1、如果在jsp頁面中獲取可以使用spring security的標簽
頁面引入標簽
- <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
使用:
- <div> username : <sec:authentication property="name"/></div>
即可顯示當前用戶。
2.java代碼中使用
- UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication() .getPrincipal();
但我在實際運用中發現獲得的Authentication為null。仔細看了下源代碼發現,如果想用上面的代碼獲得當前用戶,必須在spring
security過濾器執行中執行,否則在過濾鏈執行完時org.springframework.security.web.context.SecurityContextPersistenceFilter類會
調用SecurityContextHolder.clearContext();而把SecurityContextHolder清空,所以會得到null。 經過spring security認證后,
security會把一個SecurityContextImpl對象存儲到session中,此對象中有當前用戶的各種資料
- SecurityContextImpl securityContextImpl = (SecurityContextImpl) request
- .getSession().getAttribute("SPRING_SECURITY_CONTEXT");
- // 登錄名
- System.out.println("Username:"
- + securityContextImpl.getAuthentication().getName());
- // 登錄密碼,未加密的
- System.out.println("Credentials:"
- + securityContextImpl.getAuthentication().getCredentials());
- WebAuthenticationDetails details = (WebAuthenticationDetails) securityContextImpl
- .getAuthentication().getDetails();
- // 獲得訪問地址
- System.out.println("RemoteAddress" + details.getRemoteAddress());
- // 獲得sessionid
- System.out.println("SessionId" + details.getSessionId());
- // 獲得當前用戶所擁有的權限
- List<GrantedAuthority> authorities = (List<GrantedAuthority>) securityContextImpl
- .getAuthentication().getAuthorities();
- for (GrantedAuthority grantedAuthority : authorities) {
- System.out.println("Authority" + grantedAuthority.getAuthority());
- }