How to forward to a specific annotated handler from a spring interceptor?

Question

I wrote an Spring request interceptor for authentication purposes, it extends the HandlerInterceptorAdapter. I've set it with this line in my servlet-context:

<mvc:interceptors>

        <bean class = "it.jsoftware.jacciseweb.controllers.AuthInterceptor">
            <property name="manServ" ref = "acciseService"></property>
        </bean>
    </mvc:interceptors>

and the pre handle method is

@Override
    public boolean preHandle(HttpServletRequest request,
            HttpServletResponse response, Object handler) throws Exception {
        HttpSession sess = request.getSession();

        String path = request.getPathTranslated();

        boolean autenticated = maincont.isAuthenticated(sess);



        if (!autenticated){
            response.sendRedirect("accise?action=login");
            return false;
        }

        return super.preHandle(request, response, handler);
    }

like this anyway it will generate a redirect loop, because it will never reach the redirect page due to the interception and redirect.

There is many ways to solve this, but I don't know how to achieve them:

1. Detect the url of the request (but I don't know how) and don't check for authentication for the login page. Moreover I'd like to make this solution more flexible.
2. Select the login handler directly on the controller. How do I do that? Is it possible?
3. I've seen that in examples people specifies interceptor mapping using org.springframework.web.servlet.handler.SimpleUrlHandlerMapping, anyway I'm using annotations. Is there a way, using annotations, to specify a different mapping for the interceptor so that it doesn't fire with the above address (accise?action=login)? Or maybe to chain different mapping schemes?

Answer 1

Is there a specific reason for not using spring-security?

IMHO is simple, powerful and deeply tested.

You can simply implement and inject your custom authenticator, spring-security will handle the redirect.