I have a web-application in java, spring framework, hibernate on tomcat, that has basically almost no security except the login and logout functionality (no spring security)
I can access the user information in a controller by:
// where request is HttpServletRequest
HttpSession session = request.getSession(true);
SystemUser user = (SystemUser) session.getAttribute("user");
and do the logic. However, I need to get this information in Dao layer. Where I actually get data from the database to retrieve user specific data.
One way is to pass the “user” object to service layer and then service layer to pass it on to the dao layer. But this is quite a huge load of work.
I wonder if there is a way in Spring some how to access the session object in Dao layer?
or any other way to retrieve user specific data.
This might just be my personal opinion but you are far better passing this type of information along as a method parameter rather than accessing web context classes in your DAO.
What if you want to use your DAO classes outside of a web application?
The DAO accessing some sort of request context holder makes the question of what data the DAO method needs to run a hidden secret – rather than declaring a method parameter for the data it needs, it is accessing a static method on some class secretly.
This leads to hard-to-test and hard-to-understand code.