Hi,I am in need of some clarification about exo kernel.

The way I understand services in exo kernel is that you can inject them either into portal container or root container. I wrote a service which is basically acts on a java object ( POJO) and provides RESTful opertaions on that java object (PUT, GET etc.). I have concerns about how to secure that but that is another topic...We have a business case where user creates a site and when that user logs onto that site has the ability thru portlets to invoke the rest services. The question I have in what scope is the service I wrote? Is it available to session only?  What we want to do is to have that Java object only in the session scope. In other words the Java object (foo) will be in session when user logs onto the site, user invokes the RESTful operations on object foo and when the user logs out oject foo will be gone from the session. If another user logs onto the same site there will be a different Java object foo for that session so there will no sharing of data. Can services be written to be bound to a session? Or is it available to all session? Let me know if there are other design/progamming  alternatives....Let me know as soon as you can.. (have cross posted on exoplatform forum)

Thanks,  Gordon