Spring Security - 獲取當前登錄用戶的詳細信息
在Spring框架裏面,可以通過以下幾種方式獲取到當前登錄用戶的詳細信息:
1. 在Bean
中獲取用戶信息
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (!(authentication instanceof AnonymousAuthenticationToken)) {
String currentUserName = authentication.getName();
return currentUserName;
}
Spring Security
框架提供了多種AuthenticationToken
的派生類,根據自己的應用場景,可以對SecurityContextHolder
裏面的AuthenticationToken
進行類型轉換,如下:
UsernamePasswordAuthenticationToken authenticationToken = (UsernamePasswordAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
//details裏面可能存放了當前登錄用戶的詳細信息,也可以通過cast後拿到
User userDetails = (User) authenticationToken.getDetails();
PS. AuthenticationToken
的類型轉換同樣適用於下面提到的Principal
類。
2. 在Controller
中獲取用戶信息通過Principal
參數獲取:
import java.security.Principal;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class SecurityController {
@RequestMapping(value = "/username", method = RequestMethod.GET)
@ResponseBody
public String currentUserName(Principal principal) {
return principal.getName();
}
}
通過Authentication
參數獲取:
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class SecurityController {
@RequestMapping(value = "/username", method = RequestMethod.GET)
@ResponseBody
public String currentUserName(Authentication authentication) {
return authentication.getName();
}
}
通過HttpServletRequest
獲取
import java.security.Principal;
import javax.servlet.http.HttpServletRequest;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class SecurityController {
@RequestMapping(value = "/username", method = RequestMethod.GET)
@ResponseBody
public String currentUserNameSimple(HttpServletRequest request) {
Principal principal = request.getUserPrincipal();
return principal.getName();
}
}
3. 通過Interface
獲取用戶信息
通過Interface
獲取其實和第一種在Bean
中獲取用戶信息是一樣的,都是訪問SecurityContextHolder
獲取的,只是進行了封裝。
public interface IAuthenticationFacade {
Authentication getAuthentication();
}
@Component
public class AuthenticationFacade implements IAuthenticationFacade {
@Override
public Authentication getAuthentication() {
return SecurityContextHolder.getContext().getAuthentication();
}
}
下面是使用方法:
@Controller
public class SecurityController {
@Autowired
private IAuthenticationFacade authenticationFacade;
@RequestMapping(value = "/username", method = RequestMethod.GET)
@ResponseBody
public String currentUserNameSimple() {
Authentication authentication = authenticationFacade.getAuthentication();
return authentication.getName();
}
}
4. 在JSP
頁面中獲取用戶信息
要使用Spring Security的標籤特性,首先要在JSP頁面引入Security的tag:
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
通過以下方式可以獲取到當前登錄用戶:
<security:authorize access="isAuthenticated()">
authenticated as <security:authentication property="principal.username" />
</security:authorize>