On 31.10.2012 13:05, devnull2...@gmx.de wrote: >> The goal is to just @Inject User currentUser; or @SessionState User >> currentUser; or @Persist User >> currentUser; in a page or service and have acces to the user as denoted by >> the principal stored in >> the http session. Which option would you chose? Are there others, maybe >> more straightforward ones, >> that I'm missing? > > What I did is > > in Login.java > > onActionFromLoginForm() { > .... > currentUser.login(token); > ... > User user = User.getUserByEmail(newContext, > currentUser.getPrincipal().toString()); > // the principal is the user's email address > // I use cayenne instead of hibernate > .... > request.getSession(true).setAttribute(MyConstants.USER_SESSION_ATTRIBUTE, > user); > .... > } > > in page classes: > > @SessionAttribute(MyConstants.USER_SESSION_ATTRIBUTE) > private User user; > > Is there a disadvantage to this solution that I overlooked? > One problem is, if the admin deactivates or deletes the user while they are > logged in, the user can still access the site. > > -Bjello > >
This will set an additional, albeit small, attribute in the session which is actually not needed. The user's principal is already there in my case. Uli --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org