Spring Search for Session User Information in the Dao Layer

Question

Spring Search for Session User Information in the Dao Layer

I have a web application in java, spring framework, hibernate on tomcat, which has practically no security except login and logout functions (without spring)

I can access user information in the controller:

// where request is HttpServletRequest
 HttpSession session = request.getSession (true);
 SystemUser user = (SystemUser) session.getAttribute ("user");

and follow the logic. However, I need to get this information at the Dao level. Where I really get data from a database to get user-specific data. One way is to transfer the "user" object to the service level, and then the service layer to transfer it to the dao level. But this is a fairly large amount of work.

I wonder if there is a way in spring how to access the session object in the Dao layer? or any other way to get user data.

+3

java spring security session

Saky Oct 7 '10 at 15:19

source share

2 answers

RequestContextHolder:

ServletRequestAttributes requestAttributes = (ServletRequestAttributes)RequestContextHolder.getRequestAttributes();
HttpSession session = requestAttributes.getRequest().getSession();

, , , .

: , , , , . , , (, JSP ..).

+9

skaffman 07 . '10 15:25

matt b · Accepted Answer · 2010-10-07T15:33:51+0000

This may be just my personal opinion, but you are much better at passing this type of information as a parameter of the method, rather than accessing the web context classes in your DAO.

What if you want to use your DAO classes outside the web application?

The DAO, referring to some holder of the request context, asks the question about what data the DAO method should launch a hidden secret, and not declare the method parameter for the data it needs, it secretly accesses the static method in some class.

.

Spring Search for Session User Information in the Dao Layer

More articles: