tags:

views:

35

answers:

2
Q: 

Spring Session User Info retrieval in Dao layer

I have a web-application in java, spring framework, hibernate on tomcat, that has basically almost no security except the login and logout functionality (no spring security)

I can access the user information in a controller by: 

// where request is HttpServletRequest
 HttpSession session = request.getSession(true);
 SystemUser user = (SystemUser) session.getAttribute("user");

and do the logic. However, I need to get this information in Dao layer. Where I actually get data from the database to retrieve user specific data. One way is to pass the "user" object to service layer and then service layer to pass it on to the dao layer. But this is quite a huge load of work.

I wonder if there is a way in Spring some how to access the session object in Dao layer? or any other way to retrieve user specific data.

+1  A: 

You can use RequestContextHolder:

ServletRequestAttributes requestAttributes = (ServletRequestAttributes)RequestContextHolder.getRequestAttributes();
HttpSession session = requestAttributes.getRequest().getSession();

Because it uses a static method, it can be invoked from anywhere, as long as it's from the same thread that handled the request.

Edit: As Faisal correctly pointed out, this is generally not a good idea, since it leads to undesirable coupling and hard-to-test code. However, in some cases it's unavoidable, such as when the interface to your code is fixed (e.g. legacy services, or a JSP tag library, etc).

skaffman  2010-10-07 15:25:23
It is a very bad practice to use presentation layer objects like Request/Session inside Business Logic Layer and/or Data Access Layer. This bounds your layers to presentation objects and will cause issues while changing the presentation layer, scaling your application etc.
Faisal Feroz  2010-10-07 15:30:11
@Faisal: I agree. However, that was the question that was asked, and this is the answer. If you think this is the incorrect answer to the question, by all means downvote, but if you're objecting to the question itself, then take your downvote elsewhere, please.
skaffman  2010-10-07 15:33:41
while i support skaffman on that, but i also feel that as an experienced developer, Skaffman should've indicated in his answer that the practice is a bad one.
anirvan  2010-10-07 15:41:43
@anirvan: Edited accordingly.
skaffman  2010-10-07 15:43:04
@skaffman I have undone the down vote as well.
Faisal Feroz  2010-10-07 18:07:35
+2  A: 

This might just be my personal opinion but you are far better passing this type of information along as a method parameter rather than accessing web context classes in your DAO.

What if you want to use your DAO classes outside of a web application?

The DAO accessing some sort of request context holder makes the question of what data the DAO method needs to run a hidden secret - rather than declaring a method parameter for the data it needs, it is accessing a static method on some class secretly.

This leads to hard-to-test and hard-to-understand code.

matt b  2010-10-07 15:33:51

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java