Dirk Lattermann/bn/bgs-ag/de schrieb am 01.10.2009 16:16:15:
> "Thiago H. de Paula Figueiredo" <[email protected]> schrieb am 01.10.
> > > @Scope( ScopeConstants.PERTHREAD)
> > > class OssoAccessControllerImpl {...}
> >
> > I can't see why it should be per thread.
>
> The OssoAccessControllerImpl gets some authentication info from the
> request and creates a User object.
> I want(ed) to store this object into the session, so I need an
> ApplicationStateManager, because the @Session annotation can't be used
> here (we're in a service). The ApplicationStateManager can be injected
> into the OssoAccessControllerImpl constructor, so the latter must be
> request specifice, i.e. per thread.
>
> However, your comment made it clear to me that I could put the User
> object into the request instead of into the session. Then, I can fetch
> it via the Request service which can be injected wherever I would have
> used @Session private User user; ! This is much better! Thanks!
Well, on second thought, it isn't really better as creating the User
object involves LDAP access, thus some overhead. I'd prefer creating the
User object only if the authorization info has changed since the last
request. This would require storing it into the session, and the access
controller needs to be perthread. Is this correct after all?
Dirk
BGS Beratungsgesellschaft
Software Systemplanung AG Niederlassung Köln/Bonn
Grantham-Allee 2-8
53757 Sankt Augustin
Fon: +49 (0) 2241 / 166-500
Fax: +49 (0) 2241 / 166-680
www.bgs-ag.de Geschäftssitz Mainz
Registergericht
Amtsgericht Mainz
HRB 62 50
Aufsichtsratsvorsitzender
Klaus Hellwig
Vorstand
Hermann Kiefer
Nils Manegold
Thomas Reitz
