Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Session User Info retrieval in Dao layer

Tags:

java

security

spring

session

I have a web-application in java, spring framework, hibernate on tomcat, that has basically almost no security except the login and logout functionality (no spring security)

I can access the user information in a controller by: 

// where request is HttpServletRequest
 HttpSession session = request.getSession(true);
 SystemUser user = (SystemUser) session.getAttribute("user");

and do the logic. However, I need to get this information in Dao layer. Where I actually get data from the database to retrieve user specific data. One way is to pass the "user" object to service layer and then service layer to pass it on to the dao layer. But this is quite a huge load of work.

I wonder if there is a way in Spring some how to access the session object in Dao layer? or any other way to retrieve user specific data.

like image 529
Saky Avatar asked Nov 30 '22 09:11

Saky

2 Answers

You can use RequestContextHolder:

ServletRequestAttributes requestAttributes = (ServletRequestAttributes)RequestContextHolder.getRequestAttributes();
HttpSession session = requestAttributes.getRequest().getSession();

Because it uses a static method, it can be invoked from anywhere, as long as it's from the same thread that handled the request.

Edit: As Faisal correctly pointed out, this is generally not a good idea, since it leads to undesirable coupling and hard-to-test code. However, in some cases it's unavoidable, such as when the interface to your code is fixed (e.g. legacy services, or a JSP tag library, etc).

like image 155
skaffman Avatar answered Dec 05 '22 01:12

skaffman

This might just be my personal opinion but you are far better passing this type of information along as a method parameter rather than accessing web context classes in your DAO.

What if you want to use your DAO classes outside of a web application?

The DAO accessing some sort of request context holder makes the question of what data the DAO method needs to run a hidden secret - rather than declaring a method parameter for the data it needs, it is accessing a static method on some class secretly.

This leads to hard-to-test and hard-to-understand code.

like image 40
matt b Avatar answered Dec 04 '22 23:12

matt b
Sign in to Comment

Related questions

In Java, is it safe to assume a certain size of the primitive types for bitwise operations?
Why is my NullPointerException not being caught in my catch block?
Is memory management in different languages similar enough to transfer my knowledge?
What classes of applications or problems do you prefer Python to strictly OO Languages?
How can I send a command to a running Java program?
Need FileDialog with a file type filter in Java
Java Swing: JList with ListCellRenderer selected item different height
How to stop a java application?
Casting performance in Java
char c=7; Why this statement will execute in java without error?
Simplified Singleton pattern in Java
Does HashMap provide a one to one correspondence?
Waiting on threads
copyOf method undefined for the type Arrays
Compare two lists
In Java, is it more expensive to create an object, or get the objects value?
How to open a .dat file in java program
Java synchronized blocks
How to upcast an Object to a java.util.Map?
Get number of rows updated with PreparedStatement

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!