set value to an interceptor

[robert_trudel]

hi

i use a spring interceptor

Part 1

Code:

ApplicationContext context = new ClassPathXmlApplicationContext(new String[]{"applicationContext.xml"});
UserFacade user = (UserFacade) context.getBean("interceptedService");

Part 2 - config xml

Code:

<bean id="securityInterceptor" class="test.logic.UserValidationImpl">
    <property name="userImpl" ref="odUserDao"/>
</bean>
    
<bean id="interceptedService" class="org.springframework.aop.framework.ProxyFactoryBean">
    <property name="target">
        <ref bean="odUserDao"/>
    </property>
    <property name="interceptorNames">
        <list>
            <value>securityInterceptor</value>
        </list>
    </property>
</bean>

in UserValidationImpl, i have a variable named currentUser
in part 1, how can i affect a value to this variable ?
does i need to add something in the part 2 (xml config)?


thanks

[Marten Deinum]

You will at least have to figure out a way to retrieve the currentUser. I would set it in a ServletFilter (if you are in a web app), put it in a ThreadLocal and retrieve it from the threadlocal prior to use in your UserValidationImpl. (Although I'm not sure what you are doing there and why you do it this way...).

[robert_trudel]

before to execute some method, i would like to check if the user have the right to do it

if you have a better way to do it... i'm open

[Marten Deinum]

if you have a better way to do it... i'm open

Spring Security already has al the stuff needed for this, you might want to check that out instead of creating your own security solution.

before to execute some method, i would like to check if the user have the right to do it

I was mislead by the name of your class, I would expet it to validate the user, not do a security check.

If you don't want to use Spring Security you still need access to your current user, as stated in my previous answer. Put it in a ThreadLocal on each incoming request (I assume the user is stored in the Session or at least you have the means to retrieve it), and retrieve it from there when you need it. Spring Security uses the same approach.