Thanks Everyone for providing valuable suggestions We usein-house Security system which gives employee Id and Roles on successful authentication. We need to store employee Id &Roles into some kind of object maybe session so that it can be accessible by any Spring bean in the business layer. David i totally agree with you that i should rethink my design . Not sure whats the best practice to pass user info viz. user Id , user Roles , privileges etc from JSF to Spring. Are you refering to POJO instead of session object for wrapping userId and roles. Thats a good idea even i thought about BUT users will have different session objects with their user Info in it and also we want the Lifecycle of the object to be under session i.e. as the session terminates the object should be destroyed
Regards Bansi Nebinger, David wrote: > >> Besides the spring integration, maybe you should rethink your >> design ? >> Use somthing like acegi security to perform authentification >> and authorization instead of passing Session objects to the >> business layer... >> At least consider wrapping the info you need (user id and >> roles) in an object, instead of passing the session object... >> As far as I remember (after quite some time using frameworks >> I guess I've lost some basics :-)) there's no need to store >> the user's details in the session ? Everything should be >> there, at least if you use container (or tomcat) based auth ? > > Yes, Acegi uses a security context holder which is basically bound to > the thread. A filter on the incoming request ensures the thread has the > appropriate user. It is then available throughout your application, > including the spring beans. > > -- View this message in context: http://www.nabble.com/How-to-Share-Session-between-JSF%28MyFaces%29-and-Spring-tf3772789.html#a10685315 Sent from the MyFaces - Users mailing list archive at Nabble.com.
