Spring Security: put additional attributes(properties) in the session on success Authentication

Question

Just simple question: what is the best way to add attributes(properties) to the HttpSession on success authentication? The userID for example.

For now i'm using my own SimpleUrlAuthenticationSuccessHandler implementation in UsernamePasswordAuthenticationFilter and doing it like this:

public void onAuthenticationSuccess(HttpServletRequest request,
            HttpServletResponse response, Authentication auth)
            throws IOException, ServletException {
        PersonBean person = (PersonBean) auth.getPrincipal();
        request.getSession().setAttribute("currentUserId", person .getId().toString());
        super.onAuthenticationSuccess(request, response, auth);

But I dont think this is good approach as there is another ways to do authentication(RememberMe for example).

So what do I need to use here?

Answer 1

The answer was given on spring forum. Link.

Generally, need to implement an ApplicationListener which listens for succes events and put additional attributes in the session there.

But in my case its not required to store attributes in the session. I can retrieve userID like here:

var userId = ${pageContext.request.userPrincipal.principal.id}