Home/ Questions/Q 7085461
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T07:25:38+00:00

I have a method in my controller like this: @RequestMapping(value=getData, method=RequestMethod.GET) @ResponseBody public List<MyDataObj>

  • 0

I have a method in my controller like this:

@RequestMapping(value="getData", method=RequestMethod.GET)
@ResponseBody
public List<MyDataObj> getData()
{
  return myService.getData();
}

The data is returned as JSON or xsl, depending on the request.

If the person making the request is not authorized to access the data I need to redirect the user to a “not authorized” page, so something like this:

@RequestMapping(value="getData", method=RequestMethod.GET)
@ResponseBody
public List<MyDataObj> getData()
{
  if (!isAuthorized())
  {
    // redirect to notAuthorized.jsp
  }
  return myService.getData();
}

All the examples I’ve seen using Spring require the method to return either a String or a ModelAndView. I thought about using HttpServletResponse.sendRedirect() but all my JSPs are under WEB-INF and can’t be reached directly.

How can I deny access gracefully to the data request URL?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    A more elegant solution may be to use a HandlerInterceptor which would check for authorization, blocking any requests which are not permitted to proceed. If the request then reaches your controller, you can assume it’s OK.

    • 0