myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nebinger, David" <dnebin...@tbbgl.com>
Subject RE: How to Share Session between JSF(MyFaces) and Spring
Date Fri, 18 May 2007 13:51:06 GMT
> Besides the spring integration, maybe you should rethink your 
> design ? 
> Use somthing like acegi security to perform authentification 
> and authorization instead of passing Session objects to the 
> business layer...
> At least consider wrapping the info you need (user id and 
> roles) in an object, instead of passing the session object...
> As far as I remember (after quite some time using frameworks 
> I guess I've lost some basics :-)) there's no need to store 
> the user's details in the session ? Everything should be 
> there, at least if you use container (or tomcat) based auth ?

Yes, Acegi uses a security context holder which is basically bound to
the thread.  A filter on the incoming request ensures the thread has the
appropriate user.  It is then available throughout your application,
including the spring beans.

Mime
View raw message