Create a filter which checks if the user is logged in while no associated User
object from the database is present in the session. Then, just load that data and put in session.
Basically,
@WebFilter("/*")
public class UserFilter implements Filter {
@EJB
private UserService service;
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
String remoteUser = request.getRemoteUser();
if (remoteUser != null) {
HttpSession session = request.getSession();
if (session.getAttribute("user") == null) {
User user = service.find(remoteUser);
session.setAttribute("user", user);
}
}
chain.doFilter(req, res);
}
// ...
}