How to store custom information in SecurityContext of spring-security?

Question

In my application I\'m using LDAP authentication. But i\'m also have 2 remote services which requires authentication via method login(username, password). The method returns sec

Answer 1

I often use the Authentication.getDetails() object to store additional info that may not be directly linked to the user per say. So you can store any object you want in that field (a HashMap for instance) and it shares the Authentication object life cycle.

HashMap<String, Object> info = new HashMap<String, Object>();
info.put("extraInfo", "info");
auth.setDetails(info);
...
Map<String, Object> i = (Map<String, Object>)SecurityContextHolder.getContext().getAuthentication.getDetails();

Answer 2

Your implementation of 'UserDetails' may hold any additional data. This is what gets stored in the SecurityContext which is later accessible after successful login.

You can later access it as (Assumes MyUserDetails implements UserDetails)

Object principal = SecurityContextHolder.getContext().getAuthentication();
if (principal instanceof MyUserDetails) {
  MyUserDetails mud = (MyUserDetails) principal;
  mud.getMyData(); //Extract your additional data here
}