access spring aop managed bean in jsp – Spring

How do I access access spring aop managed bean in jsp EL expression.
spring stores the aop managed bean (<aop:scoped-proxy/>) with the key “scopedTarget.beanName”.
If I try to access the bean using EL expression like ${scopedTarget.userDataBean.firstName} it doesn’t work as it treats scopedTraget as another bean.

Is it like we can escape the dot or is there any other way to access

I haven’t tried it myself, but I’m assuming it would be something like this:


Spring MVC Tutorial – Paging Through Hibernate and Selection

In this installment, I’m expanding the project done in Spring MVC Tutorial – Hibernate Integration to include:

  1. Browsing/paging through a table with a navigation bar found in various forum sites and ASP.NET GridView (e.g. First 3 4 5 6 7 Last)
  2. Showing checkboxes against each row of the table for selective action

The related project code download is

Handling Navigation/Pagination/Paging

There are free libraries out there like Google’s Jmesa, DisplayTag, etc. and also Spring has support through PagedListHolder and such. But I was in a different mood and decided to go for my own implementation.

Also, this helped me understand the logics of displaying a navigation bar. Maybe I’ll learn about the libraries later and share with you.


This is the workhorse for the navigation bar:

package org.himu.ibank.service.vo;

public class NavigationInfo {

private int currentPage;
private int pageSize;
private int rowCount;
private int maxIndices;

public NavigationInfo() {
currentPage = 0;
rowCount = 0;
maxIndices= 5;
pageSize = 5;

public int getCurrentPage() {
return currentPage;

public void setCurrentPage(int currentPage) {
if (currentPage < 0)
this.currentPage = 0;
else if (currentPage > getPageCount() – 1)
this.currentPage = getPageCount() – 1;
this.currentPage = currentPage;

public int getPageSize() {
return pageSize;

public void setPageSize(int pageSize) {
this.pageSize = pageSize;

public int getRowCount() {
return rowCount;

public void setRowCount(int rowCount) {
this.rowCount = rowCount;

public int getMaxIndices() {
return maxIndices;

public void setMaxIndices(int maxIndices) {
this.maxIndices = maxIndices;

public int getPageCount() {
return (int) Math.ceil((double) rowCount / pageSize);

public int getPrevIndex() {
int prev = currentPage – 1;
return prev < 0 ? 0 : prev;

public int getNextIndex() {
int lastIndex = getPageCount() – 1;
int next = currentPage + 1;
return next > lastIndex ? lastIndex : next;
public boolean isFirstPage() {
return 0 == currentPage;
public boolean isLastPage() {
return (getPageCount() – 1) == currentPage;

public int[] getIndexList() {
int[] range = getIndexRange();
int[] ilist = new int[range[1] – range[0] + 1];
for (int i = 0; i < ilist.length; i++) {
ilist[i] = range[0] + i;
return ilist;
public int[] getIndexRange() {
// determine the standard window
int start = currentPage – maxIndices / 2;
int end = start + maxIndices – 1;
// shift to right if start underflows 0
if (start < 0) {
end -= start; // end – -start = end + start = shift right
start = 0;
// now maybe the window overflows pageCount – so shift to left again
int lastIndex = getPageCount() – 1;
if (end > (lastIndex)) {
start -= (end – lastIndex);
end = lastIndex;
// we have finalized end, now if start < 0 then truncate it
if (start < 0)
start = 0;
return new int[] {start, end};

The page indices are 0-based. The class has some defaults which can be overridden if required.

The starting point for this class is setRowCount(). Once the number of rows is determined you can use getPageCount() which in turn allows all other navigation methods to work.

setCurrentPage(), getPrevIndex() and getNextIndex() make sure you don’t fall out of valid page indices.

getIndexRange() is where all the muscle is. It uses currentPage and maxIndices (maximum number of links to be displayed in the navigation bar) to determine the start and end of page links in the navigation bar.

getIndexList() is a convenience method for generating the entire list of navigation indices from the range calculated by getIndexRange().


This class is used to send the navigation information and the current page of customers to the view.

package org.himu.ibank.service.vo;

import java.util.List;

import org.himu.ibank.domain.Customer;

* Hold necessary information for paged view of customer list
public class PagedCustView {

private NavigationInfo navInfo = new NavigationInfo();
private List<Customer> customers;

public NavigationInfo getNavInfo() {
return navInfo;

public void setNavInfo(NavigationInfo navInfo) {
this.navInfo = navInfo;

public List<Customer> getCustomers() {
return customers;

public void setCustomers(List<Customer> customers) {
this.customers = customers;

public Customer getCustomer(int i) {
return (Customer) customers.get(i);

public void setCustomer(int i, Customer customer) {
this.customers.add(i, customer);

The actual page of customers is fetched in the controller and the navigation information is set accordingly.

Writing the Controller

You’re going to browse all registered but unauthorized customers.

The NewCustListController expects a page parameter in the query string of its calling URL. If this is not found then page 0 (the first page) is assumed.

package org.himu.ibank.controller;

import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.himu.ibank.service.CustomerRegistrationService;
import org.himu.ibank.service.vo.PagedCustView;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.AbstractController;

public class NewCustListController extends AbstractController {

private CustomerRegistrationService custRegService;
public void setCustRegService(CustomerRegistrationService custRegService) {
this.custRegService = custRegService;

protected ModelAndView handleRequestInternal(HttpServletRequest request,
HttpServletResponse response) throws Exception {
Map<Object, Object> model = new HashMap<Object, Object>();
PagedCustView pcustv = new PagedCustView();


String page = (String)request.getParameter("page");
if (null == page)

pcustv.getNavInfo().getCurrentPage(), pcustv.getNavInfo().getPageSize()));

request.getSession().setAttribute("pagedcust", pcustv);
model.put("pagedcust", pcustv);

return new ModelAndView("admin/newcustlist", model);

  1. First you determine the customer count and tell it to NavigationInfo.
  2. Then you set the current page.
  3. Based on the current page and page size as specified in NavigationInfo, you then fetch the only the specific page of customers through Hibernate. This is the reason I opted for my own implementation.
  4. Return the model and view name as usual.

The Service and DAO Classes

I’ve refactored CustomerRegistrationService and CustomerDao interfaces and their implementations a bit. Also note that I’ve corrected a mistake in HibernateCustomerDao’s paging code.


public interface CustomerRegistrationService {

Long registerCustomer(Customer c);
void authorizeCustomer(Customer c);
Customer getCustomer(Long id);
List<Customer> getUnauthorizedCustomers(int startPage, int pageSize);
List<Customer> getCustomers(int startPage, int pageSize);
List<Customer> getAllCustomers(int startPage, int pageSize);
public int getUnauthorizedCustomerCount();


public class StandardCustomerRegistrationService implements CustomerRegistrationService { private CustomerDao custDao; public void setCustDao(CustomerDao custDao) { this.custDao = custDao; } @Override public Long registerCustomer(Customer c) { return custDao.addNew(c); } @Override public void authorizeCustomer(Customer c) { if (c.getStatus() == Customer.STATUS_REGISTERED) { c.setStatus(Customer.STATUS_ACTIVE); custDao.update(c); // … mailer code for notifying customer … } } @Override public Customer getCustomer(Long id) { return custDao.findById(id); } /** * Get registered but unauthorized customers using optional paging. * * @param startPage Starting page number, first page is 0 * @param pageSize Size of a single page, <=0 means no paging */ @Override public List<Customer> getUnauthorizedCustomers(int startPage, int pageSize) { Customer c = new Customer(); c.setStatus(Customer.STATUS_REGISTERED); return custDao.listByExample(c, startPage, pageSize); } @Override public int getUnauthorizedCustomerCount() { return custDao.countCustomers(Customer.STATUS_REGISTERED); } /** * Get registered and authorized customers using optional paging. * * @param startPage Starting page number, first page is 0 * @param pageSize Size of a single page, <=0 means no paging */ @Override public List<Customer> getCustomers(int startPage, int pageSize) { Customer c = new Customer(); c.setStatus(Customer.STATUS_ACTIVE); return custDao.listByExample(c, startPage, pageSize); } @Override public List<Customer> getAllCustomers(int startPage, int pageSize) { return custDao.listAll(startPage, pageSize); } }


