Spring 3.x - how do I redirect from a mapping that returns data?

Question

I have a method in my controller like this:

@RequestMapping(value="getData", method=RequestMethod.GET)
@ResponseBody
public List<MyDataObj> getData()
{
  return myService.getData();
}

The data is returned as JSON or xsl, depending on the request.

If the person making the request is not authorized to access the data I need to redirect the user to a "not authorized" page, so something like this:

@RequestMapping(value="getData", method=RequestMethod.GET)
@ResponseBody
public List<MyDataObj> getData()
{
  if (!isAuthorized())
  {
    // redirect to notAuthorized.jsp
  }
  return myService.getData();
}

All the examples I've seen using Spring require the method to return either a String or a ModelAndView. I thought about using HttpServletResponse.sendRedirect() but all my JSPs are under WEB-INF and can't be reached directly.

How can I deny access gracefully to the data request URL?

Answer 1

The answer is below. But your particular case would rather to handle with other approach.

@RequestMapping(value = "/someUrl", method = RequestMethod.GET)
@ResponseBody
public Response someMethod(String someData, HttpServletResponse response){
    if(someData=="redirectMe"){
       response.sendRedirect(ppPageUrl);
    }
 ...
}

Answer 2

A more elegant solution may be to use a HandlerInterceptor which would check for authorization, blocking any requests which are not permitted to proceed. If the request then reaches your controller, you can assume it's OK.

Answer 3

Pretty simple:

Send a error status to the client

response.setStatus(HttpServletResponse.SC_NO_CONTENT);

and handle the same with you ajax callback handler and redirect. :)

Answer 4

Another approach is filter. You can move all security logic into filter and keep clean code in controllers.