在JSP中获得
使用spring security的标签库
在页面中引入标签
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
然后
<div> username : <sec:authentication property="name"/></div>
即可显示当前用户。
在程序中获得(方式一)
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication() .getPrincipal();
实际运用中发现获得的Authentication为null。仔细看了下源代码发现,如果想用上面的代码获得当前用户,必须在spring
security过滤器执行中执行,否则在过滤链执行完时org.springframework.security.web.context.SecurityContextPersistenceFilter类会
调用SecurityContextHolder.clearContext();而把SecurityContextHolder清空,所以会得到null。
在程序中获得(方式二)
经过spring security认证后,security会把一个SecurityContextImpl对象存储到session中,此对象中有当前用户的各种资料
package com.devjav.spring; import java.util.List;
import java.util.Locale; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod; /**
* Handles requests for the application home page.
*/
@Controller
public class HomeController { private static final Logger logger = LoggerFactory.getLogger(HomeController.class); /**
* Simply selects the home view to render by returning its name.
*/
@RequestMapping(value = "/home.do", method = RequestMethod.GET)
public String home(HttpServletRequest request, HttpServletResponse response, Locale locale) {
logger.info("Welcome User home! The client locale is {}.", locale); /*
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
*/
SecurityContextImpl securityContextImpl = (SecurityContextImpl) request.getSession()
.getAttribute("SPRING_SECURITY_CONTEXT");
// 登录名
System.out.println("Username:" + securityContextImpl.getAuthentication().getName());
// 登录密码,未加密的
System.out.println("Credentials:" + securityContextImpl.getAuthentication().getCredentials());
WebAuthenticationDetails details = (WebAuthenticationDetails) securityContextImpl.getAuthentication()
.getDetails();
// 获得访问地址
System.out.println("RemoteAddress" + details.getRemoteAddress());
// 获得sessionid
System.out.println("SessionId" + details.getSessionId());
// 获得当前用户所拥有的权限
List<GrantedAuthority> authorities = (List<GrantedAuthority>) securityContextImpl.getAuthentication()
.getAuthorities();
for (GrantedAuthority grantedAuthority : authorities) {
System.out.println("Authority" + grantedAuthority.getAuthority());
}
/*
* ???????????????????????????????????????????????????????????????????
*/ return "home";
} @RequestMapping(value = "/admin/home.do", method = RequestMethod.GET)
public String Adminhome(Locale locale) {
logger.info("Welcome to Admin home! The client locale is {}.", locale); return "adminhome";
} @RequestMapping(value = "/accessdenied.do", method = RequestMethod.GET)
public String accessDenied() {
logger.info("Access deniend.");
return "accessdenied";
}
}