Index: EDIS/trunk/java/tracking-server-core/src/main/java/gov/va/med/edp/web/controller/TrackingController.java
===================================================================
--- EDIS/trunk/java/tracking-server-core/src/main/java/gov/va/med/edp/web/controller/TrackingController.java	(revision 1235)
+++ EDIS/trunk/java/tracking-server-core/src/main/java/gov/va/med/edp/web/controller/TrackingController.java	(revision 1236)
@@ -1,10 +1,11 @@
 package gov.va.med.edp.web.controller;
 
-import gov.va.med.authentication.kernel.LoginUserInfoVO;
 import gov.va.med.edp.dao.ServerPackageVersionDao;
 import gov.va.med.edp.dao.TrackingDao;
+import gov.va.med.edp.springframework.security.userdetails.VistaUserDetails;
 import gov.va.med.edp.vo.BigBoardDebugInfoVO;
 import gov.va.med.edp.web.view.XmlView;
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
@@ -37,6 +38,6 @@
     protected ModelAndView handleRequestInternal(HttpServletRequest request, HttpServletResponse response) throws Exception {
         validateSwfID(request);
-        LoginUserInfoVO userInfo = getUserInfo(request);
-        String result = trackingDao.executeCommand(userInfo.getLoginStationNumber(), userInfo.getUserDuz(), buildParameterMap(request));
+        VistaUserDetails userInfo = getUserInfo(request);
+        String result = trackingDao.executeCommand(userInfo.getLoginStationNumber(), userInfo.getDuz(), buildParameterMap(request));
         if (isInitDisplayBoardCommand(request))
         result = appendSiteAndVistaLinkConnectionInfo(result, request);
@@ -62,6 +63,6 @@
     }    
     
-    protected LoginUserInfoVO getUserInfo(HttpServletRequest request) throws NoUserInfoInSessionException {
-        LoginUserInfoVO userInfo = (LoginUserInfoVO) request.getSession().getAttribute(LoginUserInfoVO.SESSION_KEY);
+    protected VistaUserDetails getUserInfo(HttpServletRequest request) throws NoUserInfoInSessionException {
+        VistaUserDetails userInfo = (VistaUserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
         if (userInfo == null) throw new NoUserInfoInSessionException();
         return userInfo;
Index: EDIS/trunk/java/tracking-server-core/src/main/java/gov/va/med/edp/web/servlet/listener/TimeOutIntegrationSessionAttributeListener.java
===================================================================
--- EDIS/trunk/java/tracking-server-core/src/main/java/gov/va/med/edp/web/servlet/listener/TimeOutIntegrationSessionAttributeListener.java	(revision 1235)
+++ EDIS/trunk/java/tracking-server-core/src/main/java/gov/va/med/edp/web/servlet/listener/TimeOutIntegrationSessionAttributeListener.java	(revision 1236)
@@ -1,10 +1,12 @@
 package gov.va.med.edp.web.servlet.listener;
 
-import gov.va.med.authentication.kernel.LoginUserInfoVO;
 import gov.va.med.edp.dao.SessionDao;
+import gov.va.med.edp.springframework.security.userdetails.VistaUserDetails;
 import gov.va.med.edp.vo.SessionVO;
 import gov.va.med.edp.web.controller.SessionConstants;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.springframework.security.context.HttpSessionContextIntegrationFilter;
+import org.springframework.security.context.SecurityContext;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
@@ -20,5 +22,5 @@
 
     public void attributeAdded(HttpSessionBindingEvent event) {
-        if (!event.getName().equals(LoginUserInfoVO.SESSION_KEY)) return;
+        if (!event.getName().equals(HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY)) return;
 
         setTimeOut(event);
@@ -26,9 +28,9 @@
 
     public void attributeRemoved(HttpSessionBindingEvent event) {
-        if (!event.getName().equals(LoginUserInfoVO.SESSION_KEY)) return;
+        if (!event.getName().equals(HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY)) return;
     }
 
     public void attributeReplaced(HttpSessionBindingEvent event) {
-        if (!event.getName().equals(LoginUserInfoVO.SESSION_KEY)) return;
+        if (!event.getName().equals(HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY)) return;
 
         setTimeOut(event);
@@ -36,5 +38,6 @@
 
     private void setTimeOut(HttpSessionBindingEvent event) {
-        LoginUserInfoVO userInfo = (LoginUserInfoVO) event.getValue();
+        SecurityContext securityContext = (SecurityContext) event.getValue();
+        VistaUserDetails userInfo = (VistaUserDetails) securityContext.getAuthentication().getPrincipal();
 
         try {
@@ -42,5 +45,5 @@
             SessionDao dao = (SessionDao) ac.getBean(SESSION_DAO_BEAN_NAME, SessionDao.class);
 
-            SessionVO sessionInfo = dao.getSessionInfo(userInfo.getLoginStationNumber(), userInfo.getUserDuz());
+            SessionVO sessionInfo = dao.getSessionInfo(userInfo.getLoginStationNumber(), userInfo.getDuz());
 
             String serverPackageVersion = sessionInfo.getServerPackageVersion();
@@ -50,5 +53,5 @@
             int timeOut = sessionInfo.getMaxInactiveInterval();
             event.getSession().setMaxInactiveInterval(timeOut);
-            if (log.isDebugEnabled()) log.debug("set timeout for user " + userInfo.getUserDuz() + " to " + timeOut + " seconds.");
+            if (log.isDebugEnabled()) log.debug("set timeout for user " + userInfo.getDuz() + " to " + timeOut + " seconds.");
         } catch (DataAccessException e) {
             log.error("unable to fetch session info", e);