Roo Security, Best Practice and ContextHolderStrategy
Roo Security, Best Practice and ContextHolderStrategy
I am currenty working on a "Best Practice" Roo app focusing on use of Roo Security.
I have these questions on the technical material presented below.
1) Is my claim as to 'best practice' correct?
2) Is there a better way (more Roo like) ways of generating the setter?
3) Anything else in this area I have missed here, espically related to ROO best pracitce?
--------
Once a user clicks the "submit" button on a Roo generated form the processing will normally then end up calling a function in the "Controler". In this function the standard way of finding the user context (the logged in user, if any) is to call
However this is very "un spring like" in that it creates an dependency.Code:Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
The 'dependency injection' way is to instead call
Where securityContextHolderStrategy and its setter are defined in the Controller Class asCode:Object principal = securityContextHolderStrategy.getContext().getAuthentication().getPrincipal();
And the bean that sets the value goes in applicationContext-security.xml and looks likeCode:private static SecurityContextHolderStrategy securityContextHolderStrategy; public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy s) { securityContextHolderStrategy = s; }
I am not asking if this works (I know it works). What I want to know is, - Is this the best, "most ROO approved" way of doing this?Code:<beans:bean id="somePOJOid_NotDireclyRefferenced" class="net.????.ControlerName"> <beans:property name="securityContextHolderStrategy" > <beans:bean class="org.springframework.security.core.context.SecurityContextHolder" factory-method="getContextHolderStrategy"> </beans:bean> </beans:property> </beans:bean>
--
Roger
Reply With Quote
