> Thanks Everyone for providing valuable suggestions We > usein-house Security system which gives employee Id and > Roles on successful authentication. We need to store > employee Id &Roles into some kind of object maybe session so > that it can be accessible by any Spring bean in the business layer. > David i totally agree with you that i should rethink my > design . Not sure whats the best practice to pass user info > viz. user Id , user Roles , privileges etc from JSF to Spring. > Are you refering to POJO instead of session object for > wrapping userId and roles. Thats a good idea even i thought > about BUT users will have different session objects with > their user Info in it and also we want the Lifecycle of the > object to be under session i.e. as the session terminates the > object should be destroyed
Well, I guess an option here is to mimic what acegi would do; place the authentication object into a ThreadLocal object. That way it is available to any layer w/o requiring any runtime binding...
