Spring Remember-Me not providing correct user details

Question

I used Spring Security 3.0.5's feature "Remember-Me" and in my jsp pages I tried to access the user's details.

public class UserDetailsImpl implements UserDetails, Serializable

with a few extra attributes (picture url, full name etc.). Now if I access those attributes using

<sec:authentication property="details.pic"/>

after a normal log-in (where the remember me feature doesn't kick in) it all works fine.
However when I close the browser and re-open my secured page, the remember-me feature returns another object instead of the details object.

How can I fix this ? Or should I treat the two different cases ?

Thank you.

Later Edit: I ended up having this in my jsp:

<sec:authorize access="isRememberMe()">
    <c:set var="user" value="${pageContext.request.userPrincipal.principal}" />
</sec:authorize>
<sec:authorize access="isFullyAuthenticated()">
    <c:set var="user" value="${pageContext.request.userPrincipal.details}" />
</sec:authorize>

It does the job but I don't really like the approach..

Answer 1

<sec:authorize access="isRememberMe()">
    <c:set var="user" value="${pageContext.request.userPrincipal.principal}" />
</sec:authorize>
<sec:authorize access="isFullyAuthenticated()">
    <c:set var="user" value="${pageContext.request.userPrincipal.details}" />
</sec:authorize>

Answer 2

Verify that your UserDetailsService.loadByUsername() is getting called. If it isn't then set a breakpoint in processAutoLoginCookie() (in either PersistentTokenBasedRememberMeServices or TokenBasedRememberMeServices depending on which one you are using) and step through it to see what is happening.