I have an Annotation-driven MultiActionController that handles all non-form URLs. I also have a session bean that stores the userID and name and permissions, etc. How can I examine the session bean before building the ModelMap for the Get request?

When I am inside a controller method, and I pass in the userID as a request parameter, I want to compare that to the userID I have in my session bean, for security. But I don't see how to get the session bean. I don't have access to the HttpServletRequest object here, do I? Here is my class:

Code:
(at symbol)Controller
public class CaseManagerController {

	private final Manager manager;

	(at symbol)Autowired
	public ManagerController(Manager manager) {
		this.manager = manager;
	}

	public ModelMap incidentHandler((at symbol)RequestParam("userId") int userId) {
		// Here is where I want to compare the submitted userId to 
		//    the one I have in my session bean
		return new ModelMap (this.manager.loadIncidents(userId));
	}

}