I'm searching a solution for my problem. Here it is:
I have an web application, with spring, for connecting the layers and other stuff. So, when a user connects into the appplication,based on a username/password, I'm putting this informations into the http session. The problem is that I don't know hot to 'inject' this information in my service layer (I need to trace every action).
If at all you're able to inject the user info to service layer, an instance of service-object will be needed to be dedicated for a request at any given point in time.
This means, for catering N simultaneous requests, you'll need N instances of service-objects, as they will be aware of the request context. This is certainly possible with scope as 'request' and calling beanFactory.getBean(..) in web-layer to get a (possibly new) instance of service-object.
Possible, but may not be desired... I would say. If your service-object is not having any other state (instance-specific fields) to maintain, there is no point in instantiating it more than once.
I would suggest you go the Transfer-Object way, wherein you 'pass' the user-info to service-object along with other information (wrapped in a Transfer-Object) every time you invoke a service-method.
Second option could also be to use ThreadLocal contexts just like Spring does (custom scopes also depend on these). This, however, assuming that there is no remote-call (to EJBs etc.) in the request flow.
Um, why not just use Spring Security? It will handle all that stuff for you. It can even pass down the Principle to your service layer and your service layer can have security automatically.
0
