Hi,

I would like to secure my Spring WebFlow application with a given hash and username:
I have a root flow which gets passed a hash and username and should verify the input against a webservice in the background. If the webservice delivers true, then the security bean shall keep the started session valid and don't ask for a username/password if the flow comes to a secured context.
I know how to pass those parameters to the bean. But how does the bean "knows" that the user is already validated when he/she wants to acccess the restricted content? Do I have to store the current user in the session? I don't how to do that!

Help is higly appreciated!