Can I access the HTTP Session object from within the retrieveUser method of my class which extends org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider
If so, how? Here is the method signature for retrieveUser:
public UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication);
I'm trying to place some user information on the Session after the user logs in.....
How about using a session-scoped bean for whatever you need to store and an ApplicationListener that populates it? You can define the listener as (assuming you use Java configuration):
@Bean
public ApplicationListener<AbstractAuthenticationEvent> authenticationListener() {
return new MyAuthenticationListener();
}
Well, my solution was to add the data to the UserDetails object returned by the retrieveUser object. I could then use Spring Security to retrieve the data from anywhere in the application.