With the introduction of Spring Security 2.0.2 we are revisiting the way we coded Session Management i.e.
We retrieve the user credentials from the database and store in HttpSession object . We also store the same info in Thread Local variable so that its available to Spring beans in the business layer. We use JSF in the presentation layer. Here is the code snippet
Any pointers/suggestions on how to rewrite this code using Spring Security 2.0.2 framework will be highly appreciated. Currently i am able to get user credentials from User class which implements UserDetails. But if i replace my old code with User class how to handle session timeouts , session management etc.
final HttpSession userSession = (HttpSession) FacesContext.getCurrentInstance().getExternalContext()
//userInfo is lightweight pojo with attributes userId, userRoles
// UserInfoHolder is Thread Local Variable