在JSP中獲得
使用spring security的標簽庫
在頁面中引入標簽
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
然后
<div> username : <sec:authentication property="name"/></div>
即可顯示當前用戶。
在程序中獲得(方式一)
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication() .getPrincipal();
實際運用中發現獲得的Authentication為null。仔細看了下源代碼發現,如果想用上面的代碼獲得當前用戶,必須在spring
security過濾器執行中執行,否則在過濾鏈執行完時org.springframework.security.web.context.SecurityContextPersistenceFilter類會
調用SecurityContextHolder.clearContext();而把SecurityContextHolder清空,所以會得到null。
在程序中獲得(方式二)
經過spring security認證后,security會把一個SecurityContextImpl對象存儲到session中,此對象中有當前用戶的各種資料
package com.devjav.spring; import java.util.List; import java.util.Locale; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContextImpl; import org.springframework.security.web.authentication.WebAuthenticationDetails; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; /** * Handles requests for the application home page. */ @Controller public class HomeController { private static final Logger logger = LoggerFactory.getLogger(HomeController.class); /** * Simply selects the home view to render by returning its name. */ @RequestMapping(value = "/home.do", method = RequestMethod.GET) public String home(HttpServletRequest request, HttpServletResponse response, Locale locale) { logger.info("Welcome User home! The client locale is {}.", locale); /* * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ SecurityContextImpl securityContextImpl = (SecurityContextImpl) request.getSession() .getAttribute("SPRING_SECURITY_CONTEXT"); // 登錄名 System.out.println("Username:" + securityContextImpl.getAuthentication().getName()); // 登錄密碼,未加密的 System.out.println("Credentials:" + securityContextImpl.getAuthentication().getCredentials()); WebAuthenticationDetails details = (WebAuthenticationDetails) securityContextImpl.getAuthentication() .getDetails(); // 獲得訪問地址 System.out.println("RemoteAddress" + details.getRemoteAddress()); // 獲得sessionid System.out.println("SessionId" + details.getSessionId()); // 獲得當前用戶所擁有的權限 List<GrantedAuthority> authorities = (List<GrantedAuthority>) securityContextImpl.getAuthentication() .getAuthorities(); for (GrantedAuthority grantedAuthority : authorities) { System.out.println("Authority" + grantedAuthority.getAuthority()); } /* * ??????????????????????????????????????????????????????????????????? */ return "home"; } @RequestMapping(value = "/admin/home.do", method = RequestMethod.GET) public String Adminhome(Locale locale) { logger.info("Welcome to Admin home! The client locale is {}.", locale); return "adminhome"; } @RequestMapping(value = "/accessdenied.do", method = RequestMethod.GET) public String accessDenied() { logger.info("Access deniend."); return "accessdenied"; } }