The access group can determine the session attribute list for the users in this group. These attributes can be used when setting the constraints. The availability of the session attributes can be checked in the application code at the development stage, so the final system behavior for particular user groups can be controlled at the operation stage.
When logging in, all the attributes set for the user group and for all the groups up the hierarchy will be placed into the
user session. If an attribute is found in several levels of the hierarchy, the uppermost group value will be used. Hence,
overriding the attribute values at the lower levels of the hierarchy is not possible. In case of the override attempt, the
WARN
level message will be written to the server log.
In order to create an attribute in the Session Attributes tab, and click :
screen, select the group to create the attribute for, go to theA unique attribute name, data type, and value must be specified.
A session attribute can be accessed in the application code in the following way:
@Inject private UserSessionSource userSessionSource; ... Integer accessLevel = userSessionSource.getUserSession().getAttribute("accessLevel");
A session attribute can be used in the constraints as a JPQL parameter by adding the session$
prefix:
{E}.accessLevel = :session$accessLevel