public interface CustomerDao {

Long addNew(Customer c);
void delete(Customer c);
void update(Customer c);
Customer findById(Long id);
Customer findByUserId(String uid);
List<Customer> listAll();
List<Customer> listAll(int startPage, int pageSize);
List<Customer> listByExample(Customer c);
List<Customer> listByExample(Customer c, int startPage, int pageSize);
int countCustomers(int status);


public class HibernateCustomerDao extends HibernateDaoSupport implements
CustomerDao {

public Long addNew(Customer c) {
return (Long) getHibernateTemplate().save(c);

public void delete(Customer c) {

public void update(Customer c) {

public Customer findById(Long id) {
return (Customer) getHibernateTemplate().get(Customer.class, id);

public Customer findByUserId(String uid) {
List<Customer> clist =  getHibernateTemplate().find("from Customer c where c.userId = ?", uid);
if (clist.isEmpty())
return null;
return clist.get(0);

public List<Customer> listAll() {
return getHibernateTemplate().find("from Customer c");

public List<Customer> listAll(int startPage, int pageSize) {
DetachedCriteria criteria = DetachedCriteria.forClass(Customer.class);
return getHibernateTemplate().findByCriteria(criteria, startPage * pageSize, pageSize);

public List<Customer> listByExample(Customer c) {
return getHibernateTemplate().findByExample(c);

public List<Customer> listByExample(Customer c, int startPage, int pageSize) {
return getHibernateTemplate().findByExample(c, startPage * pageSize, pageSize);

public int countCustomers(int status) {
DetachedCriteria criteria = DetachedCriteria.forClass(Customer.class)
.add(Restrictions.eq("status", status))
return (Integer)getHibernateTemplate().findByCriteria(criteria).get(0);

The Browsing JSP

The Model and Controller codes are done. Now you write the view – newcustlist.jsp. Create it by copying admin.jsp as usual. Following is the relevant additions you need to write:
<div id="content"> <div align="center"> <c:if test="${!pagedcust.navInfo.firstPage}"> <a href="newcustlist.htm?page=0">First</a>&nbsp; </c:if> <c:forEach var="i" items="${pagedcust.navInfo.indexList}"> <c:choose> <c:when test="${i != pagedcust.navInfo.currentPage}"> <a href="newcustlist.htm?page=${i}">${i}</a>&nbsp; </c:when> <c:otherwise> <b>${i}</b>&nbsp; </c:otherwise> </c:choose> </c:forEach> <c:if test="${!pagedcust.navInfo.lastPage}"> <a href="newcustlist.htm?page=${pagedcust.navInfo.pageCount – 1}">Last</a> </c:if> </div> <form action="<%=request.getContextPath()%>/authorizecust.htm" method="post"> <table> <thead> <tr> <td>User ID</td> <td>First Name</td> <td>Last Name</td> <td>Email</td> </tr> </thead> <tbody> <c:forEach var="cust" items="${pagedcust.customers}"> <tr> <td>${cust.userId}</td> <td>${cust.firstName}</td> <td>${cust.lastName}</td> <td>${}</td> <td><input type="checkbox" value="${}" name="authorized"/></td> </tr> </c:forEach> </tbody> </table> <input type="hidden" name="linkBackIndex" value="${pagedcust.navInfo.currentPage}"/> <input type="submit" value="Authorize"/> </form> </div>
  1. First, generate the navigation banner aligned in the center of the page. It shows optional First and Last links based on the current page. The center <c:forEach> loops through the index list taken from navInfo and generates the necessary page links excluding the current page.
  2. Declare a form which allows us to submit authorization approvals of selected customers. The code for authorization will be written later in another controller.
  3. Looping through the customer list is trivial. The important thing is generating a checkbox against each customer for selecting for approval. The name of the checkboxes must be same (authorize in the above code) but there values will be different – the internal ID of each customer. This ID is required for Hibernate.
  4. A hidden input field linkBackIndex is also declared which helps us to return to the current page after authorization is made. It will be clear in the authorization controller.

