Accessing my custom user object in jsp page, using spring 3 security

Question

I have implemented UserDetailsService, it returns an instance of MyUser (which implements UserDetails)

public MyUser l         


        

Answer 1

After analyzing the HTTPSesson, immediately after the successful log in, I found out that there is an attribute named SPRING_SECURITY_CONTEXT. For example, mine custom UserDetails has object named user, which has property firstName. In JSP, value of this property can be reached with the following:

${sessionScope.SPRING_SECURITY_CONTEXT.authentication.principal.user.firstName}

Answer 2

its easy in the jsp page I added this :

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
...
<sec:authentication property="principal.firstname" /> 

Where principal is actually an instance of MyUser, so "firstname" can be any of my custom getters and setters

Answer 3

If your MyUser object implements Principal and you place it in the http session on successful login, you could get it from the session and cast it.

---

You could implement the AuthenticationSuccessHandler inject your UserDetailsService in there and place it in the session.

Then you could inject your AuthenticationSuccessHandler into the UsernamePasswordauthenticationFilter which handles the <form-login> element.

If you give me details about your security context config I could give you more details.