Just simple question: what is the best way to add attributes(properties) to the HttpSession on success authentication? The userID for example.

For now i'm using my own SimpleUrlAuthenticationSuccessHandler implementation in UsernamePasswordAuthenticationFilter and doing it like this:

Code:
public void onAuthenticationSuccess(HttpServletRequest request,
    			HttpServletResponse response, Authentication auth)
    			throws IOException, ServletException {
    		PersonBean person = (PersonBean) auth.getPrincipal();
    		request.getSession().setAttribute("currentUserId", person .getId().toString());
            super.onAuthenticationSuccess(request, response, auth);
But I dont think this is good approach as there is another ways to do authentication(RememberMe for example).

So what do I need to use here?