How to get/set the principal and session attributes from Spring 4 stomp websocket methods

Question

I'm doing experiments with Spring 4 websockets and stomp, and I have a hard time figuring out how to get/set the current user and other session attributes in a message handling method annotated with @MessageMapping.

The documentation says that the message handling methods can take a Principal as argument, and I found that the principal is retrieved by Spring by calling getUserPrincipal() on the native socket session, and then associated with the socket session, but I haven't found any way to easily customize this behavior, other than writing a servlet filter and wrap the original request into a wrapper returning the principal found in my cookie.

So my questions are:

1. How to manually set the principal to the socket session, when the client connects (I have this information thanks to a custom cookie, and I don't use Spring security)?
2. If 1 is not possible, how to add additional attributes to the socket session when the client connects?
3. How to access the socket session and its attributes from a message handling method?
4. Is there a way to access the login and passcode sent by the browser at connection time. They seem to be completely ignore by Spring and not accessible.

Answer 1

This is impossible for the time being (Spring 4.0). An issue has been opened (and considered) at Spring: https://jira.springsource.org/browse/SPR-11228