I'm currently transforming my Web Application tn Java with Spring MVC framework from ASP.NET (good way to learn it though -:) ) I need to implement authentication in my application: Please tell me if my approach is good and professional enough and if not what is the best practice to do that:

我目前正在使用来自 ASP.NET 的 Spring MVC 框架转换我的 Web 应用程序 tn Java（虽然是学习它的好方法-:)）我需要在我的应用程序中实现身份验证：请告诉我我的方法是否足够好和专业如果不是，最好的做法是什么：

First of all I'm writing User class which holds all information about current user firstname/lastname/email/id/etc....

首先，我正在编写 User 类，其中包含有关当前用户名字/姓氏/电子邮件/id/等的所有信息....

class User implements Serializable{
private String firstName;
private String lastName;
private Long id;
private String email;

///Settters and Getters

}

I'm implementing class Named DlSession and implementing it on sesison level.

我正在实现名为 DlSession 的类并在 sesison 级别上实现它。

<bean id="MySession" class="DlSession" scope="session">
<aop:scoped-proxy/>

class DlSession implements Serializable{
private User currentUser;

public DlSession(){}

// getters and setters:
}

When User submits his user/pass I'm verifying the credential and if user exists retrieving all the user Data to the instance of User class. Then I'm setting currentUser in Session to b the user I retrieved:

当用户提交他的用户/通行证时，我正在验证凭据，如果用户存在，则将所有用户数据检索到用户类的实例。然后我将 Session 中的 currentUser 设置为 b 我检索到的用户：

mySesison.setCurrentUser(user);

In order to verify authentication I need to check:

为了验证身份验证，我需要检查：

if (mySession.getcurrentUser() == null)
//return unauthenticated 
else 
//return authenticated

To logout user from system I just doing:

要从系统中注销用户，我只是在做：

mySession.setcurrentUser(null);

Is this approach correct? any suggestions are more then welcomed. :)

这种方法是否正确？任何建议都更受欢迎。:)