after advice to j_security check

Hi

I have a login html page using j_security_check. My web.xml as follows

<security-constraint> <web-resource-collection> <web-resource-name>Members Area</web-resource-name> <url-pattern>/LoggedIn.action</url-pattern> <url-pattern>/LoggedInTwo.action</url-pattern> </web-resource-collection> <auth-constraint> <role-name>member</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/loginError.html</form-error-page> </form-login-config> </login-config>

As you can see LoggedIn.action and LoggedInTwo.action are secure actions. What I want is that after the user logs in a session variable is created containing the users name. Does anyone know if its possible to apply Spring AOP after advice to j_security_check? Or I could apply aop before advice to the secure action classes, however will the request parameter j_username be accessible in my before advice class???

You can customize all the parts of Spring Security. If you just create a UserDetails class and put the value in that, then you don't have to put it into the session, and in jsp pages and in code you have access to the value with the SpringSecurityContextUtil class and with the security tag lib.

This is exactly what we do here, we have the UserDetails object also hold our User object, and we can get access to the values in the User object. Heck if you use Groovy you can put an @Delegate on the User object and call the getters and setters directory from the UserDetails instance.

Mark

The following appears to get me the username which is all I want
servletRequest.getUserPrincipal().getName();
Very simple