Processing Actual Authorization and Returning to the New Customer Browser

First, the code:

package org.himu.ibank.controller;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.himu.ibank.domain.Customer;
import org.himu.ibank.service.CustomerRegistrationService;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.AbstractController;
import org.springframework.web.servlet.view.RedirectView;

public class AuthorizeCustController extends AbstractController {

private CustomerRegistrationService custRegService;

public void setCustRegService(CustomerRegistrationService custRegService) {
this.custRegService = custRegService;

protected ModelAndView handleRequestInternal(HttpServletRequest request,
HttpServletResponse response) throws Exception {
String[] custids = request.getParameterValues("authorized");
String linkBackIndex = request.getParameter("linkBackIndex");
System.out.println("################### INSIDE AuthorizeCustController #############");
for (String custid: custids) {
Customer cust = custRegService.getCustomer(Long.parseLong(custid));
System.out.println("## Authorized: " + custid);
return new ModelAndView(new RedirectView(request.getContextPath() + "/newcustlist.htm?page=" + linkBackIndex));

The logic is simple:

  1. Get the list of selected customer IDs using request.getParameterValues(“authorized”). It will contain only those IDs whose checkboxes are marked.
  2. Iterate through the list as ask our service class to make the authorizations.
  3. We use the linkBackIndex to redirect the flow to NewCustListController using its Spring MVC defined URL, i.e. /newcustlist.htm.

Notice how we are redirecting in the return statement. The RedirectView class helps us to go to back to the new customer browser and also pass the last page used as a query parameter. An alternative is to define the view in the bean configuration file using the pattern ‘redirect:<url>’, e.g. ‘redirect:/newcustlist.htm’ but we cannot pass the query parameter then.

Modified ibank-servlet.xml

Finally, our gluing file. I won’t be discussing it as there is nothing special.

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns=""

<bean id="simpleUrlMapping">
<property name="mappings">
<prop key="/home.htm">homePageController</prop>
<prop key="/adminhome.htm">adminHomePageController</prop>
<prop key="/createcust.htm">newCustomerController</prop>
<prop key="/newcustlist.htm">newCustomerListController</prop>
<prop key="/authorizecust.htm">authorizeCustController</prop>
<bean id="viewResolver">
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".jsp"/>
<bean id="homePageController"/>
<bean id="adminHomePageController">
<property name="viewName" value="admin/admin"/>
<bean id="newCustomerController">
<property name="custRegService" ref="customerRegService"/>
<property name="formView" value="admin/newcustomer"/>
<property name="successView" value="admin/newcustomer-success"/>
<property name="commandName" value="customer"/>
<property name="commandClass" value="org.himu.ibank.domain.Customer"/>
<bean id="newCustomerListController">
<property name="custRegService" ref="customerRegService"/>
<bean id="authorizeCustController">
<property name="custRegService" ref="customerRegService"/>

Hope to hear from you.

Integration of Spring Security into Grails – plugin approach 3

In this post, as mentioned earlier, I will explain how my spring security 2.0.5 ACL (access control list) enhancement of the acegi security plugin 0.5.1 for Grails can be configured. My work bases on Stephan February’s solution for the 0.3 plugin version and acegi security. Apart from the implementation changes within the plugin, the plugin configuration only has minor changes. This is the reason why it is strongly advised to read Stephan’s blog post before continuing with this article as I will only mention major differences between the configuration of his plugin version and mine.

