> The goal is to just @Inject User currentUser; or @SessionState User > currentUser; or @Persist User > currentUser; in a page or service and have acces to the user as denoted by > the principal stored in > the http session. Which option would you chose? Are there others, maybe > more straightforward ones, > that I'm missing?
What I did is in Login.java onActionFromLoginForm() { .... currentUser.login(token); ... User user = User.getUserByEmail(newContext, currentUser.getPrincipal().toString()); // the principal is the user's email address // I use cayenne instead of hibernate .... request.getSession(true).setAttribute(MyConstants.USER_SESSION_ATTRIBUTE, user); .... } in page classes: @SessionAttribute(MyConstants.USER_SESSION_ATTRIBUTE) private User user; Is there a disadvantage to this solution that I overlooked? One problem is, if the admin deactivates or deletes the user while they are logged in, the user can still access the site. -Bjello --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org