The system passes around user identity information in a user object. This object is similar to a wallet and may contain more than one identity, just as a wallet can contain a driver’s license, credit card, and ATM card. Identities are accumulated over the course of a session as a user becomes identified with various security systems.
A management interface, atg.security.ThreadSecurityManager, ties a user object to a particular thread and temporarily assigns user objects to a thread. In this way, identity is associated with an execution context. Dynamo’s request handling pipeline automatically associates the session’s User object with the request thread, so calling the ThreadSecurityManager.currentUser() returns the user for the current session.
