I'm planning to create some Audit logging Aspects for my project (Spring/hibernate/acegi).

I have a filter that checks for the Acegi credential in the Session scope. If so I retrieve an instance of my own User class and store it in the Session for later use.

Now for implementing the Audit aspect I need these credential objects.

Is it possible to store the Acegi user credential (or my own User object) in the Spring Context and retrieve it from my Aspect or is there another way do to this?
Another option is to give the User object as a method parameter on each method in the Service layer, but this is against the beauty of AOP, no?

Any help much appreciated.

May be I didn't get it. But I don't see a compelling reason to store acegi credentials on the userinfo object. It's all in the session so the credentials can be used anytime by the AOP.

May be I didn't get it. But I don't see a compelling reason to store acegi credentials on the userinfo object. It's all in the session so the credentials can be used anytime by the AOP.

So it is possible to retrieve the Session credential? Can you tell me how to achieve this?

What's meant by a Session? You mean a HttpSession? That's not an ideal place to access your Authentication object, as it will not be available outside the web tier.

It's better to use ((SecureContext)ContextHolder.getContext()).getAut hentication() to obtain your Authentication for generating your audit records.

Thanks Ben. That was exactly what I was looking for !