One difference in my version is the possibility of applying ACLs to method parameters (see 2.1 for an example):

For this to work custom voters have to be defined. A custom definition for the example of Stephan’s blog post looks as follows:

01.springSecACLVoters = [ //this map must be called 'springSecACLVoters'
02. aclReportWriteVoter: [// custom beanName
03. domainObjectClass: 'Report', // which type of domainclass will be secured
04. roleName: 'ACL_REPORT_WRITE', // under which name the voter should be referenced later? Must start with 'ACL_'
05. permissions: [,
06.] // which concrete permissions will be checked if 'ACL_REPORT_WRITE' is specified
07. ],
08. aclReportDeleteVoter: [
09. domainObjectClass: 'Report',
10. roleName: 'ACL_REPORT_DELETE',
11. permissions: []
12. ]
13. ]

I added comments in the corresponding lines to describe the single options in detail. As you can see more than one voter can be defined as long as the map name is ’springSecACLVoters’ and the map is defined in SecurityConfig.groovy. Please note that if you do not need method parameter checking with ACLs you can simply omit the map configuration of voters.

Aside from the definition of custom voters and for applying ACLs to method parameters I added three other options to SecurityConfig.groovy:

1.useAcl = true // defaults to false, optional
2.aclClassIdentityQuery="SELECT @@IDENTITY" // this query is for MySQL, default is 'identity()' for hsqldb, optional
3.aclSidIdentityQuery="SELECT @@IDENTITY" // this query is for MySQL, default is 'identity()' for hsqldb, optional

If you want to use ACL extensions in general useAcl must be specified and set to “true”. Furthermore the enhancement uses the default JdbcMutableAclService implementation of Spring. For this reason you must have the possibility to change its identity queries (look here) to match your database. This can be done with the two corresponding options. The code snippet above shows working example values for hsqldb and MySQL.

Apart from feature and configuration changes the infrastructure of the plugin did also undergo a change since Stephan’s version: Because of the move of the ACL domain classes into the plugin domain directory the Gant target “CreateAclDomains” is no longer needed.

Therewith the description of the plugin configuration is complete. Some issues however remain to be done:

  1. Calling of acl security functionality when using ‘run-app’ may raise a class not found exception which will not be raised when ‘run-war’ is used. I have to examine this more precisely and eventually file a bug report.
  2. Test cases should be developed before a possible integration of the code into the main acegi security plugin tree. I am in contact with Burt Beckwith to get this working.
  3. I have to upload the code to the GRAILSPLUGINS-723 JIRA task so that Burt Beckwith can decide on a possible integration into the acegi plugin version control tree. I will do this within the next week as I am very busy at the moment.

Setting up Freemarker + Spring Portlet in Spring MVC – Spring

I had been searching and searching and to no avail.
Can some one please show me how to set up spring portlet to use Freemarker instead of jsp/jstl in an spring mvc framework please??
Havent had much luck finding it on the web

well specifically want to know whats the portlet equivilant of this
<bean id=”urlMapping”>
<property name=”mappings”>
<property name=”order” value=”0″/>

given that there is no SimpleUrlHandlerMapping in the web.portlet packages in spring.

Okay. That doesn’t have anything to do with JSP / FreeMarker. Just a straightforward “how does Spring MVC map portlet requests to controllers/views?” thing.

Are you using Spring 2.5 or an older version? Reason I ask is, the first choice is whether you are going to use the Annotation-based Controllers or the Interface-based Controllers. Mapping is quite different depending on these. If you are using 2.5, I highly recommend going with the Annotation-based controllers.

Other resources to look at to understand the major differences between servlet requests and portlet requests in Spring:

Chapter 16 of the reference manual:…e/portlet.html

The slides and sample code from a seminar I did earlier this year on Spring Portlet MVC: