Best practice for accessing authenticated user / roles

Our Vaadin application is sitting behind container/form based authentication.
At several places in the UI we’d like to know the current user or his roles, i.e. HttpServletRequest.getRemoteUser() and .isUserInRole(…)
What is the recommended way to do this?
One way I found is like this: 1) store user in session attribute

public class MyUI extends UI {
protected void init(VaadinRequest r) {
getSession().setAttribute(“name”, r.getRemoteUser());

and 2) where needed, load user from stored attribute:

String userName = VaadinSession.getCurrent().getAttribute(“name”);

But this looks a bit clumsy for something that sounds like a basic requirement? Is the user/principal available via another way in Vaadin?

There are many different ways you can handle authentication in a Vaadin app, and Vaadin doesn’t force you to do it in one way or another. Hence, there isn’t in Vaadin 7 any general place where you should store the principal object. Using VaadinSession is probably your best option, you may want to consider adding a layer of abstraction, so that you would have a UserService.getUser() which basically gets the name attribute from the session.

Another alternative might be to use a ServletRequestListener and stores the principal into a ThreadLocal at the beginning of the request and then clean it up at the end of the request, I haven’t tried this approach myself but I guess it should work as long as you are not using push with websockets.