this will help As far as I understand, map.addAttribute(org.brahmaa.ads.util.impl.UserInfo.getPrincipal(session)); extracts the user attribute from the session and puts it into model. @SessionAttriubtes instructs Spring to do the same automatically. Therefore they conflicts. You should use only one of these approaches, not both simultaneously.
For validating session attribute, which is better in spring - Interceptor or Spring AOP?