原文格式清晰,转载自:https://blog.csdn.net/cloume/article/details/84983006#commentBox
Spring Security - 获取当前登录用户的详细信息
在Spring框架里面,可以通过以下几种方式获取到当前登录用户的详细信息:
1. 在Bean中获取用户信息
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (!(authentication instanceof AnonymousAuthenticationToken)) {
String currentUserName = authentication.getName();
return currentUserName;
}
- 1
- 2
- 3
- 4
- 5
Spring Security框架提供了多种AuthenticationToken的派生类,根据自己的应用场景,可以对SecurityContextHolder里面的AuthenticationToken进行类型转换,如下:
UsernamePasswordAuthenticationToken authenticationToken = (UsernamePasswordAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
//details里面可能存放了当前登录用户的详细信息,也可以通过cast后拿到
User userDetails = (User) authenticationToken.getDetails();
- 1
- 2
- 3
PS. AuthenticationToken的类型转换同样适用于下面提到的Principal类。
2. 在Controller中获取用户信息
- 通过
Principal参数获取:
import java.security.Principal;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class SecurityController {
<span class="token annotation punctuation">@RequestMapping</span><span class="token punctuation">(</span>value <span class="token operator">=</span> <span class="token string">"/username"</span><span class="token punctuation">,</span> method <span class="token operator">=</span> RequestMethod<span class="token punctuation">.</span>GET<span class="token punctuation">)</span>
<span class="token annotation punctuation">@ResponseBody</span>
<span class="token keyword">public</span> String <span class="token function">currentUserName</span><span class="token punctuation">(</span>Principal principal<span class="token punctuation">)</span> <span class="token punctuation">{</span>
<span class="token keyword">return</span> principal<span class="token punctuation">.</span><span class="token function">getName</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 通过
Authentication参数获取:
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class SecurityController {
<span class="token annotation punctuation">@RequestMapping</span><span class="token punctuation">(</span>value <span class="token operator">=</span> <span class="token string">"/username"</span><span class="token punctuation">,</span> method <span class="token operator">=</span> RequestMethod<span class="token punctuation">.</span>GET<span class="token punctuation">)</span>
<span class="token annotation punctuation">@ResponseBody</span>
<span class="token keyword">public</span> String <span class="token function">currentUserName</span><span class="token punctuation">(</span>Authentication authentication<span class="token punctuation">)</span> <span class="token punctuation">{</span>
<span class="token keyword">return</span> authentication<span class="token punctuation">.</span><span class="token function">getName</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 通过
HttpServletRequest获取
import java.security.Principal;
import javax.servlet.http.HttpServletRequest;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class SecurityController {
<span class="token annotation punctuation">@RequestMapping</span><span class="token punctuation">(</span>value <span class="token operator">=</span> <span class="token string">"/username"</span><span class="token punctuation">,</span> method <span class="token operator">=</span> RequestMethod<span class="token punctuation">.</span>GET<span class="token punctuation">)</span>
<span class="token annotation punctuation">@ResponseBody</span>
<span class="token keyword">public</span> String <span class="token function">currentUserNameSimple</span><span class="token punctuation">(</span>HttpServletRequest request<span class="token punctuation">)</span> <span class="token punctuation">{</span>
Principal principal <span class="token operator">=</span> request<span class="token punctuation">.</span><span class="token function">getUserPrincipal</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">return</span> principal<span class="token punctuation">.</span><span class="token function">getName</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
3. 通过Interface获取用户信息
通过Interface获取其实和第一种在Bean中获取用户信息是一样的,都是访问SecurityContextHolder获取的,只是进行了封装。
public interface IAuthenticationFacade { Authentication getAuthentication(); } @Component public class AuthenticationFacade implements IAuthenticationFacade {<span class="token annotation punctuation">@Override</span> <span class="token keyword">public</span> Authentication <span class="token function">getAuthentication</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">return</span> SecurityContextHolder<span class="token punctuation">.</span><span class="token function">getContext</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">getAuthentication</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token punctuation">}</span>
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
下面是使用方法:
@Controller public class SecurityController { @Autowired private IAuthenticationFacade authenticationFacade;<span class="token annotation punctuation">@RequestMapping</span><span class="token punctuation">(</span>value <span class="token operator">=</span> <span class="token string">"/username"</span><span class="token punctuation">,</span> method <span class="token operator">=</span> RequestMethod<span class="token punctuation">.</span>GET<span class="token punctuation">)</span> <span class="token annotation punctuation">@ResponseBody</span> <span class="token keyword">public</span> String <span class="token function">currentUserNameSimple</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> Authentication authentication <span class="token operator">=</span> authenticationFacade<span class="token punctuation">.</span><span class="token function">getAuthentication</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">return</span> authentication<span class="token punctuation">.</span><span class="token function">getName</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token punctuation">}</span>
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
4. 在JSP页面中获取用户信息
要使用Spring Security的标签特性,首先要在JSP页面引入Security的tag:
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
- 1
通过以下方式可以获取到当前登录用户:
<security:authorize access="isAuthenticated()">
authenticated as <security:authentication property="principal.username" />
</security:authorize>
- 1
- 2
- 3
更多JSTL的语法可以参考:https://docs.spring.io/spring-security/site/docs/5.0.0.RELEASE/reference/pdf/spring-security-reference.pdf
注意这是Spring Security 5.0的版本,其他版本可以从https://docs.spring.io/spring-security/site/docs/这里选择。
参考链接: http://www.baeldung.com/get-user-in-spring-security
转载自:https://blog.csdn.net/cloume/article/details/84983006#commentBox

本文介绍了在SpringSecurity框架中获取当前登录用户详细信息的多种方法,包括在Bean、Controller中获取,通过Interface及JSP页面获取用户信息。

被折叠的 条评论
为什么被折叠?



