How we can identify a user if we are having a VO for storing his session details?
Not sure if I can understand your question though. If you store his information in a VO within the session object then obviously you can get the VO from the session any time you want (of course using web server-side components like JSPs, servlets, custom tags, etc). It could be little bit trickier if you use J2EE security for authenticating/authorizing the user, but it�s far from being very complicated. Again I have the feeling that I might not understand your question very well. Can you please be more explicit? Regards.
I think, therefore I exist -- Rene Descartes
Joined: Nov 23, 2005
I'm great to have your reply. I can explain the scenario as well.
I want to manage a user session. And i'm privileged to use a Value object to store the user information. I think i can integrate the J2EE container based authentication with the VO. But I'm not familiar with jboss container based authentication. But i did the same for tomcat. How i can implement this with jboss?
Thankx Lima [ November 30, 2005: Message edited by: Elizabath Lima ]
Joined: Feb 17, 2005
I�m not much of a JBoss expert either, but the problem I guess is not vendor dependent when using standard J2EE security. You basically have a login action class or other java component that authenticats the user and creates a corresponding UserVO instance. This piece of code will write the UserVO to the HttpSession as well. You can for example use the user�s login id for writing the VO:
The problem though would become to associate each http request with the appropriate UserVO (in order to authorize him). You might take advantage of the HttpRequest.getRemoteUser() method. If your user was authenticated using standard J2EE security this method will return the user�s loginId and you can retrieve the appropriate UserVO instance: