获取spring security用户相关信息

在JSP中获得

使用spring security的标签库

在页面中引入标签

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
然后
<div> username : <sec:authentication property="name"/></div>
即可显示当前用户。

在程序中获得（方式一）

UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication() .getPrincipal();

实际运用中发现获得的Authentication为null。仔细看了下源代码发现，如果想用上面的代码获得当前用户，必须在spring

security过滤器执行中执行，否则在过滤链执行完时org.springframework.security.web.context.SecurityContextPersistenceFilter类会

调用SecurityContextHolder.clearContext();而把SecurityContextHolder清空，所以会得到null。

在程序中获得（方式二）

经过spring security认证后，security会把一个SecurityContextImpl对象存储到session中，此对象中有当前用户的各种资料

package com.devjav.spring;

import java.util.List;

import java.util.Locale;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.context.SecurityContextImpl;

import org.springframework.security.web.authentication.WebAuthenticationDetails;

import org.springframework.stereotype.Controller;

import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.web.bind.annotation.RequestMethod;

/**

 * Handles requests for the application home page.

 */

@Controller

public class HomeController {

    private static final Logger logger = LoggerFactory.getLogger(HomeController.class);

    /**

     * Simply selects the home view to render by returning its name.

     */

    @RequestMapping(value = "/home.do", method = RequestMethod.GET)

    public String home(HttpServletRequest request, HttpServletResponse response, Locale locale) {

        logger.info("Welcome User home! The client locale is {}.", locale);

        /*

         * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

         */

        SecurityContextImpl securityContextImpl = (SecurityContextImpl) request.getSession()

                .getAttribute("SPRING_SECURITY_CONTEXT");

        // 登录名

        System.out.println("Username:" + securityContextImpl.getAuthentication().getName());

        // 登录密码，未加密的

        System.out.println("Credentials:" + securityContextImpl.getAuthentication().getCredentials());

        WebAuthenticationDetails details = (WebAuthenticationDetails) securityContextImpl.getAuthentication()

                .getDetails();

        // 获得访问地址

        System.out.println("RemoteAddress" + details.getRemoteAddress());

        // 获得sessionid

        System.out.println("SessionId" + details.getSessionId());

        // 获得当前用户所拥有的权限

        List<GrantedAuthority> authorities = (List<GrantedAuthority>) securityContextImpl.getAuthentication()

                .getAuthorities();

        for (GrantedAuthority grantedAuthority : authorities) {

            System.out.println("Authority" + grantedAuthority.getAuthority());

        }

        /*

         * ???????????????????????????????????????????????????????????????????

         */

        return "home";

    }

    @RequestMapping(value = "/admin/home.do", method = RequestMethod.GET)

    public String Adminhome(Locale locale) {

        logger.info("Welcome to Admin home! The client locale is {}.", locale);

        return "adminhome";

    }

    @RequestMapping(value = "/accessdenied.do", method = RequestMethod.GET)

    public String accessDenied() {

        logger.info("Access deniend.");

        return "accessdenied";

    }

}

秒客网

获取spring security用户相关信息

相关文章