Given a successful credential, OCS has an interceptor that captures the authenticated user through the java.security.Principal. This interface represents the user that Spring Security has allowed to pass through its authentication process. The following interceptor manages the /ocs/login.html such that it filters all the request parameters allowed to access the server container:

public class UserSessionData extends HandlerInterceptorAdapter { @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { Principal username = request.getUserPrincipal(); HttpSession currentSession = request.getSession(); currentSession.setAttribute("cartUser", ...