On 31.10.2012 13:05, devnull2...@gmx.de wrote:
>> The goal is to just @Inject User currentUser; or @SessionState User
>> currentUser; or @Persist User
>> currentUser; in a page or service and have acces to the user as denoted by
>> the principal stored in
>> the http session. Which option would you chose? Are there others, maybe
>> more straightforward ones,
>> that I'm missing?
>
> What I did is
>
> in Login.java
>
> onActionFromLoginForm() {
> ....
> currentUser.login(token);
> ...
> User user = User.getUserByEmail(newContext,
> currentUser.getPrincipal().toString());
> // the principal is the user's email address
> // I use cayenne instead of hibernate
> ....
> request.getSession(true).setAttribute(MyConstants.USER_SESSION_ATTRIBUTE,
> user);
> ....
> }
>
> in page classes:
>
> @SessionAttribute(MyConstants.USER_SESSION_ATTRIBUTE)
> private User user;
>
> Is there a disadvantage to this solution that I overlooked?
> One problem is, if the admin deactivates or deletes the user while they are
> logged in, the user can still access the site.
>
> -Bjello
>
>
This will set an additional, albeit small, attribute in the session which is
actually not needed.
The user's principal is already there in my case.
Uli
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
