cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andre Juffer <>
Subject Re: How to get the session attribute in bean
Date Tue, 21 Oct 2008 16:55:38 GMT
I would also be interested to understand how this would work with cocoon 
2.2. The SessionModule, see

may be the answer.

My problem is the following. I need to evaluate whether or not a given 
user is allowed to access certain files or to perform certain tasks. 
With Spring's capabilities of AOP (Aspect Oriented Programming), it is 
very easy to define aspects, pointcuts, and joint points, currently 
defined on certain service classes in the domain. Typically, before a 
requested task is carried out (call to service class method), the system 
'jumps' to a policy class to check whether or not the user is in fact 
allowed to perform the task. If so, the system continues with the 
requested task, otherwise for instance an exception is raised.

The policy class implements a PolicyEvaluator interface (totally unaware 
of cocoon), which is the one that the AOP works with.

I would now need an implementation of PolicyEvaluator that needs to 
identify the requesting user. So, this could possibly be accomplished 
with the SessionModule, like

PolicyEvaluatorImpl extends SessionModule implements PolicyEvaluator {

   private UserRepository userRepository;

   PolicyEvaluatorImpl(UserRepository userRepository)
      this.userRepository = userRepository;

   // From PolicyEvaluator
   public boolean isAllowed(...)
     // Get the requesting user.
     Long identifier = (Long) super.getAttribute("identifier");
     User user = this.userRepository.getUser(identifier);

     // Apply policies here.
     String reason = ....;

     if ( !notAllowed )
       throw new PolicyException(reason);
     return true;

Would this actually work? Note that I use Spring for creating all 
objects, including the PolicyEvaluatorImpl. Spring, by default would 
instantiate this class as a singleton (which is fine with me), but I 
must be quite sure that the current Session is available to the 
implementing class.

My current implementation include in their signature the User object. In 
some cases this is not convenient (also gives coupling between packages, 
which possibly could be avoided) and I am therefore looking for an 
alternative solution.

Best regards,

Johannes Hoechstaedter wrote:
> Maybe you will find it already posted in the mailing list. Search here:
> Maybe this article is helpful as well:
> cheers,
> Johannes
> asif_zzz schrieb:
>> Hi,
>> im new to cocoon.
>> im using cocoon 2.1.10,spring ORM and hibernate.
>> im setting a session attribute in flowscript(flow.js)
>> cocoon.session.setAttribute("Instance",instance);
>> I need to get the above session attibute in bean.
>> Anyone please tell me how to get it??
>> Thanks in advance.
>> Regards,
>> Aashik
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message