Announcement Announcement Module
Collapse
No announcement yet.
Is it secure to get beans directly from HttpSession with getAttribute()? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is it secure to get beans directly from HttpSession with getAttribute()?

    I have some proxied session-scoped beans that I need to access from HttpSessionListener when the session gets destroyed. As there is no request bound to the Thread, I can't access the session scoped beans the normal way.

    Reading around, I found that the beans are currently stored into the session with the beanName, and if it's proxied, then it's prefixed with the String "scopedTarget.". Although, I don't know if this is secure/recommended to get beans this way, as it could change on next releases of Spring.

    Currently, one could get those beans with session.getAttribute("beanName") or session.getAttribute("scopedTarget.beanName") when proxied.

    So, is it secure/recommend to get the beans this way? Is there a recommended way?

    I could also mock the ServletRequest and pass it to the ServletRequestAttributes (as described here). But I believe this is even more heterodox.
Working...
X