Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

User session Object  RSS feed

 
Rak Nair
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi everyone,

I am building a web page where the user information is stored in the database. when a user logs in i want to create a user session object populated with the information of the user for each user that logs into the web page. Is there way to do it?Any best practices?
 
Tim Holloway
Bartender
Posts: 18661
71
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Rak!

For myself, I assert that the "best practice" is to use the J2EE standard container-managed security system to do the logins for you and NOT invent your own login and security services. That's because in all the years I've spent with J2EE, including those that predate JSF, I've never encountered a Do-it-Yourself security system that was even remotely secure. In fact, most of them could be cracked in under 5 minutes by fairly non-technical people.

To provide user-specific information and fine-grained access control information, I often define a session backing bean with the name of "User" or something equally original. This bean is then injected into whatever other backing beans need the data and/or services that the User bean provides, providing a clear separation of concerns. The User bean itself generally obtains the logged-in userID from the HttpServletRequest object via FacesContext (I usually have a separate JSF utilities class that I use for this). The userID can then be used as a key to look up whatever specific user information I need so that I don't have to keep it all in memory all the time.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!