獲取spring security用戶相關信息


 

在JSP中獲得

 

使用spring security的標簽庫

 

在頁面中引入標簽

 

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
然后
<div> username : <sec:authentication property="name"/></div>
即可顯示當前用戶。

 

 

 

 

 

在程序中獲得(方式一)

 

UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication() .getPrincipal();

 

實際運用中發現獲得的Authentication為null。仔細看了下源代碼發現,如果想用上面的代碼獲得當前用戶,必須在spring

 

security過濾器執行中執行,否則在過濾鏈執行完時org.springframework.security.web.context.SecurityContextPersistenceFilter類會

 

調用SecurityContextHolder.clearContext();而把SecurityContextHolder清空,所以會得到null。

 

 

 

在程序中獲得(方式二)

 

經過spring security認證后,security會把一個SecurityContextImpl對象存儲到session中,此對象中有當前用戶的各種資料

 

 

package com.devjav.spring;

import java.util.List;
import java.util.Locale;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

/**
 * Handles requests for the application home page.
 */
@Controller
public class HomeController {

    private static final Logger logger = LoggerFactory.getLogger(HomeController.class);

    /**
     * Simply selects the home view to render by returning its name.
     */
    @RequestMapping(value = "/home.do", method = RequestMethod.GET)
    public String home(HttpServletRequest request, HttpServletResponse response, Locale locale) {
        logger.info("Welcome User home! The client locale is {}.", locale);

        /*
         * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
         */
        SecurityContextImpl securityContextImpl = (SecurityContextImpl) request.getSession()
                .getAttribute("SPRING_SECURITY_CONTEXT");
        // 登錄名
        System.out.println("Username:" + securityContextImpl.getAuthentication().getName());
        // 登錄密碼,未加密的
        System.out.println("Credentials:" + securityContextImpl.getAuthentication().getCredentials());
        WebAuthenticationDetails details = (WebAuthenticationDetails) securityContextImpl.getAuthentication()
                .getDetails();
        // 獲得訪問地址
        System.out.println("RemoteAddress" + details.getRemoteAddress());
        // 獲得sessionid
        System.out.println("SessionId" + details.getSessionId());
        // 獲得當前用戶所擁有的權限
        List<GrantedAuthority> authorities = (List<GrantedAuthority>) securityContextImpl.getAuthentication()
                .getAuthorities();
        for (GrantedAuthority grantedAuthority : authorities) {
            System.out.println("Authority" + grantedAuthority.getAuthority());
        }
        /*
         * ???????????????????????????????????????????????????????????????????
         */

        return "home";
    }

    @RequestMapping(value = "/admin/home.do", method = RequestMethod.GET)
    public String Adminhome(Locale locale) {
        logger.info("Welcome to Admin home! The client locale is {}.", locale);

        return "adminhome";
    }

    @RequestMapping(value = "/accessdenied.do", method = RequestMethod.GET)
    public String accessDenied() {
        logger.info("Access deniend.");
        return "accessdenied";
    }
}

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM