Spring won't intercept locale parameter + security [Java, i18n]

Question

I am using both Spring security and Spring i18n. This is my security config:

<security:http access-denied-page="/denied.htm">
    <security:form-login login-page="/login.htm"
        authentication-failure-url="/login.htm?login_error=true" />

    <security:intercept-url pattern="/denied.htm" filters="none"/>
    <security:intercept-url pattern="/login.htm*" filters="none"/>

    <security:intercept-url pattern="/*" access="IS_AUTHENTICATED_FULLY" />

    <security:logout/>
</security:http>

Besides that, I have set authenticationManager for database with MD5 encoding for password. Security work just fine. My i18n config is:

<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
    <property name="basename" value="messages" />
</bean>

It works fine with reading locales from web browser's HTTP request, but I want it to change locale if I click on the link on the page (adds ?lang=hr parameter to current page). So when I add this, locale doesn't change at all:

<bean id="localeChangeInterceptor" class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
    <property name="paramName" value="lang" />
</bean>

<bean id="localeResolver" class="org.springframework.web.servlet.i18n.SessionLocaleResolver">
    <property name="defaultLocale" value="en"/>
</bean>

<bean id="handlerMapping" class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping">
    <property name="interceptors">
        <ref bean="localeChangeInterceptor" />
    </property>
</bean>

So I have few questions.

1. Why the locale interception suddenly doesn't work and how to fix it?
2. How to read the current chosen locale for user's session from java class? I have java class where I need to fetch spring's message from message_en.properties or message_hr.properties file. Jasper report.
3. I need to add some interceptor (or something like that) to restrain user with default password only to work with /changePassword.htm page. What is the simplest solution?

Many thanks

Answer 1

Try registering localeChangeInterceptor this way. It worked for me.

<mvc:interceptors>  
        <bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
              <property name="paramName" value="lang"></property>
        </bean>
</mvc:interceptors>

Answer 2

1. Why the locale interception suddenly doesn't work and how to fix it?

I guess: To "fix" you local interceptor, you should check, that the local interceptor can be invoked even if the user is not logged in.

_2. How to read the current chosen locale for user's session from java class?

Use the RequestContext.getLocale() method. @see http://static.springsource.org/spring/docs/2.0.x/reference/mvc.html#mvc-localeresolver

added The best place (in design/architecure) to obtain the local form the request is the web controller. If you are using Spring 3.0 you can obtain the HttpServletRequest directly if you put an parameter of this type to your Controller Request Handler Method. But you have an better choise: just add a Local parameter to your controller handler method @see http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/mvc.html#mvc-ann-requestmapping-arguments

_3. I need to add some interceptor (or something like that) to restrain user with default password only to work with /changePassword.htm page. What is the simplest solution?

One way (may not the simplest, and a one that needs documentation) is to give a user with the default passwort not the full set of priveleges (ony the privileges that he need to set the new password), after chaning tha password, give the user the full set of privileges, which allow him to do all the other stuff.