There’s a number of ways to do this but the official way to do it is using a custom AuthenticationDetails
and AuthenticationDetailsSource
, subclassing Spring’s WebAuthenticationDetails
and WebAuthenticationDetailsSource
, respectively. Add the extra field to the custom WebAuthenticationDetails
and have the custom WebAuthenticationDetailsSource
get the data from the request to populate the field.
In Spring Security 3.1 it’s easy to configure by using the authentication-details-source-ref
attribute of the <form-login>
element.
In 3.0 you have to use a BeanPostProcessor
. There is an example in the Spring Security FAQ on using a BeanPostProcessor to configure a custom WebAuthenticationDetailsSource.
Once this is done then you can call SecurityContextHolder.getContext().getAuthentication().getDetails() to get access to your extra field.