java - spring security pre authenticated user login -

i need login user manually application secured spring security. scenario

1. user logs application 1.
2. a link spring application available.
3. when user clicks link, application 1 post encrypted data unsecured url in spring app.
4. now controller receive encrypted data , call web service in application 1, encrypted data passed in web service , response user name.
5. once user name. not want re authenticate. want set user principal / authentication object , load dashboard.

step 1 4 working.

in unsecured controller (where encrypted data ) have following lines , again invoking authentication manager, , not want authenticate again in scenario. want session created , user principal set.

string username = application1.webservice(encoded data);     authentication authentication = new usernamepasswordauthenticationtoken(username,password);      securitycontextholder.getcontext().setauthentication(authentication);      return "redirect:/app"; 

note : have form based ldap authentication working (this used if user directly logs app) using spring security 3.2 / java config

the securitycontextpersistencefilter responsible setting securitycontext in securitycontextholder @ beginning of web request. , changes securitycontext during request processing copied httpsession when web request ends.

so when you're updating authentication in securitycontext, filter update httpsession @ end of authentication request.

can confirm jsessionid being sent on authentication response same being passed on subsequent requests?