This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.
Just create a pojo com.mycompany.User with name, password, role etc.. Then register this class as a bean in the application context (define in xml, use @Component + component-scan, use javaconfig...whichever you want) but define the scope of this bean to be session.
Inject this session bean in the bean that performs login (so that you can update it with the values of the user that logged in) and also inject it in all the beans that need to use this User bean (to get name, role, auth etc.). You can inject using xml, @Inject, @Autowired or whatever, the important thing is that you use scope proxies for injection of session-scoped bean in singleton beans that use it. For example if you inject with xml you should use the <aop:scoped-proxy/> tag, if you use annotation config you should declare that you want to use proxies for all non singleton-beans injection in <context:annotation-config> tag etc. Read the reference documentation it's all explained in detail.