Java Spring MVC 会话属性访问
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2213974/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Spring MVC Session Attribute Access
提问by Mark
Is there any way under spring 3.0 to access the HttpSession without including it in the method signature? What I really want to do is be able to pass in values from an HttpSession that CAN BE null.
spring 3.0 下有什么方法可以访问 HttpSession 而不将其包含在方法签名中吗?我真正想要做的是能够从 HttpSession 传入可以为空的值。
Something like this:
像这样的东西:
@RequestMapping("/myHomePage")
public ModelAndView show(UserSecurityContext ctx) {}
instead of this:
而不是这个:
@RequestMapping("/myHomePage")
public ModelAndView show(HttpSession session) {
UserSecurityContext ctx = (UserSecurityContext) session.getAttribute("userSecurityCtx");
}
采纳答案by skaffman
The @SessionAttributeannotation mentioned by @uthark is not suitable for this task - I thought it was too, but a bit of readingshows otherwise:
@SessionAttribute@uthark 提到的注解不适合这个任务——我认为它也是,但一些阅读表明不然:
Session attributes as indicated using this annotation correspond to a specific handler's model attributes, getting transparently stored in a conversational session. Those attributes will be removed once the handler indicates completion of its conversational session. Therefore, use this facility for such conversational attributes which are supposed to be stored in the session temporarily during the course of a specific handler's conversation.
For permanent session attributes, e.g. a user authentication object, use the traditional session.setAttribute method instead. Alternatively, consider using the attribute management capabilities of the generic WebRequest interface.
使用此注释指示的会话属性对应于特定处理程序的模型属性,透明地存储在会话会话中。一旦处理程序指示其会话会话完成,这些属性将被删除。因此,将此功能用于此类会话属性,这些属性应该在特定处理程序的会话过程中临时存储在会话中。
对于永久会话属性,例如用户身份验证对象,请改用传统的 session.setAttribute 方法。或者,考虑使用通用 WebRequest 接口的属性管理功能。
In other words, @SessionAttributeis for storing conversation MVC-model objects in the session (as opposed to storing them as request attributes). It's not intended for using with arbitrary session attributes. As you discovered, it only works if the session attribute is always there.
换句话说,@SessionAttribute用于在会话中存储对话 MVC 模型对象(而不是将它们存储为请求属性)。它不适用于与任意会话属性一起使用。正如您所发现的,它只有在 session 属性始终存在时才有效。
I'm not aware of any other alternative, I think you're stuck with HttpSession.getAttribute()
我不知道任何其他选择,我想你坚持 HttpSession.getAttribute()
回答by uthark
Yes, you can.
是的你可以。
@SessionAttributes("userSecurityContext")
public class UserSecurityContext {
}
@RequestMapping("/myHomePage")
public String show(@ModelAttribute("userSecurityContext") UserSecurityContext u) {
// code goes here.
}
See for details:
详情请见:
回答by axtavt
You can use a RequestContextHolder:
您可以使用RequestContextHolder:
class SecurityContextHolder {
public static UserSecurityContext currentSecurityContext() {
return (UserSecurityContext)
RequestContextHolder.currentRequestAttributes()
.getAttribute("userSecurityCtx", RequestAttributes.SCOPE_SESSION));
}
}
...
@RequestMapping("/myHomePage")
public ModelAndView show() {
UserSecurityContext ctx = SecurityContextHolder.currentSecurityContext();
}
For cross-cutting concerns such as security this approach is better because you doesn't need to modify your controller signatures.
对于安全性等跨领域问题,这种方法更好,因为您不需要修改控制器签名。
