How can I check Spring Security for user authentication and get roles from Flex?

I'm using Spring, Spring Security, BlazeDS, Flex and spring-flex.

I know that I can call channelSet.login() and channelSet.logout() to hook into Spring Security for authentication. channelSet.authenticated apparently only knows about the current Flex session, as it always starts off as false, until you call channelSet.login().

What I want to do:

1. Check from Flex to know if a user is already in a session.
2. If so, I want their username and roles.

UPDATE
I just thought I'd add details of the solution I used from brd6644's answer below, so that this might be easier for someone else who looks this up. I used this StackOverflow answer to make the SecurityContext injectable. I won't be rewriting the code from that answer in this one, so go look at it for the SecurityContextFacade.

securityServiceImpl.java

public class SecurityServiceImpl implements SecurityService {
    private SecurityContextFacade securityContextFacade;

    @Secured({"ROLE_PEON"})
    public Map<String, Object> getUserDetails() {
        Map<String,Object> userSessionDetails = new HashMap<String, Object>();

        SecurityContext context = securityContextFacade.getContext();
        Authentication auth = context.getAuthentication();
        UserDetails userDetails = (UserDetails) auth.getPrincipal();

        ArrayList roles = new ArrayList();
        GrantedAuthority[] grantedRoles = userDetails.getAuthorities();
        for (int i = 0; i < grantedRoles.length; i++) {
            roles.add(grantedRoles[i].getAuthority());
        }

        userSessionDetails.put("username", userDetails.getUsername());
        userSessionDetails.put("roles", roles);
        return userSessionDetails;
    }
}

securityContext.xml

<security:http auto-config="true">
    <!-- Don't authenticate Flex app -->
    <security:intercept-url pattern="/flexAppDir/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <!-- Don't authenticate remote calls -->
    <security:intercept-url pattern="/messagebroker/amfsecure" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</security:http>

<security:global-method-security secured-annotations="enabled" />

<bean id="securityService" class="ext.domain.project.service.SecurityServiceImpl">
    <property name="securityContextFacade" ref="securityContextFacade" />
</bean>
<bean id="securityContextFacade" class="ext.domain.spring.security.SecurityContextHolderFacade" />

flexContext.xml

<flex:message-broker>
    <flex:secured />
</flex:message-broker>

<flex:remoting-destination ref="securityService" />
<security:http auto-config="true" session-fixation-protection="none"/>

FlexSecurityTest.mxml

<mx:Application ... creationComplete="init()">

    <mx:Script><![CDATA[
        [Bindable]
        private var userDetails:UserDetails; // custom VO to hold user details

        private function init():void {
            security.getUserDetails();
        }

        private function showFault(e:FaultEvent):void {
            if (e.fault.faultCode == "Client.Authorization") {
                Alert.show("You need to log in.");
                // show the login form
            } else {
                // submit a ticket
            }
        }
        private function showResult(e:ResultEvent):void {
            userDetails = new UserDetails();
            userDetails.username = e.result.username;
            userDetails.roles = e.result.roles;
            // show user the application
        }
    ]]></mx:Script>

    <mx:RemoteObject id="security" destination="securityService">
        <mx:method name="getUserDetails" fault="showFault(event)" result="showResult(event)" />
    </mx:RemoteObject>

    ...
</mx:Application>

The people commenting on his blog posts seem to be having the same problems that I was; mainly that logging in and out was easy from Flex, but noticing an existing session wasn't. brd6644's solution worked perfectly for this.

Nice idea, will def try this.

This was MUCH better than what I had going on. It worked very well and saved a lot of code.