I have created a User class which is basically a DDRecord representing the user's organisation record.
The user's id is an integer passed around in the session (read cookie).
Use the two in a handler like this:
// Find user String userid = ""; Object useridObj = context.getSession().getValue("userid"); if (useridObj != null) userid = useridObj.toString(); else throw new HandlerException("User Id missing.");
You will want to handle missing id's yourself - send them to PFETrack/login.html.
If this handler is passed a username and password field, it will see if it can log the user on. If so, it sets the userid in the session.
What would be nice would be a way for each handler to just call something like:
Login.ensureLogin();
and have the user be logged on. The best way to do this is to subclass WMServlet and have all the login logic outside of our handlers. This isn't done.