Hi guys :)

I build a small webapp and I ask myself a very simple question for which I didn't find an answer :

is it possible to retrieve the HttpSession object inside the entity manager ?


Thanks !

The EntityManager has no clue about the HttpSession. If you need access to the HttpSession, your UI layer should perform that kind of work. If you need access to the HttpSession from the EM, your architecture could probably use some closer inspection/refactoring.

Perhaps if you explained the need for this, I could guide you a bit in the right direction.

Hi Ananasi !

I want to access the http session because my application must handle the data of several companies (data which are, of course, not intended to be shared...)
For accessing the webapp, a login procedure is necessary and only a part of the data must be available to the user (those from his company...)

the "id_company" attribute is associated to all of the database rows in order to be distinguished from the other companies.

I thought I would be great if my business layer wouldn’t be aware of this...

What I thought then, was to associate the id_company to the HttpSession of the user and so, the manager would be able to only retrieve the right data :)

did you get it ? :)

thanks

I understand, as this is a relatively common occurrence. For instance, in one of my enterprise applications, I maintain security credentials in the HttpSession. When persisting objects, the security credentials need to be accessed to save auditing information (created_by, modified_by columns). In order to maintain the separation of concerns (HttpSession should really only be accessible from UI layers as it is a UI rendering construct), you will have to pass the id_company from the UI layer (whether Struts' Action, Spring MVC's ModelAndView, or simply JSP's scriptlets) to the layer of the application that is involved with persistence operations. If you use DAO's, for instance, an example method signature would be getPersonnelByStartDate(Date startDate, Long companyId), which could be called from your UI layer. In fact, almost all method signatures in your persistence layers would likely pass the companyId as a parameter, since you are restricting access to information given that data.

Yes, it becomes a bit more of a pain when you introduce more application layers in the architecture (you have to keep passing that parameter through your layers), but the first time you have to refactor, the benefits are clear.

Thanks Ananasi

I understand that the HttpSession has nothing to do with persistence…

Your solution is a very good one.

However as my application is based on Webwork (for UI layer) in conjunction with a service layer, I consider taking an intermediate option: I will set the HttpSession somewhere when my user logs in. So, only my service class will need to invoke the method with the “id_company” parameter.

There must be something to do with a "UserSession" class, for example, with holds an attribute :

private static final ThreadLocal sessionMap = new ThreadLocal() ;

Thanks Ananasi ! You’re very nice !