How can I check Spring Security for user authentication and get roles from Flex?

I use Spring, Spring Security, BlazeDS, Flex and spring-flex.

I know that I can call channelSet.login() and channelSet.logout() to connect to Spring Security for authentication. channelSet.authenticated seems to only know about the current Flex session, since it always starts as false until you call channelSet.login() .

What I want to do:

• Give up Flex to see if the user is in a session.
• If so, I want their username and role.

UPDATE
I just thought that I would add the details of the solution I used from brd6644 below so that it might be easier for someone who is watching this. I used this StackOverflow answer to make SecurityContext injectable. I will not rewrite the code from this answer in this, so look at it for SecurityContextFacade .

securityServiceImpl.java

 public class SecurityServiceImpl implements SecurityService { private SecurityContextFacade securityContextFacade; @Secured({"ROLE_PEON"}) public Map<String, Object> getUserDetails() { Map<String,Object> userSessionDetails = new HashMap<String, Object>(); SecurityContext context = securityContextFacade.getContext(); Authentication auth = context.getAuthentication(); UserDetails userDetails = (UserDetails) auth.getPrincipal(); ArrayList roles = new ArrayList(); GrantedAuthority[] grantedRoles = userDetails.getAuthorities(); for (int i = 0; i < grantedRoles.length; i++) { roles.add(grantedRoles[i].getAuthority()); } userSessionDetails.put("username", userDetails.getUsername()); userSessionDetails.put("roles", roles); return userSessionDetails; } } 

securityContext.xml

 <security:http auto-config="true"> <!-- Don't authenticate Flex app --> <security:intercept-url pattern="/flexAppDir/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <!-- Don't authenticate remote calls --> <security:intercept-url pattern="/messagebroker/amfsecure" access="IS_AUTHENTICATED_ANONYMOUSLY" /> </security:http> <security:global-method-security secured-annotations="enabled" /> <bean id="securityService" class="ext.domain.project.service.SecurityServiceImpl"> <property name="securityContextFacade" ref="securityContextFacade" /> </bean> <bean id="securityContextFacade" class="ext.domain.spring.security.SecurityContextHolderFacade" /> 

flexContext.xml

 <flex:message-broker> <flex:secured /> </flex:message-broker> <flex:remoting-destination ref="securityService" /> <security:http auto-config="true" session-fixation-protection="none"/> 

FlexSecurityTest.mxml

 <mx:Application ... creationComplete="init()"> <mx:Script><![CDATA[ [Bindable] private var userDetails:UserDetails; // custom VO to hold user details private function init():void { security.getUserDetails(); } private function showFault(e:FaultEvent):void { if (e.fault.faultCode == "Client.Authorization") { Alert.show("You need to log in."); // show the login form } else { // submit a ticket } } private function showResult(e:ResultEvent):void { userDetails = new UserDetails(); userDetails.username = e.result.username; userDetails.roles = e.result.roles; // show user the application } ]]></mx:Script> <mx:RemoteObject id="security" destination="securityService"> <mx:method name="getUserDetails" fault="showFault(event)" result="showResult(event)" /> </mx:RemoteObject> ... </mx:Application>