Changeset 6940

Timestamp:

12/16/08 13:48:44 (20 months ago)

Author:

dragisak

Message:

Get rid of static calls to AmbraUser?.geCurrentUser(). Remove dependency on servlet session from POJO's.

Location:

head/ambra/webapp/src

Files:

• main/java/org/topazproject/ambra/action/BaseSessionAwareActionSupport.java (added)
• main/java/org/topazproject/ambra/action/FeedbackAction.java (modified) (1 diff)
• main/java/org/topazproject/ambra/admin/action/ViewRatingAction.java (modified) (2 diffs)
• main/java/org/topazproject/ambra/annotation/action/CreateAnnotationAction.java (modified) (4 diffs)
• main/java/org/topazproject/ambra/annotation/action/CreateFlagAction.java (modified) (3 diffs)
• main/java/org/topazproject/ambra/annotation/action/CreateReplyAction.java (modified) (3 diffs)
• main/java/org/topazproject/ambra/annotation/service/AnnotationService.java (modified) (10 diffs)
• main/java/org/topazproject/ambra/annotation/service/ReplyService.java (modified) (4 diffs)
• main/java/org/topazproject/ambra/article/action/EmailArticleAction.java (modified) (1 diff)
• main/java/org/topazproject/ambra/rating/action/AbstractRatingAction.java (modified) (2 diffs)
• main/java/org/topazproject/ambra/rating/action/GetAverageRatingsAction.java (modified) (2 diffs)
• main/java/org/topazproject/ambra/rating/action/RateAction.java (modified) (2 diffs)
• main/java/org/topazproject/ambra/rating/service/RatingsService.java (modified) (2 diffs)
• main/java/org/topazproject/ambra/search/action/SearchAction.java (modified) (3 diffs)
• main/java/org/topazproject/ambra/search/service/SearchService.java (modified) (2 diffs)
• main/java/org/topazproject/ambra/user/action/AdminUserAlertsAction.java (modified) (1 diff)
• main/java/org/topazproject/ambra/user/action/MemberUserAlertsAction.java (modified) (1 diff)
• main/java/org/topazproject/ambra/user/action/MemberUserProfileAction.java (modified) (3 diffs)
• main/java/org/topazproject/ambra/user/action/UserActionSupport.java (modified) (3 diffs)
• main/java/org/topazproject/ambra/user/action/UserAlertsAction.java (modified) (4 diffs)
• main/java/org/topazproject/ambra/user/action/UserProfileAction.java (modified) (3 diffs)
• main/java/org/topazproject/ambra/user/AmbraUser.java (modified) (4 diffs)
• main/java/org/topazproject/ambra/web/UserContext.java (modified) (1 diff)
• test/java/org/topazproject/ambra/annotation/action/AnnotationActionsTest.java (modified) (3 diffs)
• test/java/org/topazproject/ambra/user/action/UserActionsTest.java (modified) (4 diffs)
• test/java/org/topazproject/ambra/user/action/UserAlertsTest.java (modified) (3 diffs)

head/ambra/webapp/src/main/java/org/topazproject/ambra/action/FeedbackAction.java

@@ -59 +59 @@
 
   private void setUserDetailsFromSession() {
-    final AmbraUser ambraUser = AmbraUser.getCurrentUser();
+    final AmbraUser ambraUser = getCurrentUser();
     if (null != ambraUser) {
       name = ambraUser.getDisplayName();

head/ambra/webapp/src/main/java/org/topazproject/ambra/admin/action/ViewRatingAction.java

@@ -21 +21 @@
 
 import org.springframework.transaction.annotation.Transactional;
-import org.topazproject.ambra.action.BaseActionSupport;
+import org.topazproject.ambra.action.BaseSessionAwareActionSupport;
 import org.topazproject.ambra.models.Rating;
 import org.topazproject.ambra.rating.service.RatingsService;
 
 @SuppressWarnings("serial")
-public class ViewRatingAction extends BaseActionSupport {
+public class ViewRatingAction extends BaseSessionAwareActionSupport {
   private String ratingId;
   private Rating rating;
@@ -34 +34 @@
   @Transactional(readOnly = true)
   public String execute() throws Exception {
-    rating = getRatingsService().getRating(ratingId);
+    rating = getRatingsService().getRating(ratingId, getCurrentUser());
     return SUCCESS;
   }

head/ambra/webapp/src/main/java/org/topazproject/ambra/annotation/action/CreateAnnotationAction.java

@@ -27 +27 @@
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.transaction.interceptor.TransactionAspectSupport;
-import org.topazproject.ambra.action.BaseActionSupport;
+import org.topazproject.ambra.action.BaseSessionAwareActionSupport;
 import org.topazproject.ambra.annotation.Context;
 import org.topazproject.ambra.annotation.ContextFormatter;
 import org.topazproject.ambra.annotation.service.AnnotationService;
 import org.topazproject.ambra.util.ProfanityCheckingService;
+import org.topazproject.ambra.user.AmbraUser;
 
 import com.opensymphony.xwork2.validator.annotations.RequiredStringValidator;
@@ -39 +40 @@
  */
 @SuppressWarnings("serial")
-public class CreateAnnotationAction extends BaseActionSupport {
+public class CreateAnnotationAction extends BaseSessionAwareActionSupport {
   private String target;
   private String commentTitle;
@@ -73 +74 @@
       if (profaneWordsInBody.isEmpty() && profaneWordsInTitle.isEmpty()) {
         final String scontext = ContextFormatter.asXPointer(new Context(startPath, startOffset, endPath, endOffset, target));
-        annotationId = annotationService.createComment(target, scontext, supercedes, commentTitle, mimeType, comment, isPublic);
+        annotationId = annotationService.createComment(target, scontext, supercedes, commentTitle, mimeType, comment, isPublic, getCurrentUser());
         if (log.isDebugEnabled()) {
           log.debug("CreateAnnotationAction called and annotation created with id: " + annotationId);
@@ -79 +80 @@
         if ("correction".equals(noteType)) {
           annotationService.createFlag(annotationId, "Create Correction",
-              "Note created and flagged as a correction", mimeType);
+              "Note created and flagged as a correction", mimeType, getCurrentUser());
         }
       } else {

head/ambra/webapp/src/main/java/org/topazproject/ambra/annotation/action/CreateFlagAction.java

@@ -24 +24 @@
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.transaction.interceptor.TransactionAspectSupport;
-import org.topazproject.ambra.action.BaseActionSupport;
+import org.topazproject.ambra.action.BaseSessionAwareActionSupport;
 import org.topazproject.ambra.annotation.service.AnnotationService;
 
@@ -33 +33 @@
  */
 @SuppressWarnings("serial")
-public class CreateFlagAction extends BaseActionSupport {
+public class CreateFlagAction extends BaseSessionAwareActionSupport {
   private String target;
   private String comment;
@@ -47 +47 @@
   public String execute() throws Exception {
     try {
-      annotationId = annotationService.createFlag(target, reasonCode, comment, mimeType);
+      annotationId = annotationService.createFlag(target, reasonCode, comment, mimeType, getCurrentUser());
     } catch (final Exception e) {
       log.error("Could not create flag for target: " + target, e);

head/ambra/webapp/src/main/java/org/topazproject/ambra/annotation/action/CreateReplyAction.java

@@ -26 +26 @@
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.transaction.interceptor.TransactionAspectSupport;
-import org.topazproject.ambra.action.BaseActionSupport;
+import org.topazproject.ambra.action.BaseSessionAwareActionSupport;
 import org.topazproject.ambra.annotation.service.ReplyService;
 import org.topazproject.ambra.util.ProfanityCheckingService;
+import org.topazproject.ambra.user.AmbraUser;
 
 import com.opensymphony.xwork2.validator.annotations.RequiredStringValidator;
@@ -36 +37 @@
  */
 @SuppressWarnings("serial")
-public class CreateReplyAction extends BaseActionSupport {
+public class CreateReplyAction extends BaseSessionAwareActionSupport {
   private String replyId;
   private String root;
@@ -57 +58 @@
 
       if (profaneWordsInBody.isEmpty() && profaneWordsInTitle.isEmpty()) {
-        replyId = replyService.createReply(root, inReplyTo, commentTitle, mimeType, comment);
+        replyId = replyService.createReply(root, inReplyTo, commentTitle, mimeType, comment, getCurrentUser());
       } else {
         addProfaneMessages(profaneWordsInBody, "comment", "comment");

head/ambra/webapp/src/main/java/org/topazproject/ambra/annotation/service/AnnotationService.java

@@ -94 +94 @@
    * @param isPublic to set up public permissions
    *
+   * @param user
    * @return a the new annotation id
    *
@@ -99 +100 @@
    */
   private String createAnnotation(Class<? extends ArticleAnnotation> annotationClass,
-                   final String mimeType, final String target,
-                   final String context, final String olderAnnotation,
-                   final String title, final String body, boolean isPublic)
+                                  final String mimeType, final String target,
+                                  final String context, final String olderAnnotation,
+                                  final String title, final String body, boolean isPublic, AmbraUser user)
                      throws Exception {
 
@@ -114 +115 @@
       throw new UnsupportedOperationException("supersedes is not supported");
 
-    String                  user       = AmbraUser.getCurrentUser().getUserId();
-    AnnotationBlob          blob       = new AnnotationBlob(contentType);
+    String userId = user.getUserId();
+    AnnotationBlob blob = new AnnotationBlob(contentType);
     final ArticleAnnotation annotation = annotationClass.newInstance();
 
@@ -122 +123 @@
     annotation.setContext(context);
     annotation.setTitle(title);
-    annotation.setCreator(user);
+    annotation.setCreator(userId);
     annotation.setBody(blob);
     annotation.setCreated(new Date());
@@ -132 +133 @@
     if (log.isDebugEnabled())
       log.debug("created annotaion " + newId + " for " + target + " with body in blob "
-                + blob.getId());
+          + blob.getId());
 
     permissionsService.propagatePermissions(newId, new String[] { blob.getId() });
@@ -592 +593 @@
    * @param body body
    * @param isPublic isPublic
+   * @param user
    * @throws Exception on an error
    * @return unique identifier for the newly created annotation
@@ -599 +601 @@
                               final String olderAnnotation, final String title,
                               final String mimeType, final String body,
-                              final boolean isPublic) throws Exception {
+                              final boolean isPublic, AmbraUser user) throws Exception {
 
     if (log.isDebugEnabled()) {
@@ -608 +610 @@
 
     String annotationId = createAnnotation(Comment.class, mimeType, target, context,
-                                           olderAnnotation, title, body, true);
+                                           olderAnnotation, title, body, true, user);
 
     if (log.isDebugEnabled()) {
-      final AmbraUser user = AmbraUser.getCurrentUser();
       log.debug("Comment created with ID: " + annotationId + " for user: " + user +
                   " for IP: " + ServletActionContext.getRequest().getRemoteAddr());
@@ -666 +667 @@
    * @param body body
    * @param mimeType mimeType
+   * @param user Logged in user
    * @return unique identifier for the newly created flag
    * @throws Exception on an error
@@ -671 +673 @@
   @Transactional(rollbackFor = { Throwable.class })
   public String createFlag(final String target, final String reasonCode,
-      final String body, final String mimeType) throws Exception {
+                           final String body, final String mimeType, AmbraUser user) throws Exception {
     final String flagBody = FlagUtil.createFlagBody(reasonCode, body);
-    return createComment(target, null, null, null, mimeType, flagBody, true);
+    return createComment(target, null, null, null, mimeType, flagBody, true, user);
   }
 

head/ambra/webapp/src/main/java/org/topazproject/ambra/annotation/service/ReplyService.java

@@ -68 +68 @@
    * @param body the reply body
    *
+   * @param user
    * @return a new reply
    *
@@ -74 +75 @@
   @Transactional(rollbackFor = { Throwable.class })
   public String createReply(final String root, final String inReplyTo, final String title,
-                            final String mimeType, final String body)
+                            final String mimeType, final String body, AmbraUser user)
                      throws Exception {
     pep.checkAccess(RepliesPEP.CREATE_REPLY, URI.create(root));
@@ -82 +83 @@
 
     final String contentType = getContentType(mimeType);
-    String       user        = AmbraUser.getCurrentUser().getUserId();
-    ReplyBlob    blob        = new ReplyBlob(contentType);
-
-    final Reply  r           = new ReplyThread();
+    String userId = user.getUserId();
+    ReplyBlob blob = new ReplyBlob(contentType);
+
+    final Reply r = new ReplyThread();
     r.setMediator(getApplicationId());
     r.setType(getDefaultType());
@@ -91 +92 @@
     r.setInReplyTo(inReplyTo);
     r.setTitle(title);
-    r.setCreator(user);
+    r.setCreator(userId);
     r.setBody(blob);
     r.setCreated(new Date());
 
-    String  newId      = session.saveOrUpdate(r);
+    String  newId = session.saveOrUpdate(r);
     // now that the blob is created by OTM, write to it
     blob.getBody().writeAll(body.getBytes(getEncodingCharset()));

head/ambra/webapp/src/main/java/org/topazproject/ambra/article/action/EmailArticleAction.java

@@ -65 +65 @@
   @Transactional(readOnly = true)
   public String executeRender() throws Exception {
-    final AmbraUser ambraUser = AmbraUser.getCurrentUser();
+    final AmbraUser ambraUser = getCurrentUser();
     if (null != ambraUser) {
       senderName = ambraUser.getDisplayName();

head/ambra/webapp/src/main/java/org/topazproject/ambra/rating/action/AbstractRatingAction.java

@@ -25 +25 @@
 import org.springframework.beans.factory.annotation.Required;
 import org.topazproject.ambra.ApplicationException;
-import org.topazproject.ambra.action.BaseActionSupport;
+import org.topazproject.ambra.action.BaseSessionAwareActionSupport;
 import org.topazproject.ambra.article.service.ArticleOtmService;
 import org.topazproject.ambra.article.service.NoSuchArticleIdException;
@@ -37 +37 @@
  */
 @SuppressWarnings("serial")
-public abstract class AbstractRatingAction extends BaseActionSupport {
+public abstract class AbstractRatingAction extends BaseSessionAwareActionSupport {
 
   protected static final Log log = LogFactory.getLog(AbstractRatingAction.class);

head/ambra/webapp/src/main/java/org/topazproject/ambra/rating/action/GetAverageRatingsAction.java

@@ -22 +22 @@
 import org.springframework.transaction.annotation.Transactional;
 import org.topazproject.ambra.rating.service.RatingsService;
+import org.topazproject.ambra.user.AmbraUser;
 
 /**
@@ -45 +46 @@
   public String execute() throws Exception {
     avg = ratingsService.getAverageRatings(articleURI);
-    hasRated = ratingsService.hasRated(articleURI);
+    hasRated = ratingsService.hasRated(articleURI, getCurrentUser());
     isResearchArticle = isResearchArticle(articleURI);
     return SUCCESS;

head/ambra/webapp/src/main/java/org/topazproject/ambra/rating/action/RateAction.java

@@ -81 +81 @@
   @Transactional(rollbackFor = { Throwable.class })
   public String rateArticle() {
-    final AmbraUser user = AmbraUser.getCurrentUser();
+    final AmbraUser user = getCurrentUser();
     final Date      now  = new Date(System.currentTimeMillis());
     final URI       annotatedArticle;
@@ -277 +277 @@
   @Transactional(readOnly = true)
   public String retrieveRatingsForUser() {
-    final AmbraUser user = AmbraUser.getCurrentUser();
+    final AmbraUser user = getCurrentUser();
 
     if (user == null) {

head/ambra/webapp/src/main/java/org/topazproject/ambra/rating/service/RatingsService.java

@@ -126 +126 @@
    * @param ratingId Rating Id
    *
+   * @param user
    * @return Rating
    */
   @Transactional(readOnly = true)
-  public Rating getRating(final String ratingId) {
+  public Rating getRating(final String ratingId, AmbraUser user) {
     Rating rating = session.get(Rating.class, ratingId);
 
     // the PEP check is against what is rated,
     // e.g. can this user see the ratings for what is rated?
-    AmbraUser user = AmbraUser.getCurrentUser();
     pep.checkObjectAccess(RatingsPEP.GET_RATINGS, URI.create(user.getUserId()),
                           rating.getAnnotates());
@@ -189 +189 @@
   @SuppressWarnings("unchecked")
   @Transactional(readOnly = true)
-  public boolean hasRated(String articleURI) {
-    final AmbraUser user = AmbraUser.getCurrentUser();
+  public boolean hasRated(String articleURI, AmbraUser user) {
 
     if (user == null)

head/ambra/webapp/src/main/java/org/topazproject/ambra/search/action/SearchAction.java

@@ -34 +34 @@
 
 import org.springframework.transaction.annotation.Transactional;
-import org.topazproject.ambra.action.BaseActionSupport;
+import org.topazproject.ambra.action.BaseSessionAwareActionSupport;
 import org.topazproject.ambra.article.service.BrowseService;
 import org.topazproject.ambra.search.SearchResultPage;
@@ -47 +47 @@
  */
 @SuppressWarnings("serial")
-public class SearchAction extends BaseActionSupport {
+public class SearchAction extends BaseSessionAwareActionSupport {
   private static final Log log  = LogFactory.getLog(SearchAction.class);
   private static final DateFormat luceneDateFormat = new SimpleDateFormat("yyyy-MM-dd");
@@ -120 +120 @@
         pageSize = configuration.getInt(SEARCH_PAGE_SIZE, 10);
 
-      SearchResultPage results = searchService.find(queryString, startPage, pageSize);
+      SearchResultPage results = searchService.find(queryString, startPage, pageSize, getCurrentUser());
       totalNoOfResults = results.getTotalNoOfResults();
       searchResults    = results.getHits();

head/ambra/webapp/src/main/java/org/topazproject/ambra/search/service/SearchService.java

@@ -161 +161 @@
    * @param startPage The page number of the search results the user wants
    * @param pageSize  The number of results per page
+   * @param user
    * @return A SearchResultPage representing the search results page to be rendered
    * @throws ParseException if <var>query</var> is not valid
@@ -166 +167 @@
    */
   @Transactional(readOnly = true)
-  public SearchResultPage find(final String query, final int startPage, final int pageSize)
+  public SearchResultPage find(final String query, final int startPage, final int pageSize, AmbraUser user)
       throws ParseException, OtmException {
-    AmbraUser user     = AmbraUser.getCurrentUser();
     String    cacheKey = getCurrentJournal() + "|" + (user == null ? "anon" : user.getUserId()) +
                          "|" + query;

head/ambra/webapp/src/main/java/org/topazproject/ambra/user/action/AdminUserAlertsAction.java

@@ -29 +29 @@
   private String topazId;
 
-  @Override
-  protected AmbraUser getAmbraUserToUse() throws ApplicationException {
-    return getUserService().getUserByTopazId(topazId);
-  }
-
   /**
    * Setter for topazId.

head/ambra/webapp/src/main/java/org/topazproject/ambra/user/action/MemberUserAlertsAction.java

@@ -26 +26 @@
  */
 public class MemberUserAlertsAction extends UserAlertsAction {
-  @Override
-  protected AmbraUser getAmbraUserToUse() {
-    return AmbraUser.getCurrentUser();
-  }
 }

head/ambra/webapp/src/main/java/org/topazproject/ambra/user/action/MemberUserProfileAction.java

@@ -25 +25 @@
 import static org.topazproject.ambra.Constants.AMBRA_USER_KEY;
 
-import java.util.Map;
-
 /**
  * User Profile Action that is called by the member user to update their profile
@@ -43 +41 @@
 
     if (SUCCESS.equals(statusCode)) {
-      final Map<String, Object> sessionMap = getSessionMap();
-      sessionMap.put(AMBRA_USER_KEY, super.getSavedAmbraUser());
+      session.put(AMBRA_USER_KEY, super.getSavedAmbraUser());
     }
 
@@ -52 +49 @@
   @Override
   protected AmbraUser getAmbraUserToUse() {
-    final Map<String, Object> sessionMap = getSessionMap();
-    return (AmbraUser) sessionMap.get(AMBRA_USER_KEY);
+    return getCurrentUser();
   }
 
   @Override
   protected String getUserIdToFetchEmailAddressFor() {
-    final Map<String, Object> sessionMap = getSessionMap();
-    return (String) sessionMap.get(Constants.SINGLE_SIGNON_USER_KEY);
+    return (String) session.get(Constants.SINGLE_SIGNON_USER_KEY);
   }
 }

head/ambra/webapp/src/main/java/org/topazproject/ambra/user/action/UserActionSupport.java

@@ -24 +24 @@
 
 import org.springframework.beans.factory.annotation.Required;
-import org.topazproject.ambra.action.BaseActionSupport;
+import org.topazproject.ambra.action.BaseSessionAwareActionSupport;
 import org.topazproject.ambra.user.service.UserService;
 
 import com.googlecode.jsonplugin.annotations.JSON;
-
-import java.util.Map;
 
 /**
@@ -37 +35 @@
  * 
  */
-public class UserActionSupport extends BaseActionSupport {
+public class UserActionSupport extends BaseSessionAwareActionSupport {
   private static final Log log = LogFactory.getLog(UserActionSupport.class);
   private UserService userService;
@@ -58 +56 @@
   }
 
-  protected Map<String, Object> getSessionMap() {
-    return userService.getUserContext().getSessionMap();
-  }
 }

head/ambra/webapp/src/main/java/org/topazproject/ambra/user/action/UserAlertsAction.java

@@ -33 +33 @@
 import org.apache.commons.logging.LogFactory;
 import org.springframework.transaction.annotation.Transactional;
-import org.topazproject.ambra.ApplicationException;
 import org.topazproject.ambra.user.AmbraUser;
 import org.topazproject.ambra.user.service.UserAlert;
@@ -121 +120 @@
   @Transactional(rollbackFor = { Throwable.class })
   public String saveAlerts() throws Exception {
-    final AmbraUser ambraUser = getAmbraUserToUse();
+    final AmbraUser ambraUser = getCurrentUser();
     if (ambraUser == null) {
       throw new ServletException("Unable to resolve ambra user");
@@ -155 +154 @@
   @Transactional(readOnly = true)
   public String retrieveAlerts() throws Exception {
-    final AmbraUser ambraUser = getAmbraUserToUse();
+    final AmbraUser ambraUser = getCurrentUser();
     if (ambraUser == null) {
       throw new ServletException("Unable to resolve ambra user");
@@ -186 +185 @@
 
   /**
-   * Provides a way to get the AmbraUser to edit
-   * @return the AmbraUser to edit
-   * @throws org.topazproject.ambra.ApplicationException ApplicationException
-   */
-  protected abstract AmbraUser getAmbraUserToUse() throws ApplicationException;
-
-  /**
    * @return categories that have monthly alerts
    */

head/ambra/webapp/src/main/java/org/topazproject/ambra/user/action/UserProfileAction.java

@@ -32 +32 @@
 import org.topazproject.ambra.user.UserProfileGrant;
 import org.topazproject.ambra.user.service.DisplayNameAlreadyExistsException;
-import org.topazproject.ambra.user.service.UserAlert;
 import org.topazproject.ambra.util.FileUtils;
 import org.topazproject.ambra.util.ProfanityCheckingService;
@@ -183 +182 @@
 
       // update the user-id in the session if we just created an account for ourselves
-      Map<String, Object> session = getSessionMap();
       if (authId != null && authId.equals(session.get(UserAccountsInterceptor.AUTH_KEY)))
         session.put(UserAccountsInterceptor.USER_KEY, topazId);
@@ -903 +901 @@
 
   protected String fetchUserEmailAddress() throws ApplicationException {
-    String presetEmail = (String) getSessionMap().get(SINGLE_SIGNON_EMAIL_KEY);
+    String presetEmail = (String) session.get(SINGLE_SIGNON_EMAIL_KEY);
     if (presetEmail != null)
       return presetEmail;

head/ambra/webapp/src/main/java/org/topazproject/ambra/user/AmbraUser.java

@@ -23 +23 @@
 import org.apache.commons.logging.LogFactory;
 
-import org.apache.struts2.ServletActionContext;
-
-import static org.topazproject.ambra.Constants.AMBRA_USER_KEY;
-
 import org.topazproject.ambra.models.UserAccount;
 import org.topazproject.ambra.models.UserPreferences;
@@ -60 +56 @@
 
   /**
-   * Returns the current user. Valid only in a request context.
-   */
-  // TODO: inject AmbraUser through Spring.
-  // This creates dependency on ServletRequest everywhere it is used
-  public static AmbraUser getCurrentUser() {
-    if (ServletActionContext.getRequest() == null)
-      return null;
-    if (ServletActionContext.getRequest().getSession() == null)
-      return null;
-    return (AmbraUser) ServletActionContext.getRequest().getSession()
-                                                              .getAttribute(AMBRA_USER_KEY);
-  }
-
-  /**
    * Initializes a new Ambra user
    *
    * @param ua the user-account
+   * @param appId Application ID
+   * @param pep XACML Policy Enforcement Point 
    */
   public AmbraUser(UserAccount ua, String appId, UsersPEP pep) {
@@ -89 +73 @@
     UserPreferences p;
     try {
-      pep.checkAccess(pep.GET_PREFERENCES, ua.getId());
+      pep.checkAccess(UsersPEP.GET_PREFERENCES, ua.getId());
       p = ua.getPreferences(appId);
     } catch (SecurityException se) {
@@ -128 +112 @@
 
   private static void filterProfile(UserProfile prof, URI owner, UsersPEP pep) {
-    if (prof.getDisplayName() != null && !checkAccess(owner, pep.GET_DISP_NAME, pep))
+    if (prof.getDisplayName() != null && !checkAccess(owner, UsersPEP.GET_DISP_NAME, pep))
       prof.setDisplayName(null);
-    if (prof.getRealName() != null && !checkAccess(owner, pep.GET_REAL_NAME, pep))
+    if (prof.getRealName() != null && !checkAccess(owner, UsersPEP.GET_REAL_NAME, pep))
       prof.setRealName(null);
-    if (prof.getGivenNames() != null && !checkAccess(owner, pep.GET_GIVEN_NAMES, pep))
+    if (prof.getGivenNames() != null && !checkAccess(owner, UsersPEP.GET_GIVEN_NAMES, pep))
       prof.setGivenNames(null);
-    if (prof.getSurnames() != null && !checkAccess(owner, pep.GET_SURNAMES, pep))
+    if (prof.getSurnames() != null && !checkAccess(owner, UsersPEP.GET_SURNAMES, pep))
       prof.setSurnames(null);
-    if (prof.getTitle() != null && !checkAccess(owner, pep.GET_TITLE, pep))
+    if (prof.getTitle() != null && !checkAccess(owner, UsersPEP.GET_TITLE, pep))
       prof.setTitle(null);
-    if (prof.getGender() != null && !checkAccess(owner, pep.GET_GENDER, pep))
+    if (prof.getGender() != null && !checkAccess(owner, UsersPEP.GET_GENDER, pep))
       prof.setGender(null);
-    if (prof.getPositionType() != null && !checkAccess(owner, pep.GET_POSITION_TYPE, pep))
+    if (prof.getPositionType() != null && !checkAccess(owner, UsersPEP.GET_POSITION_TYPE, pep))
       prof.setPositionType(null);
-    if (prof.getOrganizationName() != null && !checkAccess(owner, pep.GET_ORGANIZATION_NAME, pep))
+    if (prof.getOrganizationName() != null && !checkAccess(owner, UsersPEP.GET_ORGANIZATION_NAME, pep))
       prof.setOrganizationName(null);
-    if (prof.getOrganizationType() != null && !checkAccess(owner, pep.GET_ORGANIZATION_TYPE, pep))
+    if (prof.getOrganizationType() != null && !checkAccess(owner, UsersPEP.GET_ORGANIZATION_TYPE, pep))
       prof.setOrganizationType(null);
-    if (prof.getPostalAddress() != null && !checkAccess(owner, pep.GET_POSTAL_ADDRESS, pep))
+    if (prof.getPostalAddress() != null && !checkAccess(owner, UsersPEP.GET_POSTAL_ADDRESS, pep))
       prof.setPostalAddress(null);
-    if (prof.getCity() != null && !checkAccess(owner, pep.GET_CITY, pep))
+    if (prof.getCity() != null && !checkAccess(owner, UsersPEP.GET_CITY, pep))
       prof.setCity(null);
-    if (prof.getCountry() != null && !checkAccess(owner, pep.GET_COUNTRY, pep))
+    if (prof.getCountry() != null && !checkAccess(owner, UsersPEP.GET_COUNTRY, pep))
       prof.setCountry(null);
-    if (prof.getEmail() != null && !checkAccess(owner, pep.GET_EMAIL, pep))
+    if (prof.getEmail() != null && !checkAccess(owner, UsersPEP.GET_EMAIL, pep))
       prof.setEmail(null);
-    if (prof.getHomePage() != null && !checkAccess(owner, pep.GET_HOME_PAGE, pep))
+    if (prof.getHomePage() != null && !checkAccess(owner, UsersPEP.GET_HOME_PAGE, pep))
       prof.setHomePage(null);
-    if (prof.getWeblog() != null && !checkAccess(owner, pep.GET_WEBLOG, pep))
+    if (prof.getWeblog() != null && !checkAccess(owner, UsersPEP.GET_WEBLOG, pep))
       prof.setWeblog(null);
-    if (prof.getBiography() != null && !checkAccess(owner, pep.GET_BIOGRAPHY, pep))
+    if (prof.getBiography() != null && !checkAccess(owner, UsersPEP.GET_BIOGRAPHY, pep))
       prof.setBiography(null);
-    if (prof.getInterests() != null && !checkAccess(owner, pep.GET_INTERESTS, pep))
+    if (prof.getInterests() != null && !checkAccess(owner, UsersPEP.GET_INTERESTS, pep))
       prof.setInterests(null);
-    if (prof.getPublications() != null && !checkAccess(owner, pep.GET_PUBLICATIONS, pep))
+    if (prof.getPublications() != null && !checkAccess(owner, UsersPEP.GET_PUBLICATIONS, pep))
       prof.setPublications(null);
-    if (prof.getBiographyText() != null && !checkAccess(owner, pep.GET_BIOGRAPHY_TEXT, pep))
+    if (prof.getBiographyText() != null && !checkAccess(owner, UsersPEP.GET_BIOGRAPHY_TEXT, pep))
       prof.setBiographyText(null);
-    if (prof.getInterestsText() != null && !checkAccess(owner, pep.GET_INTERESTS_TEXT, pep))
+    if (prof.getInterestsText() != null && !checkAccess(owner, UsersPEP.GET_INTERESTS_TEXT, pep))
       prof.setInterestsText(null);
-    if (prof.getResearchAreasText() != null && !checkAccess(owner, pep.GET_RESEARCH_AREAS_TEXT, pep))
+    if (prof.getResearchAreasText() != null && !checkAccess(owner, UsersPEP.GET_RESEARCH_AREAS_TEXT, pep))
       prof.setResearchAreasText(null);
   }

head/ambra/webapp/src/main/java/org/topazproject/ambra/web/UserContext.java

@@ -28 +28 @@
 /**
  * Provides a way to get a handle on the session objects when running in a web application
+ * TODO: remove this class and use SessionAware interface
  */
 public class UserContext {

head/ambra/webapp/src/test/java/org/topazproject/ambra/annotation/action/AnnotationActionsTest.java

@@ -35 +35 @@
 import org.topazproject.ambra.BaseAmbraTestCase;
 import org.topazproject.ambra.Constants;
+import org.topazproject.ambra.user.AmbraUser;
 import org.topazproject.ambra.annotation.Context;
 import org.topazproject.ambra.annotation.ContextFormatter;
@@ -726 +727 @@
 
     final Collection<String> annotationIdList = new ArrayList<String>();
+    AmbraUser ambraUser = new AmbraUser("123");
     annotationIdList.add(
-      service.createComment(subject, context1, null, title, "text/plain", "body", false));
+      service.createComment(subject, context1, null, title, "text/plain", "body", false, ambraUser));
     annotationIdList.add(
-      service.createComment(subject, context2, null, title, "text/plain", "body", false));
+      service.createComment(subject, context2, null, title, "text/plain", "body", false, ambraUser));
     annotationIdList.add(
-      service.createComment(subject, context3, null, title, "text/plain", "body", false));
+      service.createComment(subject, context3, null, title, "text/plain", "body", false, ambraUser));
 
     String annotatedContent = getFetchArticleService().getAnnotatedContent(subject);
@@ -763 +765 @@
     }
 
-    service.createComment(subject, context1, null, title, "text/plain", "body", false);
-    service.createComment(subject, context2, null, title, "text/plain", "body", false);
-    service.createComment(subject, context3, null, title, "text/plain", "body", false);
+    AmbraUser ambraUser = new AmbraUser("123");
+    service.createComment(subject, context1, null, title, "text/plain", "body", false, ambraUser);
+    service.createComment(subject, context2, null, title, "text/plain", "body", false, ambraUser);
+    service.createComment(subject, context3, null, title, "text/plain", "body", false, ambraUser);
 
     String content = getFetchArticleService().getAnnotatedContent(subject);

head/ambra/webapp/src/test/java/org/topazproject/ambra/user/action/UserActionsTest.java

@@ -26 +26 @@
 import org.topazproject.ambra.Constants;
 import org.topazproject.ambra.user.AmbraUser;
-import org.topazproject.ambra.user.UserProfileGrant;
-import org.topazproject.ambra.user.action.AdminUserProfileAction;
-import org.topazproject.ambra.user.action.AssignAdminRoleAction;
-import org.topazproject.ambra.user.action.DisplayUserAction;
-import org.topazproject.ambra.user.action.MemberUserProfileAction;
-import org.topazproject.ambra.user.action.SearchUserAction;
-import org.topazproject.ambra.user.action.UserProfileAction;
 
 import java.util.HashMap;
@@ -108 +101 @@
     createUserAction.setPostalAddress(POSTAL_ADDRESS);
 
-    final String[] privateFields = new String[]{
-            UserProfileGrant.POSTAL_ADDRESS.getFieldName(),
-            UserProfileGrant.COUNTRY.getFieldName(),
-            UserProfileGrant.CITY.getFieldName()};
-
     createUserAction.setExtendedVisibility(UserProfileAction.PRIVATE);
 
@@ -228 +216 @@
   protected AssignAdminRoleAction createMockAssignAdminRoleAction(final String authId, final String topazId) {
     final AssignAdminRoleAction adminRoleActionToClone = super.getAssignAdminRoleAction();
-    final AssignAdminRoleAction newAdminRoleAction = new AssignAdminRoleAction() {
-      protected Map<String, Object> getSessionMap() {
-        return createMockSessionMap(authId, topazId);
-      }
-    };
+    final AssignAdminRoleAction newAdminRoleAction = new AssignAdminRoleAction();
+    newAdminRoleAction.setSession(createMockSessionMap(authId, topazId));
 
     newAdminRoleAction.setUserService(adminRoleActionToClone.getUserService());
@@ -241 +226 @@
   protected UserProfileAction getMockCreateUserAction(final String authId) {
     final UserProfileAction createUserAction = super.getMemberUserProfileAction();
-    final UserProfileAction newCreateUserAction = new MemberUserProfileAction() {
-      protected Map<String, Object> getSessionMap() {
-        return createMockSessionMap(authId, null);
-      }
-    };
+    final UserProfileAction newCreateUserAction = new MemberUserProfileAction();
+    newCreateUserAction.setSession(createMockSessionMap(authId, null));
 
     newCreateUserAction.setUserService(createUserAction.getUserService());

head/ambra/webapp/src/test/java/org/topazproject/ambra/user/action/UserAlertsTest.java

@@ -27 +27 @@
 import org.topazproject.ambra.Constants;
 import org.topazproject.ambra.user.AmbraUser;
-import org.topazproject.ambra.user.action.MemberUserAlertsAction;
-import org.topazproject.ambra.user.action.MemberUserProfileAction;
-import org.topazproject.ambra.user.action.UserAlertsAction;
-import org.topazproject.ambra.user.action.UserProfileAction;
 
 import java.util.HashMap;
@@ -77 +73 @@
   protected UserAlertsAction getMockUserAlertsAction(final String authId, final String topazId) {
     final UserAlertsAction userAlertsAction = super.getMemberUserAlertsAction();
-    final UserAlertsAction newUserAlertsAction = new MemberUserAlertsAction() {
-      private final Map<String, Object> mockSessionMap = createMockSessionMap(authId, topazId);
-      protected Map<String, Object> getSessionMap() {
-        return mockSessionMap;
-      }
-    };
+    final UserAlertsAction newUserAlertsAction = new MemberUserAlertsAction();
+    newUserAlertsAction.setSession(createMockSessionMap(authId, topazId));
 
     newUserAlertsAction.setUserService(userAlertsAction.getUserService());
@@ -104 +96 @@
   protected UserProfileAction getMockCreateUserAction(final String authId) {
     final UserProfileAction createUserAction = super.getMemberUserProfileAction();
-    final UserProfileAction newCreateUserAction = new MemberUserProfileAction() {
-      private Map<String,Object> mockSessionMap = createMockSessionMap(authId, null);
-      protected Map<String, Object> getSessionMap() {
-        return mockSessionMap;
-      }
-    };
+    final UserProfileAction newCreateUserAction = new MemberUserProfileAction();
+    newCreateUserAction.setSession(createMockSessionMap(authId, null));
 
     newCreateUserAction.setUserService(createUserAction.getUserService());