I'm using Spring Web MVC and Spring Security to develop a web app. The users are authenticated against the DB using the following piece of code and so far it works well.
What I'd like to achieve is to be able to access the user domain object from the session so I can use it to perform business operations. For that purpose I guess I should perform the following operations:
<password-encoder hash="sha" />
authorities-by-username-query="select ..." />
- When a user authenticates, the app should retrieve the corresponding domain object from the DB and store it into the session.
- When an authenticated user sends a request, the corresponding domain object should be available from the session so it can be used to perform business operations.
- Of course when the user is not authenticated anymore the corresponding domain object shouldn't be available anymore in the session.
I've been searching the web for a while about this but so far I didn't have any luck.
Does someone have an idea about this? I'm sure this is a common requirement for many web applications.