Spring Security - 獲取當前登入使用者的詳細資訊

肖老闆發表於2018-12-13

Spring Security - 獲取當前登入使用者的詳細資訊

在Spring框架裡面,可以通過以下幾種方式獲取到當前登入使用者的詳細資訊:

1. 在Bean中獲取使用者資訊

Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (!(authentication instanceof AnonymousAuthenticationToken)) {
    String currentUserName = authentication.getName();
    return currentUserName;
}

Spring Security框架提供了多種AuthenticationToken的派生類,根據自己的應用場景,可以對SecurityContextHolder裡面的AuthenticationToken進行型別轉換,如下:

UsernamePasswordAuthenticationToken authenticationToken = (UsernamePasswordAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
//details裡面可能存放了當前登入使用者的詳細資訊,也可以通過cast後拿到
User userDetails = (User) authenticationToken.getDetails();

PS. AuthenticationToken的型別轉換同樣適用於下面提到的Principal類。

2. 在Controller中獲取使用者資訊

  1. 通過Principal引數獲取:
import java.security.Principal;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
 
@Controller
public class SecurityController {
 
    @RequestMapping(value = "/username", method = RequestMethod.GET)
    @ResponseBody
    public String currentUserName(Principal principal) {
        return principal.getName();
    }
}
  1. 通過Authentication引數獲取:
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
 
@Controller
public class SecurityController {
 
    @RequestMapping(value = "/username", method = RequestMethod.GET)
    @ResponseBody
    public String currentUserName(Authentication authentication) {
        return authentication.getName();
    }
}
  1. 通過HttpServletRequest獲取
import java.security.Principal;
import javax.servlet.http.HttpServletRequest;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
 
@Controller
public class SecurityController {
 
    @RequestMapping(value = "/username", method = RequestMethod.GET)
    @ResponseBody
    public String currentUserNameSimple(HttpServletRequest request) {
        Principal principal = request.getUserPrincipal();
        return principal.getName();
    }
}

3. 通過Interface獲取使用者資訊

通過Interface獲取其實和第一種在Bean中獲取使用者資訊是一樣的,都是訪問SecurityContextHolder獲取的,只是進行了封裝。

public interface IAuthenticationFacade {
    Authentication getAuthentication();
}
@Component
public class AuthenticationFacade implements IAuthenticationFacade {
 
    @Override
    public Authentication getAuthentication() {
        return SecurityContextHolder.getContext().getAuthentication();
    }
}

下面是使用方法:

@Controller
public class SecurityController {
    @Autowired
    private IAuthenticationFacade authenticationFacade;
 
    @RequestMapping(value = "/username", method = RequestMethod.GET)
    @ResponseBody
    public String currentUserNameSimple() {
        Authentication authentication = authenticationFacade.getAuthentication();
        return authentication.getName();
    }
}

4. 在JSP頁面中獲取使用者資訊

要使用Spring Security的標籤特性,首先要在JSP頁面引入Securitytag

<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>

通過以下方式可以獲取到當前登入使用者:

<security:authorize access="isAuthenticated()">
    authenticated as <security:authentication property="principal.username" /> 
</security:authorize>

更多JSTL的語法可以參考:https://docs.spring.io/spring-security/site/docs/5.0.0.RELEASE/reference/pdf/spring-security-reference.pdf

注意這是Spring Security 5.0的版本,其他版本可以從https://docs.spring.io/spring-security/site/docs/這裡選擇。

參考連結: http://www.baeldung.com/get-user-in-spring-security

相關文章