Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring MVC Session Attribute Access

Is there any way under spring 3.0 to access the HttpSession without including it in the method signature? What I really want to do is be able to pass in values from an HttpSession that CAN BE null.

Something like this:

@RequestMapping("/myHomePage")
public ModelAndView show(UserSecurityContext ctx) {}

instead of this:

@RequestMapping("/myHomePage")
public ModelAndView show(HttpSession session) {
      UserSecurityContext ctx = (UserSecurityContext) session.getAttribute("userSecurityCtx");
}
like image 744
Mark Avatar asked Feb 06 '10 17:02

Mark


People also ask

How can I see session attributes?

Click the Application tab to open the Application panel. Expand the Session Storage menu. Click a domain to view its key-value pairs. Click a row of the table to view the value in the viewer below the table.

What is @SessionAttributes in Spring MVC?

@SessionAttribute annotation retrieve the existing attribute from the session. This annotation allows you to tell Spring which of your model attributes will also be copied to HttpSession before rendering the view.


2 Answers

The @SessionAttribute annotation mentioned by @uthark is not suitable for this task - I thought it was too, but a bit of reading shows otherwise:

Session attributes as indicated using this annotation correspond to a specific handler's model attributes, getting transparently stored in a conversational session. Those attributes will be removed once the handler indicates completion of its conversational session. Therefore, use this facility for such conversational attributes which are supposed to be stored in the session temporarily during the course of a specific handler's conversation.

For permanent session attributes, e.g. a user authentication object, use the traditional session.setAttribute method instead. Alternatively, consider using the attribute management capabilities of the generic WebRequest interface.

In other words, @SessionAttribute is for storing conversation MVC-model objects in the session (as opposed to storing them as request attributes). It's not intended for using with arbitrary session attributes. As you discovered, it only works if the session attribute is always there.

I'm not aware of any other alternative, I think you're stuck with HttpSession.getAttribute()

like image 89
skaffman Avatar answered Nov 03 '22 22:11

skaffman


You can use a RequestContextHolder:

class SecurityContextHolder {
    public static UserSecurityContext currentSecurityContext() {
        return (UserSecurityContext) 
            RequestContextHolder.currentRequestAttributes()
            .getAttribute("userSecurityCtx", RequestAttributes.SCOPE_SESSION));
    }
}
...
@RequestMapping("/myHomePage")           
public ModelAndView show() {           
    UserSecurityContext ctx = SecurityContextHolder.currentSecurityContext();
}

For cross-cutting concerns such as security this approach is better because you doesn't need to modify your controller signatures.

like image 41
axtavt Avatar answered Nov 03 '22 22:11

axtavt