getIndex(Model model, UserSession userSession) {
model.addAttribute("userSession", userSession);
return "index";
}
@ModelAttribute("userRegisterCredentials")
public UserRegisterCredentials getUserRegisterCredentials() {
return new UserRegisterCredentials();
}
@ModelAttribute("userLoginCredentials")
public UserLoginCredentials getUserLoginCredentials() {
return new UserLoginCredentials();
}
}
ログインコントローラー:
@Controller
@RequestMapping("/login")
public class LoginController {
@Autowired
private UsersDatabaseService usersDatabaseService;
@RequestMapping(method = RequestMethod.POST)
public String login(
@ModelAttribute UserLoginCredentials userLoginCredentials,
UserSession userSession,
final RedirectAttributes redirectAttributes)
{
int failedLoginAttempts = userSession.getFailedLoginAttempts();
if (failedLoginAttempts < LoginConfig.maxLoginTries ||
System.currentTimeMillis()-userSession.getFailedLoginsWaitTimeStart() > LoginConfig.failedLoginsWaitMinutes*60*1000) {
if (usersDatabaseService.isValidPassword(userLoginCredentials.getUsername(), userLoginCredentials.getPassword())) {
userSession.setUser(usersDatabaseService.getUser(userLoginCredentials.getUsername()));
userSession.setFailedLoginsWaitTimeStart(System.currentTimeMillis());
}
else {
failedLoginAttempts++;
if (failedLoginAttempts == LoginConfig.maxLoginTries) {
redirectAttributes.addFlashAttribute("error",
"You've entered invalid username or password more than "
+ LoginConfig.maxLoginTries + " times. Try again in "
+ LoginConfig.failedLoginsWaitMinutes +" minutes.");
}
else {
redirectAttributes.addFlashAttribute("error", "Invalid username or password");
userSession.setFailedLoginAttempts(failedLoginAttempts);
System.out.println(failedLoginAttempts);
}
}
}
else {
redirectAttributes.addFlashAttribute("error",
"You've entered invalid username or password more than "
+ LoginConfig.maxLoginTries + " times. Try again in "
+ LoginConfig.failedLoginsWaitMinutes +" minutes.");
}
return "redirect:/";
}
}
UserSession.java:
@Scope("session")
@Data
@AllArgsConstructor
@NoArgsConstructor
public class UserSession {
private User user;
private int failedLoginAttempts;
private long failedLoginsWaitTimeStart;
private long created = System.currentTimeMillis();
}