1.在session中取得spring security的登錄用戶名如下:
- ${session.SPRING_SECURITY_CONTEXT.authentication.principal.username}
spring security 把SPRING_SECURITY_CONTEXT 放入了session 沒有直接把username 放進去。下面一段代碼主要描述的是session中的存的變量,
存跳轉時候的URLsession {SPRING_SECURITY_SAVED_REQUEST_KEY=SavedRequest[http://localhost:8080/AVerPortal/resourceAction/resourceIndex.action]}
存的是登錄成功時候session中存的信息:
session {SPRING_SECURITY_CONTEXT=org.springframework.security.context.SecurityContextImpl@87b16984: Authentication: org.springframework.security.providers.cas.CasAuthenticationToken@87b16984: Principal: com.avi.casExtends.UserInfo@ff631d80: Username: test; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: AE56E8925195DFF4C50ABD384574CCEA; Granted Authorities: ROLE_ADMIN Assertion: org.jasig.cas.client.validation.AssertionImpl@661a11 Credentials (Service/Proxy Ticket): ST-3-1lX3acgZ6HNgmhvjXuxB-cas, userId=2, userName=test}
2.在頁面端用tag獲取:
- <%@ taglib prefix='security' uri='http://www.springframework.org/security/tags'%>
- <security:authentication property="principal.username"></security:authentication>
或者
- <security:authorize ifAllGranted="ROLE_ADMIN">
- <security:authentication property="principal.username"></security:authentication>
- </security:authorize>
或者取session中的值:
- ${session.SPRING_SECURITY_CONTEXT.authentication.principal.username}
3.在后台獲取
- UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext()
- .getAuthentication()
- .getPrincipal();
- userDetails.getUsername()
如果想要獲取更多的信息:得擴展userDetails的默認實現類user類和UserDetailsService接口
由於springsecurity是把整個user信息放入session中的即:session.SPRING_SECURITY_CONTEXT.authentication.principal。這個就是代表着user對象。