Passing model attribute during redirect in spring MVC and avoiding the same in URL

Question

My objective is to pass model attributes from controller to JSP page during a redirect and avoid the attribute being displayed in URL. The source code below is validating login from datastore using java data objects.

Controller:

@Controller
public class LoginController {
    int count;
    PersistenceManager pm = PMF.get().getPersistenceManager();

    //Instance of data class
        User user;
    ModelAndView modelAndView=new ModelAndView();

    @RequestMapping(value="/Login",method = RequestMethod.POST)
    public ModelAndView loginValidate(HttpServletRequest req){

        //Getting login values
        String uname=req.getParameter("nameLogin");
        String pswd1=req.getParameter("pswdLogin");
        count=0;


        user=new User();

        //Generating Query
        Query q = pm.newQuery(User.class);
        q.setFilter("userName == userNameParam");
        q.declareParameters("String userNameParam");

        try{
            List<User> results = (List<User>) q.execute(uname);  
            for (User u: results) {

                String userName=u.getUserName();

                if(userName.equals(uname)){

                    System.out.println(u.getPassword());

                    if(u.getPassword().equals(pswd1)){
                        count=count+1;
                        modelAndView.setViewName("redirect:welcome");
                        modelAndView.addObject("USERNAME",uname);
                        return modelAndView;

                    }
         //rest of the logic 
    }

JSP:

 <h1>Welcome ${USERNAME} </h1>

My current URL is /welcome?USERNAME=robin
My goal is to display it as /welcome
Also, my page is supposed to display "Welcome robin" whereas it displays only Welcome.

Answer 1

RedirectAttributes only work with RedirectView, please follow the same

@RequestMapping(value="/Login",method = RequestMethod.POST)
public RedirectView loginValidate(HttpServletRequest req, RedirectAttributes redir){
...

    redirectView= new RedirectView("/foo",true);
    redir.addFlashAttribute("USERNAME",uname);
    return redirectView;
}

Those flash attributes are passed via the session (and are destroyed immediately after being used - see Spring Reference Manual for details). This has two interests :

• they are not visible in URL
• you are not restricted to String, but may pass arbitrary objects.

Answer 2

You need to be careful here because I think what are you trying to do is not supported for a good reason. The "redirect" directive will issue a GET request to your controller. The GET request should only retrieve existing state using request parameters, this is the method contract. That GET request should not rely on a previous interaction or on any object stored some where in the session as a result of it. GET request is designed to retrieve existing (persisted) state. Your original (POST) request should have persisted everything you need for you GET request to retrieve a state.

RedirectAttributes are not designed to support you in this case, and even if you managed to correctly use it it will only work once and then they will be destroyed. If you then refresh the browser you will get an application error because it cannot find your attributes anymore.