getting the id of a user who is logged in?

[jpwillms]

I was just wondering what the best way to go about doing this is?
solutions as I see it

1) once a user logs in, get the matching id (from a user table for example) and store it in the users session

2) everytime a page loads, have a controller grab the current user's username from the UsernamePasswordAuthenticationToken in the Authentication object, and then retrieve the ID everytime needed (seems a little wasteful)

comments? thoughts? help?

Thank you.

..jay @ Pixelknowledge.com

[Ben Alex]

Your AuthenticationDao can return any UserDetails it likes, so if a domain-specific user object is needed, people generally return that and simply implement UserDetails. This subsequently becomes available via the ContextHolder, avoiding the need for relying classes to look it up again.

If your concern is about performance of each web request causing the "re-authentication" via DaoAuthenticationProvider, this is addressed by the UserCache interface. The AuthenticationDao is only queried when the UserCache returns null. The basic UserCache implementation, EhCacheBasedUserCache, is suitable for most applications (it even supports eviction, so your services layer that accepts modifications to your user can fire a userCache.removeUserFromCache(UserDetails) and ensure the next web request contains the current details).